Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nvprfDV_uH1MtIKFRmfE7jaFwDo.roa
File: nvprfDV_uH1MtIKFRmfE7jaFwDo.roa (raw, json)
Hash identifier: gycPAvSdyfNWzMvR56oaQ8nBxRXSpbJ/FtCFjgUazUU=
Subject key identifier: 9E:FA:6B:7C:35:7F:B8:7D:4C:B4:82:85:46:67:C4:EE:36:85:C0:3A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 40C9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nvprfDV_uH1MtIKFRmfE7jaFwDo.roa
Signing time: Sun 14 Apr 2024 23:22:54 +0000
ROA not before: Sun 14 Apr 2024 23:22:54 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16585 (0x40c9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 23:22:54 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9EFA6B7C357FB87D4CB482854667C4EE3685C03A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:23:02:b4:a6:78:ab:0d:f5:a7:cb:80:ae:d1:
7f:e3:9c:35:cb:cf:4a:7d:03:67:a3:04:0b:ca:a0:
07:78:2c:d7:36:48:ea:e5:18:45:82:6a:31:dc:ac:
02:d7:89:aa:20:bd:10:1d:c9:7d:c8:14:f2:18:22:
e5:ec:d3:ff:84:54:d5:31:56:ff:92:aa:cb:cb:2f:
be:59:0d:ed:75:2b:32:84:e1:e0:c2:d6:f5:53:d6:
d6:ae:98:a1:5c:7e:cb:40:4e:14:a7:77:d9:50:2e:
a7:e9:78:c6:bb:e7:c8:03:f3:d0:8b:7e:34:5e:95:
60:fe:c0:91:ae:82:2c:90:7e:6d:93:5f:bc:c6:9c:
96:4d:97:12:32:cf:e5:d2:71:9a:ad:c2:9c:6c:53:
83:0a:05:f2:0b:38:e1:55:60:34:03:1e:75:f1:f6:
da:a1:86:e7:06:06:5a:91:db:6b:6b:6c:b5:0b:26:
50:00:31:4c:ac:00:e0:92:54:f2:48:17:43:ba:78:
1f:7f:06:5d:d9:7d:76:d3:d2:81:10:da:5d:fa:f8:
f2:09:5d:77:41:5e:ba:aa:ff:d6:99:41:0e:4c:90:
5a:79:73:62:93:2c:2d:c7:7e:93:aa:c8:9c:b5:47:
77:f9:53:6d:f5:0e:77:c5:d9:ee:42:9e:4b:53:1b:
9c:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:FA:6B:7C:35:7F:B8:7D:4C:B4:82:85:46:67:C4:EE:36:85:C0:3A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nvprfDV_uH1MtIKFRmfE7jaFwDo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
92:15:c9:f3:fa:46:bc:fb:90:dc:8e:d5:b1:0d:b0:0c:d1:64:
54:82:e0:32:ff:59:07:e2:48:e7:e9:ed:fb:3a:48:be:f9:ef:
21:e6:4b:cf:b4:e5:25:c1:ae:ee:78:68:91:2a:94:a8:16:28:
ea:f1:e3:e3:cc:e5:27:b0:dd:ab:a3:49:ac:fd:b3:3b:f4:6e:
86:7a:10:c7:50:2e:66:bc:e3:da:64:6c:0b:a6:7a:66:e2:ff:
e9:02:cc:34:f4:d0:f8:07:c0:1d:1a:b0:42:14:37:d5:54:a0:
03:06:07:ba:4a:3d:33:a6:d2:74:6a:74:c8:01:e0:3d:8d:2a:
7b:4c:63:c5:59:ee:b7:64:39:dd:e1:ba:c7:f1:a7:cc:b5:b5:
37:11:30:57:23:e3:ec:05:3c:dc:d3:f8:d6:78:5a:bf:c2:89:
40:81:f3:9c:8d:70:8a:47:cf:a4:0d:b5:1b:1e:10:f7:91:39:
31:81:f3:31:8c:78:a3:e2:29:17:62:87:31:2f:77:65:4e:fe:
55:2f:f5:c1:8d:69:24:8d:4a:60:4a:57:38:c7:c9:d9:f2:bb:
d8:b7:d3:4e:c6:ef:0f:b1:f2:7f:08:c5:96:bc:61:94:d9:db:
48:4b:99:23:b5:b0:6d:34:79:66:82:b9:f3:01:e4:7c:76:fd:
98:14:7c:74
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQMkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQy
MzIyNTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlFRkE2QjdDMzU3RkI4
N0Q0Q0I0ODI4NTQ2NjdDNEVFMzY4NUMwM0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3IwK0pnirDfWny4Cu0X/jnDXLz0p9A2ejBAvKoAd4LNc2SOrl
GEWCajHcrALXiaogvRAdyX3IFPIYIuXs0/+EVNUxVv+SqsvLL75ZDe11KzKE4eDC
1vVT1taumKFcfstAThSnd9lQLqfpeMa758gD89CLfjRelWD+wJGugiyQfm2TX7zG
nJZNlxIyz+XScZqtwpxsU4MKBfILOOFVYDQDHnXx9tqhhucGBlqR22trbLULJlAA
MUysAOCSVPJIF0O6eB9/Bl3ZfXbT0oEQ2l36+PIJXXdBXrqq/9aZQQ5MkFp5c2KT
LC3HfpOqyJy1R3f5U231DnfF2e5CnktTG5xFAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUnvprfDV/uH1MtIKFRmfE7jaFwDowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L252cHJmRFZfdUgxTXRJ
S0ZSbWZFN2phRndEby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJIVyfP6Rrz7kNyO
1bENsAzRZFSC4DL/WQfiSOfp7fs6SL757yHmS8+05SXBru54aJEqlKgWKOrx4+PM
5Sew3aujSaz9szv0boZ6EMdQLma849pkbAumembi/+kCzDT00PgHwB0asEIUN9VU
oAMGB7pKPTOm0nRqdMgB4D2NKntMY8VZ7rdkOd3husfxp8y1tTcRMFcj4+wFPNzT
+NZ4Wr/CiUCB85yNcIpHz6QNtRseEPeROTGB8zGMeKPiKRdihzEvd2VO/lUv9cGN
aSSNSmBKVzjHydnyu9i3007G7w+x8n8IxZa8YZTZ20hLmSO1sG00eWaCufMB5Hx2
/ZgUfHQ=
-----END CERTIFICATE-----
Generated at Fri Jun 20 08:11:20 2025 by rpki-client