Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nA6-28wgVIzzbZBnLzEj8lX8P0g.roa
File: nA6-28wgVIzzbZBnLzEj8lX8P0g.roa (raw, json)
Hash identifier: wz80vMc6pv/qCVQ0mtGWy586VCl/lS3yUVZnOulvOhk=
Subject key identifier: 9C:0E:BE:DB:CC:20:54:8C:F3:6D:90:67:2F:31:23:F2:55:FC:3F:48
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4F99
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nA6-28wgVIzzbZBnLzEj8lX8P0g.roa
Signing time: Sat 04 May 2024 17:23:49 +0000
ROA not before: Sat 04 May 2024 17:23:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20377 (0x4f99)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 4 17:23:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9C0EBEDBCC20548CF36D90672F3123F255FC3F48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:33:7b:05:a6:86:35:7f:3c:c0:f8:6c:60:66:
58:ef:95:47:14:61:5f:18:3b:ab:eb:23:db:94:46:
80:46:55:2e:e5:26:45:1e:40:a1:2e:f9:0b:be:51:
6e:0a:c6:45:42:ec:5b:69:82:18:bc:f3:24:14:eb:
e3:71:a6:20:c4:93:71:1b:3a:41:dd:40:92:40:58:
17:1e:2a:db:a3:0b:15:c9:83:c6:5d:fc:b5:88:06:
c2:a6:28:45:19:e8:72:38:ed:35:62:35:31:fe:60:
78:bd:e1:1b:72:18:40:45:fd:e9:0b:10:7e:d4:bb:
3c:4f:7c:c0:aa:02:55:a6:fa:12:dc:f5:fd:7f:f5:
1b:13:e1:3e:ef:06:e8:f5:c0:95:9d:89:c9:bc:a9:
59:a2:2f:df:43:25:55:17:eb:bb:7b:df:90:f2:8c:
e9:07:51:c2:e9:22:38:2c:9d:48:c2:ff:6f:b8:b9:
b0:77:6f:0e:52:0c:7f:1a:92:b0:70:50:f5:d1:c0:
f5:c9:82:9f:82:e2:86:73:14:4f:1c:c8:72:98:41:
5b:72:d6:9b:d1:66:d0:29:af:82:a3:4e:95:98:e8:
98:83:af:37:d4:f3:2a:f2:c8:cd:e0:81:c0:b7:40:
16:b3:a1:fd:12:59:79:f6:9c:be:9d:82:ee:46:f0:
b9:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:0E:BE:DB:CC:20:54:8C:F3:6D:90:67:2F:31:23:F2:55:FC:3F:48
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nA6-28wgVIzzbZBnLzEj8lX8P0g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
18:4d:90:89:f6:a7:5c:a9:6f:0f:f9:4b:83:94:cc:dd:52:32:
73:c6:41:b3:cf:8b:4b:40:73:26:ca:82:da:c4:b6:d2:24:bd:
35:ec:ec:3a:eb:94:ae:dc:71:54:3b:8e:fe:60:c7:4d:a9:41:
31:11:18:a3:63:0c:9c:a5:42:ed:d7:82:e9:bd:43:e3:58:2e:
4e:4d:f8:36:dd:f9:a8:b2:67:4f:5c:e6:02:81:b4:8d:d4:ea:
3b:20:5f:6a:37:a7:86:f9:e7:3d:3b:d7:02:1c:3c:76:cc:bc:
54:3e:5f:f6:2e:38:7b:5d:2c:70:be:f2:34:69:7d:76:55:08:
ad:ed:47:ba:52:5f:2d:c7:d7:2f:3a:4a:87:23:1f:c4:4e:44:
1b:1a:23:28:06:b0:cb:b2:b0:34:a2:2d:1b:14:97:41:07:05:
81:b7:f5:9a:d7:0a:48:ed:61:78:f8:57:bf:83:60:31:be:0f:
42:04:c4:44:c5:43:4d:b8:f7:c2:29:de:f3:d0:98:5a:37:1c:
85:89:a6:6d:4f:4e:06:a1:e4:79:cc:42:20:6e:7e:b0:49:e8:
a4:ce:f6:e1:06:cc:a5:7e:b1:a0:bb:99:29:60:51:12:77:09:
39:1f:b0:ea:39:c3:25:ab:99:c2:75:73:30:cb:2a:b0:f2:5d:
0e:0b:ec:47
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICT5kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDQx
NzIzNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlDMEVCRURCQ0MyMDU0
OENGMzZEOTA2NzJGMzEyM0YyNTVGQzNGNDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoM3sFpoY1fzzA+GxgZljvlUcUYV8YO6vrI9uURoBGVS7lJkUe
QKEu+Qu+UW4KxkVC7Ftpghi88yQU6+NxpiDEk3EbOkHdQJJAWBceKtujCxXJg8Zd
/LWIBsKmKEUZ6HI47TViNTH+YHi94RtyGEBF/ekLEH7UuzxPfMCqAlWm+hLc9f1/
9RsT4T7vBuj1wJWdicm8qVmiL99DJVUX67t735DyjOkHUcLpIjgsnUjC/2+4ubB3
bw5SDH8akrBwUPXRwPXJgp+C4oZzFE8cyHKYQVty1pvRZtApr4KjTpWY6JiDrzfU
8yryyM3ggcC3QBazof0SWXn2nL6dgu5G8Lk3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUnA6+28wgVIzzbZBnLzEj8lX8P0gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25BNi0yOHdnVkl6emJa
Qm5MekVqOGxYOFAwZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABhNkIn2p1ypbw/5
S4OUzN1SMnPGQbPPi0tAcybKgtrEttIkvTXs7DrrlK7ccVQ7jv5gx02pQTERGKNj
DJylQu3Xgum9Q+NYLk5N+Dbd+aiyZ09c5gKBtI3U6jsgX2o3p4b55z071wIcPHbM
vFQ+X/YuOHtdLHC+8jRpfXZVCK3tR7pSXy3H1y86SocjH8RORBsaIygGsMuysDSi
LRsUl0EHBYG39ZrXCkjtYXj4V7+DYDG+D0IExETFQ02498Ip3vPQmFo3HIWJpm1P
Tgah5HnMQiBufrBJ6KTO9uEGzKV+saC7mSlgURJ3CTkfsOo5wyWrmcJ1czDLKrDy
XQ4L7Ec=
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:59:53 2025 by rpki-client