Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lNooeuuirhwQmj9JyLUOF53ojT0.roa
File: lNooeuuirhwQmj9JyLUOF53ojT0.roa (raw, json)
Hash identifier: etJsIBGzkfVXSK//+Rgb1f37wDu06V/bQp4r1mctc+4=
Subject key identifier: 94:DA:28:7A:EB:A2:AE:1C:10:9A:3F:49:C8:B5:0E:17:9D:E8:8D:3D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5209
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lNooeuuirhwQmj9JyLUOF53ojT0.roa
Signing time: Tue 07 May 2024 23:23:55 +0000
ROA not before: Tue 07 May 2024 23:23:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21001 (0x5209)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 23:23:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=94DA287AEBA2AE1C109A3F49C8B50E179DE88D3D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:eb:d0:b0:16:b2:1b:02:c5:7d:d2:3c:1a:37:
6d:ba:ef:70:72:a3:e3:71:dc:6e:7a:18:f4:ef:b3:
81:47:32:82:2d:e4:f9:bf:25:15:e2:d6:eb:e7:6b:
04:05:f6:a2:81:3e:9f:09:98:56:e5:ce:db:a3:60:
34:8e:4c:8e:dc:da:88:0a:17:5b:7a:93:9e:e2:6d:
3f:2f:17:db:12:9e:4d:db:d9:80:40:7a:19:26:d6:
ba:cb:68:2b:b2:e3:bd:15:8c:e7:e7:f7:25:2f:d3:
df:3b:01:4f:7c:37:23:b9:0a:09:b2:fc:c9:e6:d0:
79:83:cf:a1:2f:17:02:e2:c8:25:32:5f:10:09:7d:
7a:d3:f6:3a:99:fe:28:65:7c:f7:0c:7f:86:a8:f2:
df:ee:0f:51:55:c9:fc:e7:8c:bc:c2:00:91:45:c3:
1b:e6:67:24:52:9f:14:5d:03:61:92:be:a8:fd:dc:
dc:a9:29:ff:f5:ad:ef:c4:b4:7d:4f:e0:db:d9:91:
55:49:f4:aa:b0:2a:b6:e4:21:87:d9:fd:3b:99:75:
37:b1:37:34:91:47:02:de:63:92:d3:cd:1a:d7:ab:
ba:26:59:6a:ff:2f:65:89:fb:4a:d5:74:4a:1d:a5:
df:bd:8a:bf:21:20:52:06:16:ff:05:b8:68:5a:79:
9d:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:DA:28:7A:EB:A2:AE:1C:10:9A:3F:49:C8:B5:0E:17:9D:E8:8D:3D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lNooeuuirhwQmj9JyLUOF53ojT0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
70:29:dc:d8:a2:a2:7c:66:c4:67:07:41:2e:fc:4e:2f:4e:fa:
8b:73:c7:87:0f:20:d9:7c:62:97:f1:1a:88:1f:9c:be:7d:70:
5f:1c:80:73:89:19:ba:7e:48:b2:c0:36:4f:fd:a9:12:e9:4b:
e6:a6:15:97:45:10:8a:27:c8:3d:23:47:0f:71:97:50:da:11:
93:a1:52:1a:51:25:60:b4:6d:ef:8c:73:f5:45:9d:b8:96:3b:
bd:73:08:fc:c0:d8:11:30:20:fe:57:c5:59:27:97:9c:9a:f1:
5f:a4:51:ae:59:cb:bc:f1:90:0a:8e:c0:27:e3:ed:dc:4f:14:
bf:c2:6d:c1:82:99:ed:86:65:7f:68:cd:42:c7:e2:6e:c5:dc:
e2:49:cd:cb:5f:28:21:3b:3e:16:43:a6:a6:83:10:7e:fd:bd:
a8:1e:d4:cf:3e:3c:a5:9f:5f:14:56:29:fc:78:d9:13:0a:3b:
b8:19:43:18:b8:42:8f:ae:ee:88:bd:4f:a7:b0:64:e1:96:61:
b7:c4:5d:f8:c8:b3:81:59:ad:08:59:72:a0:62:d2:99:84:ee:
7c:69:5c:d3:64:e5:57:42:4a:bf:b5:1b:2e:5a:48:ba:b3:0a:
9a:ea:15:fd:99:6f:ec:9f:52:97:11:0b:9b:38:91:64:9f:02:
f4:e7:75:28
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUgkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcy
MzIzNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk0REEyODdBRUJBMkFF
MUMxMDlBM0Y0OUM4QjUwRTE3OURFODhEM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDo69CwFrIbAsV90jwaN22673Byo+Nx3G56GPTvs4FHMoIt5Pm/
JRXi1uvnawQF9qKBPp8JmFblztujYDSOTI7c2ogKF1t6k57ibT8vF9sSnk3b2YBA
ehkm1rrLaCuy470VjOfn9yUv0987AU98NyO5Cgmy/Mnm0HmDz6EvFwLiyCUyXxAJ
fXrT9jqZ/ihlfPcMf4ao8t/uD1FVyfznjLzCAJFFwxvmZyRSnxRdA2GSvqj93Nyp
Kf/1re/EtH1P4NvZkVVJ9KqwKrbkIYfZ/TuZdTexNzSRRwLeY5LTzRrXq7omWWr/
L2WJ+0rVdEodpd+9ir8hIFIGFv8FuGhaeZ1/AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUlNooeuuirhwQmj9JyLUOF53ojT0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xOb29ldXVpcmh3UW1q
OUp5TFVPRjUzb2pUMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHAp3NiionxmxGcH
QS78Ti9O+otzx4cPINl8YpfxGogfnL59cF8cgHOJGbp+SLLANk/9qRLpS+amFZdF
EIonyD0jRw9xl1DaEZOhUhpRJWC0be+Mc/VFnbiWO71zCPzA2BEwIP5XxVknl5ya
8V+kUa5Zy7zxkAqOwCfj7dxPFL/CbcGCme2GZX9ozULH4m7F3OJJzctfKCE7PhZD
pqaDEH79vage1M8+PKWfXxRWKfx42RMKO7gZQxi4Qo+u7oi9T6ewZOGWYbfEXfjI
s4FZrQhZcqBi0pmE7nxpXNNk5VdCSr+1Gy5aSLqzCprqFf2Zb+yfUpcRC5s4kWSf
AvTndSg=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:56:02 2025 by rpki-client