Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ox8ivYJ2BFNru5JveLmI7bc0cqk.roa
File: ox8ivYJ2BFNru5JveLmI7bc0cqk.roa (raw, json)
Hash identifier: 5QBFrKjH9CjbtyZ/GkihJm742GDh3N6WWEN2BudR0Eg=
Subject key identifier: A3:1F:22:BD:82:76:04:53:6B:BB:92:6F:78:B9:88:ED:B7:34:72:A9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B19
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ox8ivYJ2BFNru5JveLmI7bc0cqk.roa
Signing time: Sun 07 Apr 2024 09:22:59 +0000
ROA not before: Sun 07 Apr 2024 09:22:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15129 (0x3b19)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 09:22:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A31F22BD827604536BBB926F78B988EDB73472A9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:72:73:03:19:18:5c:c8:e6:42:48:b7:61:e5:
d1:63:68:84:63:59:07:ba:45:41:a4:d4:54:d1:94:
9c:81:6b:e5:37:83:8c:27:d7:c0:77:8e:47:3a:4a:
4a:1a:55:dd:87:e7:ac:01:ce:b3:d0:de:f9:72:97:
d2:5c:8b:78:bb:f6:4e:16:9c:21:a3:55:34:50:3d:
0b:f8:28:27:96:d3:ee:40:65:6f:9b:51:93:09:83:
62:a1:1e:9c:b2:db:df:db:f5:c8:92:99:b3:46:36:
63:53:74:c9:cd:a1:0f:55:40:5e:b7:70:a6:b8:61:
09:e5:79:4f:e9:d7:ad:2a:ad:01:83:b6:4c:44:6f:
b1:c9:0c:cb:7b:de:97:47:63:46:a9:08:27:03:4b:
15:f8:c0:99:35:fb:d5:9d:e9:04:d5:70:a2:71:cd:
be:2f:81:70:ed:9e:72:ad:f0:dc:a2:b6:a1:dd:25:
e5:e2:d3:ca:d0:19:9d:c9:e9:6a:d5:97:20:ec:4c:
d2:bd:07:bb:e9:98:9b:f9:b1:f4:5f:82:a7:aa:0d:
6b:0b:8d:63:b8:13:bb:9d:52:a3:c2:f0:27:a1:78:
3e:19:a4:17:31:01:93:a0:34:b9:3c:64:7c:ff:30:
c5:00:11:e7:f4:d0:49:a3:17:8f:4f:e1:92:6f:84:
80:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:1F:22:BD:82:76:04:53:6B:BB:92:6F:78:B9:88:ED:B7:34:72:A9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ox8ivYJ2BFNru5JveLmI7bc0cqk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
a8:c5:bb:c4:32:70:99:f0:40:f6:35:0d:8e:0c:78:3b:80:25:
2b:85:e0:53:8f:ae:f1:d2:43:04:aa:87:30:2a:7f:41:08:ad:
8a:69:c9:bd:6e:68:d6:f6:55:dd:ec:77:4e:13:37:b3:0b:f4:
f7:c0:cb:e5:2d:3f:d1:d5:b6:12:1b:0a:7d:68:9a:6f:69:e6:
72:68:b4:e5:61:38:62:76:8a:2d:d2:1e:e2:28:30:ed:29:b4:
48:2e:0f:96:94:23:73:ad:5c:cd:e6:bd:dc:43:9b:4b:ed:c8:
39:28:a6:47:90:d2:8c:4d:4f:be:b4:4b:92:15:0f:6c:01:0b:
9a:9f:d4:40:65:ae:d1:5b:e8:59:e9:83:04:a9:9e:c6:f8:ef:
58:f7:25:4c:24:b4:e9:81:c1:ca:63:dc:b1:33:b9:c5:f6:bf:
7e:a3:18:5a:98:fa:05:ea:b2:5b:7e:6a:97:7a:0c:e2:8b:e7:
6f:f3:70:ca:6c:c8:3a:3d:1e:70:76:98:b3:e2:9a:b5:57:a7:
8b:8c:e9:47:81:74:87:00:0c:37:c1:84:9d:18:71:f5:f7:1d:
b8:80:0e:c3:8d:0c:ee:38:0a:0a:77:ea:91:d8:d3:c8:35:98:
3c:b0:ae:7a:7e:5f:c2:ed:36:f0:ca:46:d0:35:ce:1e:90:9c:
3e:4d:ef:65
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOxkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcw
OTIyNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEzMUYyMkJEODI3NjA0
NTM2QkJCOTI2Rjc4Qjk4OEVEQjczNDcyQTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtcnMDGRhcyOZCSLdh5dFjaIRjWQe6RUGk1FTRlJyBa+U3g4wn
18B3jkc6SkoaVd2H56wBzrPQ3vlyl9Jci3i79k4WnCGjVTRQPQv4KCeW0+5AZW+b
UZMJg2KhHpyy29/b9ciSmbNGNmNTdMnNoQ9VQF63cKa4YQnleU/p160qrQGDtkxE
b7HJDMt73pdHY0apCCcDSxX4wJk1+9Wd6QTVcKJxzb4vgXDtnnKt8NyitqHdJeXi
08rQGZ3J6WrVlyDsTNK9B7vpmJv5sfRfgqeqDWsLjWO4E7udUqPC8CeheD4ZpBcx
AZOgNLk8ZHz/MMUAEef00EmjF49P4ZJvhICjAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUox8ivYJ2BFNru5JveLmI7bc0cqkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L294OGl2WUoyQkZOcnU1
SnZlTG1JN2JjMGNxay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKjFu8QycJnwQPY1
DY4MeDuAJSuF4FOPrvHSQwSqhzAqf0EIrYppyb1uaNb2Vd3sd04TN7ML9PfAy+Ut
P9HVthIbCn1omm9p5nJotOVhOGJ2ii3SHuIoMO0ptEguD5aUI3OtXM3mvdxDm0vt
yDkopkeQ0oxNT760S5IVD2wBC5qf1EBlrtFb6FnpgwSpnsb471j3JUwktOmBwcpj
3LEzucX2v36jGFqY+gXqslt+apd6DOKL52/zcMpsyDo9HnB2mLPimrVXp4uM6UeB
dIcADDfBhJ0YcfX3HbiADsONDO44Cgp36pHY08g1mDywrnp+X8LtNvDKRtA1zh6Q
nD5N72U=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:36:44 2025 by rpki-client