Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oZSlxXvNeZrZmB1KMClmdjybVE4.roa
File: oZSlxXvNeZrZmB1KMClmdjybVE4.roa (raw, json)
Hash identifier: VaTL8wlWYNJtohOZ/BtZdFJpeJ+xL/xKIwBB4rZt4i0=
Subject key identifier: A1:94:A5:C5:7B:CD:79:9A:D9:98:1D:4A:30:29:66:76:3C:9B:54:4E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3541
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oZSlxXvNeZrZmB1KMClmdjybVE4.roa
Signing time: Sat 30 Mar 2024 14:22:08 +0000
ROA not before: Sat 30 Mar 2024 14:22:08 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13633 (0x3541)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 14:22:08 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A194A5C57BCD799AD9981D4A302966763C9B544E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:8c:13:ac:ff:30:2e:53:86:82:70:a8:3e:28:
f5:d6:cb:65:c8:bc:4c:92:08:9f:8e:fd:11:c9:70:
d2:57:37:c9:a1:c6:c5:6b:1b:e1:bc:8b:b1:3d:a1:
b9:48:9e:1a:80:68:0d:c8:40:b3:58:24:a8:94:47:
59:3d:47:b8:d2:bd:b3:bd:38:45:91:85:64:0d:59:
6b:60:1b:69:2a:59:c0:ae:db:99:ee:db:71:cf:ae:
91:30:a8:08:07:c9:63:96:17:69:9d:d7:73:d5:ed:
26:ac:c5:c4:9d:52:b1:bc:a3:de:6e:fa:5a:5d:b1:
09:aa:d4:ab:d1:34:02:26:9f:98:fb:c4:43:cc:c2:
de:fe:84:05:e8:9b:5c:89:1c:e3:d0:d4:2e:1a:6f:
3c:dc:df:e7:58:94:b9:46:ff:c1:e3:87:63:78:76:
44:23:db:ec:1d:e3:3d:08:b5:3e:38:af:4f:48:03:
76:1f:34:a6:93:c2:b2:44:dc:e4:78:99:ea:7d:b3:
39:51:ce:a7:d7:2b:f6:a5:e4:dc:a3:e5:38:d9:5d:
b7:4e:a0:b1:b5:fd:b0:32:81:1e:79:56:91:c4:da:
c1:df:c6:c7:75:37:ed:af:97:c4:92:b5:31:51:f0:
75:03:38:41:48:cf:39:49:2a:66:c3:c9:10:08:e0:
d4:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:94:A5:C5:7B:CD:79:9A:D9:98:1D:4A:30:29:66:76:3C:9B:54:4E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oZSlxXvNeZrZmB1KMClmdjybVE4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
7a:a4:99:d6:0c:28:95:af:30:b8:c0:f6:c3:51:69:aa:50:0a:
66:ff:70:b7:fa:e8:23:51:4d:58:32:70:41:fb:e4:7d:54:41:
4a:7c:9f:e4:75:a8:5c:68:80:d9:f6:53:27:0c:13:12:9d:2c:
e6:27:58:4e:0e:93:38:06:f6:54:7c:c1:32:11:48:a0:2f:21:
2b:e7:e6:f4:96:75:2c:88:24:7a:16:ed:84:a8:89:7f:b9:49:
94:4b:97:cc:53:f3:b0:ec:bd:7a:a3:24:45:bb:3c:45:d5:34:
c8:2a:a9:7b:58:c7:60:c1:10:2c:3d:a5:4d:ef:9b:5a:2e:a0:
f2:71:15:4d:62:f7:b1:80:e9:e0:c2:8a:c4:80:69:d8:8e:81:
e8:18:42:64:9b:2d:0a:df:68:35:3a:f0:36:f7:14:07:2c:31:
73:db:b5:fe:35:a5:cc:b6:4b:18:37:dc:d6:7b:83:d6:01:fe:
d6:36:e7:0a:3c:66:e7:20:3e:9c:44:1d:b2:0b:99:c6:32:7c:
ef:40:ca:67:87:a9:b0:d5:bc:47:78:2b:51:83:31:9a:e6:76:
85:61:ae:a8:53:f2:18:96:62:45:84:be:b6:2c:1d:d0:1c:8d:
92:6a:7e:83:fd:0e:92:9e:d5:1f:a7:42:61:a9:f7:f2:c2:e3:
d5:c3:7f:35
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNUEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAx
NDIyMDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEExOTRBNUM1N0JDRDc5
OUFEOTk4MUQ0QTMwMjk2Njc2M0M5QjU0NEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPjBOs/zAuU4aCcKg+KPXWy2XIvEySCJ+O/RHJcNJXN8mhxsVr
G+G8i7E9oblInhqAaA3IQLNYJKiUR1k9R7jSvbO9OEWRhWQNWWtgG2kqWcCu25nu
23HPrpEwqAgHyWOWF2md13PV7SasxcSdUrG8o95u+lpdsQmq1KvRNAImn5j7xEPM
wt7+hAXom1yJHOPQ1C4abzzc3+dYlLlG/8Hjh2N4dkQj2+wd4z0ItT44r09IA3Yf
NKaTwrJE3OR4mep9szlRzqfXK/al5Nyj5TjZXbdOoLG1/bAygR55VpHE2sHfxsd1
N+2vl8SStTFR8HUDOEFIzzlJKmbDyRAI4NQrAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUoZSlxXvNeZrZmB1KMClmdjybVE4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29aU2x4WHZOZVpyWm1C
MUtNQ2xtZGp5YlZFNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHqkmdYMKJWvMLjA
9sNRaapQCmb/cLf66CNRTVgycEH75H1UQUp8n+R1qFxogNn2UycMExKdLOYnWE4O
kzgG9lR8wTIRSKAvISvn5vSWdSyIJHoW7YSoiX+5SZRLl8xT87DsvXqjJEW7PEXV
NMgqqXtYx2DBECw9pU3vm1ouoPJxFU1i97GA6eDCisSAadiOgegYQmSbLQrfaDU6
8Db3FAcsMXPbtf41pcy2Sxg33NZ7g9YB/tY25wo8ZucgPpxEHbILmcYyfO9AymeH
qbDVvEd4K1GDMZrmdoVhrqhT8hiWYkWEvrYsHdAcjZJqfoP9DpKe1R+nQmGp9/LC
49XDfzU=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:32:17 2025 by rpki-client