Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nJfCiu-gdLav7DXthvzyc5poWNA.roa
File: nJfCiu-gdLav7DXthvzyc5poWNA.roa (raw, json)
Hash identifier: qy3M8YtS+ncLmzQhmM7uT7U2jV+5Bd0yEr3sbEXepl0=
Subject key identifier: 9C:97:C2:8A:EF:A0:74:B6:AF:EC:35:ED:86:FC:F2:73:9A:68:58:D0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3DAD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nJfCiu-gdLav7DXthvzyc5poWNA.roa
Signing time: Wed 10 Apr 2024 19:52:46 +0000
ROA not before: Wed 10 Apr 2024 19:52:46 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15789 (0x3dad)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 19:52:46 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9C97C28AEFA074B6AFEC35ED86FCF2739A6858D0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:e8:99:0b:e8:94:df:c8:28:63:cc:08:17:24:
e1:26:10:cd:51:25:17:d1:e9:60:d6:27:d2:99:b3:
c6:90:28:cb:1a:84:b9:5e:be:16:be:04:3c:6d:c7:
e8:7a:83:12:35:72:b7:a1:31:8f:e3:06:00:00:8d:
5f:25:69:e6:9a:27:3b:91:55:f7:d5:c4:d7:d5:f2:
0b:ab:02:c2:da:ef:f4:14:29:88:95:d9:e5:0c:24:
1e:27:19:fe:3a:87:52:36:35:a2:b2:91:c2:8e:ce:
17:c3:6a:68:ef:88:fe:07:27:ee:ad:26:43:3f:b0:
c1:e8:46:d4:04:74:bf:37:c6:22:7b:ea:22:ac:66:
2b:32:73:bd:7d:46:25:9a:c5:2f:a1:41:cc:3a:e9:
b6:55:37:fb:2c:3d:9c:d8:11:62:c1:d3:eb:25:1a:
c8:0a:da:8e:da:3b:2a:21:4b:0e:24:52:52:70:51:
91:ce:b2:78:3d:cb:06:e0:af:17:55:a9:bc:36:21:
ed:a1:7b:de:86:0c:8c:62:25:71:e2:ff:01:ce:d7:
32:d1:94:72:d3:1f:58:b2:3b:8e:f3:23:62:31:9a:
6d:88:d8:30:8b:bd:a3:63:71:fb:22:3b:df:72:1c:
7c:a6:ef:c9:0d:60:e9:11:2a:f9:af:83:e8:86:9c:
06:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:97:C2:8A:EF:A0:74:B6:AF:EC:35:ED:86:FC:F2:73:9A:68:58:D0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nJfCiu-gdLav7DXthvzyc5poWNA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
5e:bb:5d:b7:b4:98:40:60:91:64:2f:66:c1:f6:77:cc:80:b1:
e5:a1:e4:42:02:2b:1f:97:98:ec:c5:e3:dc:f5:80:06:5c:37:
f4:21:de:4c:c3:7a:cf:b9:e4:f7:90:a8:c4:c1:e0:7a:d6:e4:
36:aa:a2:c5:83:59:fe:a2:f4:88:75:71:c8:b8:71:4f:18:d5:
a9:cf:a7:dc:24:16:b3:d0:1d:0c:83:80:5b:ac:d1:f9:10:08:
68:23:65:d9:de:d8:79:09:b5:8a:b3:b5:ea:4f:51:79:a6:7d:
7a:34:79:fb:2b:d3:23:b5:1e:88:5e:f9:06:e3:71:ef:10:70:
6d:22:ff:f0:d8:1b:f3:99:2d:f8:6f:b4:9a:c8:a7:29:69:72:
61:25:e7:ca:55:8c:2d:b8:a4:bc:08:ee:ad:0d:b3:30:2a:15:
2c:f2:f6:a7:2c:91:0c:84:16:2c:84:65:97:24:6a:ef:12:5d:
df:c5:72:57:e1:44:b7:3a:12:27:4c:0a:d7:b2:5b:a1:c2:2f:
1e:9a:96:8b:2f:14:1a:e9:95:51:15:4d:ee:d9:74:48:85:06:
e5:f3:7b:c4:ae:13:a1:de:77:30:42:a6:52:65:0d:b1:bb:6b:
81:09:cd:be:06:3e:53:4b:b8:22:fd:11:c8:66:d2:7d:94:fd:
a2:15:2a:6d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPa0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAx
OTUyNDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlDOTdDMjhBRUZBMDc0
QjZBRkVDMzVFRDg2RkNGMjczOUE2ODU4RDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDB6JkL6JTfyChjzAgXJOEmEM1RJRfR6WDWJ9KZs8aQKMsahLle
vha+BDxtx+h6gxI1crehMY/jBgAAjV8laeaaJzuRVffVxNfV8gurAsLa7/QUKYiV
2eUMJB4nGf46h1I2NaKykcKOzhfDamjviP4HJ+6tJkM/sMHoRtQEdL83xiJ76iKs
Zisyc719RiWaxS+hQcw66bZVN/ssPZzYEWLB0+slGsgK2o7aOyohSw4kUlJwUZHO
sng9ywbgrxdVqbw2Ie2he96GDIxiJXHi/wHO1zLRlHLTH1iyO47zI2Ixmm2I2DCL
vaNjcfsiO99yHHym78kNYOkRKvmvg+iGnAaPAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUnJfCiu+gdLav7DXthvzyc5poWNAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25KZkNpdS1nZExhdjdE
WHRodnp5YzVwb1dOQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAF67Xbe0mEBgkWQv
ZsH2d8yAseWh5EICKx+XmOzF49z1gAZcN/Qh3kzDes+55PeQqMTB4HrW5DaqosWD
Wf6i9Ih1cci4cU8Y1anPp9wkFrPQHQyDgFus0fkQCGgjZdne2HkJtYqztepPUXmm
fXo0efsr0yO1Hohe+Qbjce8QcG0i//DYG/OZLfhvtJrIpylpcmEl58pVjC24pLwI
7q0NszAqFSzy9qcskQyEFiyEZZckau8SXd/FclfhRLc6EidMCteyW6HCLx6alosv
FBrplVEVTe7ZdEiFBuXze8SuE6HedzBCplJlDbG7a4EJzb4GPlNLuCL9Echm0n2U
/aIVKm0=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:48:16 2025 by rpki-client