Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/pjRZlbcghERNWDUsVR5HsYv3C-U.roa
File: pjRZlbcghERNWDUsVR5HsYv3C-U.roa (raw, json)
Hash identifier: 95+QepKmAvt2wCQOpWOf6gnyj4CR2uMpmf5NH2CGDLs=
Subject key identifier: A6:34:59:95:B7:20:84:44:4D:58:35:2C:55:1E:47:B1:8B:F7:0B:E5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3FE1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pjRZlbcghERNWDUsVR5HsYv3C-U.roa
Signing time: Sat 13 Apr 2024 18:22:49 +0000
ROA not before: Sat 13 Apr 2024 18:22:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16353 (0x3fe1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 18:22:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A6345995B72084444D58352C551E47B18BF70BE5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:73:49:bf:e4:b3:71:39:4e:dc:68:8f:ca:42:
39:7b:63:51:6b:ad:3f:96:b1:fc:99:db:91:31:0d:
8c:55:f2:a2:28:9c:6f:75:9e:2e:76:c2:06:04:8f:
a6:cd:7f:e7:b3:61:c3:b0:dc:34:4d:2e:90:a2:fd:
f1:65:1f:12:49:0c:fb:e3:3e:b2:0d:5b:ad:44:b0:
c8:3a:94:bb:6b:1b:60:90:8b:f4:95:ad:7b:91:c4:
2d:80:5b:4e:8c:70:b8:d8:5b:5c:a8:a4:ff:f7:57:
83:00:af:31:9a:9a:c1:87:d3:23:08:61:70:1e:65:
a5:84:0f:a0:ed:f6:1c:f3:01:de:1e:87:86:c5:66:
f9:e5:51:a8:d6:c8:ef:a4:37:aa:08:a7:5e:07:55:
d7:56:1b:c8:96:09:4c:7f:ad:66:c9:4d:6a:22:81:
33:96:d9:4b:f4:aa:26:88:2f:d7:22:58:5f:69:ca:
62:d3:0b:95:bb:e3:97:a2:66:81:f9:de:91:82:c0:
47:b8:63:5e:15:7b:c0:15:14:50:26:e8:a4:3d:a5:
21:c6:f5:d5:76:3f:c1:92:7f:09:a2:e1:8c:97:00:
0b:25:fc:fa:31:81:05:8a:c6:91:67:35:6b:93:9b:
7e:79:08:a0:be:65:b3:53:ea:52:ab:03:8f:ee:c0:
fa:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:34:59:95:B7:20:84:44:4D:58:35:2C:55:1E:47:B1:8B:F7:0B:E5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pjRZlbcghERNWDUsVR5HsYv3C-U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
38:d9:39:76:4d:8c:3b:63:6c:09:7c:fe:66:80:a9:bd:aa:6f:
aa:96:60:4e:ec:33:51:6a:9d:2d:2b:18:e6:2b:ba:ed:f3:16:
f7:42:e7:12:cc:9e:ad:c6:d2:c7:55:7d:f1:e1:f5:ae:55:99:
8f:e9:5c:9e:58:89:e9:5b:4a:85:a7:fd:15:b6:bf:e2:94:1b:
ba:de:eb:74:c1:cd:b4:33:45:a2:2b:ee:35:97:8b:98:85:bb:
b6:1c:68:43:9f:a2:2d:97:52:0d:27:9e:e3:64:56:82:c0:e4:
a4:98:15:7f:ed:47:67:96:14:df:10:8f:7f:7d:93:17:10:25:
d8:cf:44:4f:07:6c:11:2c:9c:ce:a5:4f:00:b9:9a:8c:9f:68:
16:40:17:05:f1:3f:06:6a:d8:fc:17:9f:a5:2c:1a:04:f6:eb:
e6:e8:a2:03:a4:d0:cb:07:8a:c1:1f:f2:d0:30:6e:30:07:0c:
d9:32:f7:01:75:6b:7d:32:27:b5:0c:b5:65:2c:bc:91:e5:a5:
16:df:c9:12:dd:ea:3c:c3:f9:7b:8d:a6:2b:ad:a2:ea:b7:e5:
43:a0:8e:d4:c6:f7:33:1f:d1:06:ff:d3:a0:5b:4b:e0:47:86:
fa:e5:4f:f3:c7:08:af:d5:40:f2:bb:78:20:ba:66:d4:e8:ec:
9b:2b:be:6a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICP+EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMx
ODIyNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE2MzQ1OTk1QjcyMDg0
NDQ0RDU4MzUyQzU1MUU0N0IxOEJGNzBCRTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNc0m/5LNxOU7caI/KQjl7Y1FrrT+WsfyZ25ExDYxV8qIonG91
ni52wgYEj6bNf+ezYcOw3DRNLpCi/fFlHxJJDPvjPrINW61EsMg6lLtrG2CQi/SV
rXuRxC2AW06McLjYW1yopP/3V4MArzGamsGH0yMIYXAeZaWED6Dt9hzzAd4eh4bF
ZvnlUajWyO+kN6oIp14HVddWG8iWCUx/rWbJTWoigTOW2Uv0qiaIL9ciWF9pymLT
C5W745eiZoH53pGCwEe4Y14Ve8AVFFAm6KQ9pSHG9dV2P8GSfwmi4YyXAAsl/Pox
gQWKxpFnNWuTm355CKC+ZbNT6lKrA4/uwPqBAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUpjRZlbcghERNWDUsVR5HsYv3C+UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BqUlpsYmNnaEVSTldE
VXNWUjVIc1l2M0MtVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADjZOXZNjDtjbAl8
/maAqb2qb6qWYE7sM1FqnS0rGOYruu3zFvdC5xLMnq3G0sdVffHh9a5VmY/pXJ5Y
ielbSoWn/RW2v+KUG7re63TBzbQzRaIr7jWXi5iFu7YcaEOfoi2XUg0nnuNkVoLA
5KSYFX/tR2eWFN8Qj399kxcQJdjPRE8HbBEsnM6lTwC5moyfaBZAFwXxPwZq2PwX
n6UsGgT26+boogOk0MsHisEf8tAwbjAHDNky9wF1a30yJ7UMtWUsvJHlpRbfyRLd
6jzD+XuNpiutouq35UOgjtTG9zMf0Qb/06BbS+BHhvrlT/PHCK/VQPK7eCC6ZtTo
7Jsrvmo=
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:23:59 2025 by rpki-client