Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/n1d7KOM3IdAZ0w6V73Rq42icw3k.roa
File: n1d7KOM3IdAZ0w6V73Rq42icw3k.roa (raw, json)
Hash identifier: u4I9hd4HChcEQnoGsJ5Pc6YOnf9ym47UPxVvysu7Ebg=
Subject key identifier: 9F:57:7B:28:E3:37:21:D0:19:D3:0E:95:EF:74:6A:E3:68:9C:C3:79
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E29
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/n1d7KOM3IdAZ0w6V73Rq42icw3k.roa
Signing time: Thu 11 Apr 2024 11:22:46 +0000
ROA not before: Thu 11 Apr 2024 11:22:46 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15913 (0x3e29)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 11:22:46 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9F577B28E33721D019D30E95EF746AE3689CC379
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:2d:b6:7a:ba:2b:29:cb:b5:2f:b6:da:60:2b:
da:39:88:85:71:83:df:bf:78:02:33:92:e9:2d:4e:
b4:7e:e0:83:bf:cf:d4:df:07:a4:9f:60:34:d2:d7:
21:97:2b:18:bc:ee:6d:43:6a:c1:4b:3a:f4:73:78:
5d:1c:0e:00:ec:af:e0:07:98:74:8f:e8:34:85:13:
a2:3e:85:67:32:7c:9d:6e:32:48:7c:70:9b:4d:54:
2c:05:bc:2a:9c:8f:4c:95:cb:af:3b:74:79:7a:a0:
77:9c:1f:45:9b:3a:be:52:51:55:bc:f2:85:be:55:
02:07:20:12:ea:d7:3b:49:40:73:8c:40:ae:38:cd:
6d:24:0e:70:cf:f7:f1:ad:ed:6b:94:47:c4:a7:84:
43:a1:96:be:57:b7:c8:95:41:59:c8:48:a5:9c:10:
cf:9e:49:a1:ee:e7:6d:b6:f5:9d:d7:9f:c9:b5:9f:
65:d0:57:2a:00:90:78:4d:0f:fa:08:6b:7c:86:94:
2e:e0:33:0f:c1:8d:90:d7:70:fc:55:d9:44:5f:3b:
18:40:65:82:be:0e:1d:d1:ad:46:95:e3:85:ab:52:
50:c3:d3:f9:37:76:98:36:a9:2d:cf:82:93:be:05:
53:b4:5a:56:52:f4:1c:9f:12:1f:43:6f:1d:dc:ae:
02:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:57:7B:28:E3:37:21:D0:19:D3:0E:95:EF:74:6A:E3:68:9C:C3:79
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/n1d7KOM3IdAZ0w6V73Rq42icw3k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
8b:9a:f3:a4:25:ee:79:04:83:3d:75:67:10:32:d3:cb:5b:da:
7f:0c:b9:b7:96:49:73:7c:08:59:ad:a7:14:97:37:a1:f7:15:
ac:3f:a2:06:17:ba:72:c9:eb:ba:62:d1:7b:5c:12:40:48:1f:
e1:79:e1:aa:1a:3d:42:4a:08:64:c0:9a:81:33:0b:5e:5e:9e:
94:14:6b:7c:e0:63:39:87:2f:5f:79:2c:2a:6b:8f:e9:da:2a:
d8:5b:48:96:6f:b1:4d:34:34:9c:69:ad:f4:4a:40:da:2e:31:
80:0a:3e:aa:5e:92:54:14:64:d6:b5:82:ef:dc:e1:d5:8d:51:
ba:3d:e4:7a:52:30:c1:a8:f3:32:a2:0f:8f:e3:f2:17:c5:1f:
c7:56:85:9c:1f:4b:ba:f1:40:34:bc:c9:fa:84:cf:2c:28:6a:
26:86:7e:7a:fd:a1:ee:11:4f:e1:c8:42:db:d0:d6:5f:55:c8:
1e:52:bd:00:59:e1:61:7b:1f:72:65:ae:2a:87:88:1a:6e:ac:
f6:c6:a1:b9:07:71:fb:03:61:8c:e2:88:23:ac:31:18:40:c8:
7e:93:d6:1f:2a:4b:dd:7d:aa:c0:80:ec:79:42:de:37:af:e8:
1c:b1:f4:91:48:ed:8e:84:34:4c:4a:db:61:67:22:a0:6b:41:
f0:e4:b0:90
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPikwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEx
MTIyNDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlGNTc3QjI4RTMzNzIx
RDAxOUQzMEU5NUVGNzQ2QUUzNjg5Q0MzNzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5LbZ6uispy7UvttpgK9o5iIVxg9+/eAIzkuktTrR+4IO/z9Tf
B6SfYDTS1yGXKxi87m1DasFLOvRzeF0cDgDsr+AHmHSP6DSFE6I+hWcyfJ1uMkh8
cJtNVCwFvCqcj0yVy687dHl6oHecH0WbOr5SUVW88oW+VQIHIBLq1ztJQHOMQK44
zW0kDnDP9/Gt7WuUR8SnhEOhlr5Xt8iVQVnISKWcEM+eSaHu52229Z3Xn8m1n2XQ
VyoAkHhND/oIa3yGlC7gMw/BjZDXcPxV2URfOxhAZYK+Dh3RrUaV44WrUlDD0/k3
dpg2qS3PgpO+BVO0WlZS9ByfEh9Dbx3crgKxAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUn1d7KOM3IdAZ0w6V73Rq42icw3kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L24xZDdLT00zSWRBWjB3
NlY3M1JxNDJpY3czay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIua86Ql7nkEgz11
ZxAy08tb2n8MubeWSXN8CFmtpxSXN6H3Faw/ogYXunLJ67pi0XtcEkBIH+F54aoa
PUJKCGTAmoEzC15enpQUa3zgYzmHL195LCprj+naKthbSJZvsU00NJxprfRKQNou
MYAKPqpeklQUZNa1gu/c4dWNUbo95HpSMMGo8zKiD4/j8hfFH8dWhZwfS7rxQDS8
yfqEzywoaiaGfnr9oe4RT+HIQtvQ1l9VyB5SvQBZ4WF7H3JlriqHiBpurPbGobkH
cfsDYYziiCOsMRhAyH6T1h8qS919qsCA7HlC3jev6Byx9JFI7Y6ENExK22FnIqBr
QfDksJA=
-----END CERTIFICATE-----
Generated at Fri Jun 20 12:02:42 2025 by rpki-client