Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oZCzBYtntJ8tWV8atb3nPGF3ZQk.roa
File: oZCzBYtntJ8tWV8atb3nPGF3ZQk.roa (raw, json)
Hash identifier: ssX2KR/ebr6fnMz0IgiMtBuIF3iDQQfIITuuum4fEH8=
Subject key identifier: A1:90:B3:05:8B:67:B4:9F:2D:59:5F:1A:B5:BD:E7:3C:61:77:65:09
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3445
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oZCzBYtntJ8tWV8atb3nPGF3ZQk.roa
Signing time: Fri 29 Mar 2024 06:52:04 +0000
ROA not before: Fri 29 Mar 2024 06:52:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13381 (0x3445)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 06:52:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A190B3058B67B49F2D595F1AB5BDE73C61776509
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:bb:52:f0:7f:a1:ca:3e:cb:9a:e9:cf:84:30:
8a:a4:00:25:08:a3:82:84:83:ff:93:90:e7:28:74:
d6:eb:8a:a1:1b:19:f2:44:9e:4e:08:44:25:bf:a5:
c9:53:41:c8:68:bc:d2:9c:1d:b0:36:92:0a:24:e1:
81:50:58:57:64:f0:d2:91:c1:c0:cb:5f:53:99:21:
b7:20:65:a8:51:60:b5:79:e5:d3:ab:63:8e:19:64:
08:44:84:aa:aa:43:b5:11:bc:e1:5b:8d:ae:58:bb:
17:e8:f6:3a:62:05:ad:0c:a9:be:d2:f2:ed:80:a7:
88:cb:79:1b:f3:7f:85:de:54:62:96:37:c1:77:b3:
cf:e2:07:0c:3e:ac:dd:23:3a:fd:fe:91:ec:2f:2f:
4a:7c:47:0b:78:f9:3a:a1:59:ef:85:24:4d:4c:e8:
02:c8:55:5a:cb:1b:5c:5c:6e:3d:50:1a:b8:ac:62:
2c:62:cc:53:17:a3:9a:81:73:c2:c6:e4:12:c6:ba:
d0:98:cb:b2:03:d4:0e:ec:59:d6:e0:37:a2:5b:33:
8c:0e:c8:db:49:ad:7c:8d:af:86:4e:0c:9c:91:1a:
61:af:8c:f8:9a:b0:6b:2b:95:73:1f:bd:73:9e:4c:
13:b6:1e:f3:43:c2:26:eb:a5:59:88:13:28:f9:11:
9c:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:90:B3:05:8B:67:B4:9F:2D:59:5F:1A:B5:BD:E7:3C:61:77:65:09
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oZCzBYtntJ8tWV8atb3nPGF3ZQk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
25:48:f9:68:a1:58:6c:fd:0b:52:5e:e7:86:fc:f4:6a:18:0e:
df:21:9e:7f:63:15:83:6f:c6:d0:be:5f:f4:f3:91:30:c9:9d:
83:ea:47:8e:86:7f:80:cd:4c:25:6b:7d:f6:3a:5b:eb:b7:4d:
2d:5b:d1:15:2b:72:61:b4:94:f7:01:83:c3:b7:fc:9f:74:2d:
c0:f6:96:48:b8:24:5f:7d:a2:f9:17:74:fc:b7:2f:ea:5b:d6:
98:63:be:22:a4:cd:06:81:90:65:73:6b:5f:95:87:1c:75:0a:
07:27:93:62:34:52:2e:fc:bc:20:89:9e:5e:cd:8e:17:96:36:
e6:bd:18:00:d0:6e:81:ec:2f:df:91:94:fd:1c:9b:7e:27:20:
35:ce:87:ec:82:df:c1:01:95:8f:6e:f8:83:72:d8:0a:0c:75:
1d:fa:0d:a3:74:cf:b1:ac:f5:b9:c7:a3:c9:53:a9:22:46:4f:
fa:f9:b7:cb:f0:39:cd:e2:99:93:3d:1e:99:47:be:f9:d5:bc:
8d:98:d5:79:bb:b8:75:17:6c:8f:58:86:37:37:92:81:31:e2:
ea:8a:00:39:b2:07:4c:aa:20:89:cc:11:d8:61:b0:42:17:9a:
2c:38:9d:58:f2:0b:dd:3b:07:44:ab:67:6b:de:cb:45:a8:bb:
5c:17:3b:ce
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNEUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkw
NjUyMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEExOTBCMzA1OEI2N0I0
OUYyRDU5NUYxQUI1QkRFNzNDNjE3NzY1MDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCgu1Lwf6HKPsua6c+EMIqkACUIo4KEg/+TkOcodNbriqEbGfJE
nk4IRCW/pclTQchovNKcHbA2kgok4YFQWFdk8NKRwcDLX1OZIbcgZahRYLV55dOr
Y44ZZAhEhKqqQ7URvOFbja5Yuxfo9jpiBa0Mqb7S8u2Ap4jLeRvzf4XeVGKWN8F3
s8/iBww+rN0jOv3+kewvL0p8Rwt4+TqhWe+FJE1M6ALIVVrLG1xcbj1QGrisYixi
zFMXo5qBc8LG5BLGutCYy7ID1A7sWdbgN6JbM4wOyNtJrXyNr4ZODJyRGmGvjPia
sGsrlXMfvXOeTBO2HvNDwibrpVmIEyj5EZwXAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUoZCzBYtntJ8tWV8atb3nPGF3ZQkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29aQ3pCWXRudEo4dFdW
OGF0YjNuUEdGM1pRay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACVI+WihWGz9C1Je
54b89GoYDt8hnn9jFYNvxtC+X/TzkTDJnYPqR46Gf4DNTCVrffY6W+u3TS1b0RUr
cmG0lPcBg8O3/J90LcD2lki4JF99ovkXdPy3L+pb1phjviKkzQaBkGVza1+Vhxx1
Cgcnk2I0Ui78vCCJnl7NjheWNua9GADQboHsL9+RlP0cm34nIDXOh+yC38EBlY9u
+INy2AoMdR36DaN0z7Gs9bnHo8lTqSJGT/r5t8vwOc3imZM9HplHvvnVvI2Y1Xm7
uHUXbI9Yhjc3koEx4uqKADmyB0yqIInMEdhhsEIXmiw4nVjyC907B0SrZ2vey0Wo
u1wXO84=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:28:05 2025 by rpki-client