Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lcNqydLZcWg-G0o-rYW8WKBHudE.roa
File: lcNqydLZcWg-G0o-rYW8WKBHudE.roa (raw, json)
Hash identifier: 9LQ8SKOV8jS3XFUOuYPZOQ8ZNRDIk28WUZyeyw5uW6E=
Subject key identifier: 95:C3:6A:C9:D2:D9:71:68:3E:1B:4A:3E:AD:85:BC:58:A0:47:B9:D1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 47DD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lcNqydLZcWg-G0o-rYW8WKBHudE.roa
Signing time: Wed 24 Apr 2024 09:53:16 +0000
ROA not before: Wed 24 Apr 2024 09:53:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18397 (0x47dd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 09:53:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=95C36AC9D2D971683E1B4A3EAD85BC58A047B9D1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:a6:6b:24:2e:9d:2c:cf:21:c0:da:b0:1d:b8:
e3:1c:7e:8f:c9:c6:c0:67:81:02:0d:f7:45:c4:07:
96:0e:4b:82:fb:87:9a:ad:13:21:68:b7:f1:81:92:
61:80:a0:2d:6d:a0:c2:2d:96:6a:64:82:d4:2a:6d:
6e:d4:ac:7b:74:08:89:b3:cf:f2:91:74:1a:3d:8c:
7b:3c:74:81:77:27:82:3f:19:dd:1e:cb:ba:12:f8:
70:0d:9c:89:93:84:9f:61:ca:a0:c9:fc:cf:45:98:
bd:1f:0a:59:b5:85:7e:1b:b3:36:89:53:5f:cd:59:
66:ef:11:2a:c3:d7:40:ef:1b:b3:64:2c:9b:d6:2d:
b8:b8:e6:6b:fc:39:42:d2:c8:5b:cf:94:13:64:52:
7a:74:6e:45:15:f9:b5:29:fe:51:b0:d1:8f:39:f7:
25:a6:39:10:b7:a9:d4:51:d0:fe:23:5d:4a:ff:40:
56:8a:4c:e4:1b:da:ff:02:d2:81:bc:86:8c:e4:b7:
a9:1c:76:e2:20:9b:c5:6c:61:8a:e5:f3:97:b8:66:
9a:a0:3f:bb:4e:ac:d6:4c:9f:12:dd:bf:32:ec:53:
73:e9:da:2c:15:36:48:1d:22:ab:2a:f8:81:6e:b2:
e5:4e:c5:eb:72:98:30:72:46:26:ed:95:93:37:4b:
16:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:C3:6A:C9:D2:D9:71:68:3E:1B:4A:3E:AD:85:BC:58:A0:47:B9:D1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lcNqydLZcWg-G0o-rYW8WKBHudE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
5c:46:4c:33:72:3f:d5:42:cd:50:9d:94:ec:a2:c8:8a:98:29:
5b:0a:3c:9e:29:84:6c:1a:c4:c7:1b:06:99:40:75:ab:16:7d:
cc:7f:b2:fd:1b:ae:69:fc:ea:26:9f:53:5e:82:67:15:53:44:
43:20:79:35:34:30:dd:31:d7:01:15:e7:28:59:7e:82:61:22:
25:c4:ee:ac:2e:bf:90:6b:5e:bd:a0:99:0e:93:e3:0a:b9:6b:
4d:39:3e:75:fc:05:1b:40:c5:97:02:c5:75:1e:10:cf:fd:0e:
0e:9e:f5:5e:f2:30:9d:ba:05:3e:d9:f7:29:b6:66:f8:81:b4:
0b:78:84:6a:bb:00:b2:44:33:9d:f5:1a:f0:16:43:7f:71:a4:
a9:ab:87:0b:67:24:7c:13:c5:51:bc:8e:46:21:11:0e:4f:83:
bf:06:d6:7e:6e:e4:da:39:73:5f:99:aa:d1:70:d7:1e:de:e3:
8e:cc:5f:a5:02:46:9a:73:c1:75:3f:50:9c:68:f7:34:b6:1c:
a0:f2:6f:d3:2f:60:48:50:d4:b1:4a:4a:4f:0d:ec:53:bf:e6:
f5:d0:8d:27:a1:ef:91:d2:05:73:ae:da:d5:75:d3:2e:8c:71:
4c:06:12:99:85:7c:2c:c2:8f:7a:2a:13:fa:02:b3:15:a7:62:
d3:91:20:13
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICR90wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQw
OTUzMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk1QzM2QUM5RDJEOTcx
NjgzRTFCNEEzRUFEODVCQzU4QTA0N0I5RDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDapmskLp0szyHA2rAduOMcfo/JxsBngQIN90XEB5YOS4L7h5qt
EyFot/GBkmGAoC1toMItlmpkgtQqbW7UrHt0CImzz/KRdBo9jHs8dIF3J4I/Gd0e
y7oS+HANnImThJ9hyqDJ/M9FmL0fClm1hX4bszaJU1/NWWbvESrD10DvG7NkLJvW
Lbi45mv8OULSyFvPlBNkUnp0bkUV+bUp/lGw0Y859yWmORC3qdRR0P4jXUr/QFaK
TOQb2v8C0oG8hozkt6kcduIgm8VsYYrl85e4ZpqgP7tOrNZMnxLdvzLsU3Pp2iwV
NkgdIqsq+IFusuVOxetymDByRibtlZM3SxZjAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUlcNqydLZcWg+G0o+rYW8WKBHudEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xjTnF5ZExaY1dnLUcw
by1yWVc4V0tCSHVkRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFxGTDNyP9VCzVCd
lOyiyIqYKVsKPJ4phGwaxMcbBplAdasWfcx/sv0brmn86iafU16CZxVTREMgeTU0
MN0x1wEV5yhZfoJhIiXE7qwuv5BrXr2gmQ6T4wq5a005PnX8BRtAxZcCxXUeEM/9
Dg6e9V7yMJ26BT7Z9ym2ZviBtAt4hGq7ALJEM531GvAWQ39xpKmrhwtnJHwTxVG8
jkYhEQ5Pg78G1n5u5No5c1+ZqtFw1x7e447MX6UCRppzwXU/UJxo9zS2HKDyb9Mv
YEhQ1LFKSk8N7FO/5vXQjSeh75HSBXOu2tV10y6McUwGEpmFfCzCj3oqE/oCsxWn
YtORIBM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 06:33:41 2025 by rpki-client