Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nq3YFDCtMjzF_h404Gl5-yCBuWA.roa
File: nq3YFDCtMjzF_h404Gl5-yCBuWA.roa (raw, json)
Hash identifier: 6x3S8YISMKpj7XriDIB0LjKrXegksXzFaQrZ1IwJjw8=
Subject key identifier: 9E:AD:D8:14:30:AD:32:3C:C5:FE:1E:34:E0:69:79:FB:20:81:B9:60
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B51
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nq3YFDCtMjzF_h404Gl5-yCBuWA.roa
Signing time: Sun 07 Apr 2024 16:22:34 +0000
ROA not before: Sun 07 Apr 2024 16:22:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15185 (0x3b51)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 16:22:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9EADD81430AD323CC5FE1E34E06979FB2081B960
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:44:74:f4:9b:f2:38:4e:23:30:ba:73:5c:13:
65:87:23:0b:00:d3:95:5e:88:92:72:9b:20:e9:1d:
3a:57:7a:fb:ba:f9:bc:63:a5:5c:f6:4d:e4:84:67:
1c:c7:e1:98:c0:1a:e2:11:25:c0:b2:a3:ba:29:b8:
f6:88:6c:5e:dc:83:17:19:1e:3c:a0:56:fb:97:bd:
1c:9b:7e:c0:4b:d4:5b:75:1e:8b:f0:40:76:e2:7c:
e3:dc:e5:d4:3c:94:8d:db:7c:a1:ce:27:46:2d:ae:
a4:f0:15:70:fd:ac:6f:96:34:18:81:47:fd:97:b9:
9a:e2:28:75:96:64:a4:11:e4:a3:06:4a:32:ac:9a:
97:0a:19:86:6d:6a:86:21:62:c2:bc:24:05:05:f9:
29:5d:c2:c6:0a:0e:a4:4c:49:31:9a:7d:b8:97:90:
5c:1f:17:52:60:41:31:d5:f8:af:d3:2e:f1:ad:97:
52:39:85:a6:86:ab:45:3e:8b:86:dc:3f:59:c1:54:
40:10:f0:89:3c:1f:05:27:a7:f8:55:52:02:4b:51:
86:36:43:25:be:5b:43:4c:5f:30:30:11:89:a2:8c:
1b:a1:37:d1:7b:30:ba:cc:42:02:59:c6:f0:14:a5:
30:1b:30:35:9a:ab:94:22:c4:dc:b9:01:eb:dd:12:
f4:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:AD:D8:14:30:AD:32:3C:C5:FE:1E:34:E0:69:79:FB:20:81:B9:60
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nq3YFDCtMjzF_h404Gl5-yCBuWA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
78:5a:11:0a:8f:fc:bb:31:03:42:32:b7:f8:40:ed:79:73:64:
5f:0d:ad:a2:03:c6:cf:4f:aa:a5:2b:5e:da:28:47:42:6b:02:
c0:32:16:84:ef:60:d7:24:53:53:0b:3d:6c:49:75:bb:9a:58:
96:a1:fb:74:4c:0d:ac:ce:06:bb:d1:d3:72:4a:5e:1d:9a:b7:
55:67:6c:85:90:39:3a:e0:47:77:e2:37:04:b9:90:e2:ef:aa:
da:a1:a8:f5:08:5d:7f:e6:5b:d9:c5:2e:ef:c1:d6:4f:b8:45:
9a:42:28:26:7e:07:a9:92:f3:5a:15:e9:a3:05:39:e0:c4:7b:
13:42:26:4c:0e:b9:c0:a0:b5:83:f4:44:8e:b5:94:cd:16:50:
d4:0f:00:bd:c6:ae:c8:f1:b5:48:15:3e:db:58:cd:84:97:f3:
f5:9a:71:b3:cf:89:53:a4:30:fb:59:ed:38:93:38:76:c4:6f:
b4:37:a3:e9:d1:75:5d:b6:1a:d2:8b:ce:22:df:a9:f8:82:9e:
61:99:5a:bd:77:6d:08:2f:8c:6e:4d:a1:9f:b3:af:ed:c1:e0:
60:a9:c4:f0:ae:e1:3e:90:13:9c:8c:b2:6d:e4:4a:03:59:29:
4d:20:ca:fe:c1:4e:04:e3:8a:bb:88:42:1f:df:ff:4f:04:fd:
1d:ff:6f:80
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICO1EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcx
NjIyMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlFQUREODE0MzBBRDMy
M0NDNUZFMUUzNEUwNjk3OUZCMjA4MUI5NjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLRHT0m/I4TiMwunNcE2WHIwsA05VeiJJymyDpHTpXevu6+bxj
pVz2TeSEZxzH4ZjAGuIRJcCyo7opuPaIbF7cgxcZHjygVvuXvRybfsBL1Ft1Hovw
QHbifOPc5dQ8lI3bfKHOJ0YtrqTwFXD9rG+WNBiBR/2XuZriKHWWZKQR5KMGSjKs
mpcKGYZtaoYhYsK8JAUF+SldwsYKDqRMSTGafbiXkFwfF1JgQTHV+K/TLvGtl1I5
haaGq0U+i4bcP1nBVEAQ8Ik8HwUnp/hVUgJLUYY2QyW+W0NMXzAwEYmijBuhN9F7
MLrMQgJZxvAUpTAbMDWaq5QixNy5AevdEvTDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUnq3YFDCtMjzF/h404Gl5+yCBuWAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25xM1lGREN0TWp6Rl9o
NDA0R2w1LXlDQnVXQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHhaEQqP/LsxA0Iy
t/hA7XlzZF8NraIDxs9PqqUrXtooR0JrAsAyFoTvYNckU1MLPWxJdbuaWJah+3RM
DazOBrvR03JKXh2at1VnbIWQOTrgR3fiNwS5kOLvqtqhqPUIXX/mW9nFLu/B1k+4
RZpCKCZ+B6mS81oV6aMFOeDEexNCJkwOucCgtYP0RI61lM0WUNQPAL3GrsjxtUgV
PttYzYSX8/WacbPPiVOkMPtZ7TiTOHbEb7Q3o+nRdV22GtKLziLfqfiCnmGZWr13
bQgvjG5NoZ+zr+3B4GCpxPCu4T6QE5yMsm3kSgNZKU0gyv7BTgTjiruIQh/f/08E
/R3/b4A=
-----END CERTIFICATE-----
Generated at Fri Jun 20 19:40:34 2025 by rpki-client