Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rYi1NRdlUZDgUDed5G4nXHojLhk.roa
File: rYi1NRdlUZDgUDed5G4nXHojLhk.roa (raw, json)
Hash identifier: XMD+KWl4nSxRNuQ4m2vM6EmdU8rMz6EVyeU2wk0vkxk=
Subject key identifier: AD:88:B5:35:17:65:51:90:E0:50:37:9D:E4:6E:27:5C:7A:23:2E:19
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4161
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rYi1NRdlUZDgUDed5G4nXHojLhk.roa
Signing time: Mon 15 Apr 2024 18:22:55 +0000
ROA not before: Mon 15 Apr 2024 18:22:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16737 (0x4161)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 18:22:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AD88B53517655190E050379DE46E275C7A232E19
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:4d:be:94:0a:14:95:d4:56:d8:e7:78:9f:5e:
c5:54:3a:67:35:fd:78:78:c8:ac:5e:3b:51:c2:db:
11:5a:e9:ff:42:15:a9:a8:14:95:90:83:ae:e6:30:
cc:b9:5b:96:7b:62:98:d7:86:1f:22:71:0e:59:20:
5b:57:60:f6:35:b1:93:2c:91:18:16:5a:a1:83:be:
ce:ae:a2:70:83:88:39:75:8b:40:ed:0c:b0:b8:22:
40:2d:17:a9:df:a9:25:62:e6:18:a0:ad:49:62:0c:
b3:74:82:05:c1:d1:f3:15:6b:ef:ec:75:91:52:f4:
b9:59:16:61:fa:ae:dd:59:44:d3:1a:c7:af:6e:f5:
ac:9d:cb:06:a7:e9:4e:f7:3c:6e:b8:45:e1:89:f5:
5f:9c:6d:83:31:56:c8:3e:2e:08:b3:e3:82:bd:c8:
3d:df:e9:9a:c4:64:32:18:1a:02:a6:23:07:c4:76:
fc:a4:ae:25:8a:b8:7c:ef:cc:96:32:47:a9:16:d3:
90:40:27:72:e6:4b:26:cc:3b:4d:de:a0:c5:5b:f9:
b2:c9:44:56:65:fc:69:4e:64:15:ff:2d:ab:7a:a3:
a2:af:68:6b:5d:14:ff:38:1a:dc:03:87:e0:7c:41:
9a:78:20:a2:bd:a6:43:80:17:a3:73:4b:f4:fc:03:
80:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:88:B5:35:17:65:51:90:E0:50:37:9D:E4:6E:27:5C:7A:23:2E:19
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rYi1NRdlUZDgUDed5G4nXHojLhk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
24:98:03:c9:06:f8:d6:ca:3d:c0:7e:f7:40:7c:2f:73:cd:b6:
15:3c:8b:38:80:fd:f1:12:a9:0d:75:ec:75:8b:e2:89:9d:6b:
04:6a:4d:06:29:e5:c7:73:aa:9e:85:b0:1d:46:1e:c6:e2:e4:
de:d4:06:bf:a3:ce:52:a3:a0:ad:12:b7:a3:30:1b:b2:e3:f3:
63:0a:1b:9a:91:31:7e:ad:c8:f9:9c:7a:7c:29:f8:fa:6b:6f:
e6:4c:b6:8e:a6:15:ec:6f:12:f5:b0:dc:89:a4:ed:41:9a:57:
10:f7:bb:f8:cb:e1:47:68:06:61:c9:d5:75:c2:d5:c2:cf:1f:
3d:82:ff:3d:e1:5a:5f:85:18:f0:3d:a5:ee:df:13:31:a2:74:
17:1e:66:e9:b9:62:6c:c1:bb:ae:aa:d2:68:c5:11:14:9f:d3:
79:3f:0b:c4:dd:db:0b:9c:69:bd:db:e8:f0:7d:af:09:d9:e7:
d0:14:af:6b:6f:92:90:b6:a9:db:ad:66:1d:55:fd:cb:a3:5e:
ff:fa:6a:c5:f2:bd:5f:67:86:dd:fc:2d:c1:f9:35:e7:b5:71:
49:6d:af:44:7b:6b:1d:19:bf:92:4d:66:f9:ab:81:0c:22:a9:
6d:38:8a:aa:52:05:67:f4:46:0f:5b:9e:50:6b:f1:a8:cf:c6:
84:b2:53:5e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQWEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
ODIyNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFEODhCNTM1MTc2NTUx
OTBFMDUwMzc5REU0NkUyNzVDN0EyMzJFMTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4Tb6UChSV1FbY53ifXsVUOmc1/Xh4yKxeO1HC2xFa6f9CFamo
FJWQg67mMMy5W5Z7YpjXhh8icQ5ZIFtXYPY1sZMskRgWWqGDvs6uonCDiDl1i0Dt
DLC4IkAtF6nfqSVi5higrUliDLN0ggXB0fMVa+/sdZFS9LlZFmH6rt1ZRNMax69u
9aydywan6U73PG64ReGJ9V+cbYMxVsg+Lgiz44K9yD3f6ZrEZDIYGgKmIwfEdvyk
riWKuHzvzJYyR6kW05BAJ3LmSybMO03eoMVb+bLJRFZl/GlOZBX/Lat6o6KvaGtd
FP84GtwDh+B8QZp4IKK9pkOAF6NzS/T8A4D1AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUrYi1NRdlUZDgUDed5G4nXHojLhkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JZaTFOUmRsVVpEZ1VE
ZWQ1RzRuWEhvakxoay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACSYA8kG+NbKPcB+
90B8L3PNthU8iziA/fESqQ117HWL4omdawRqTQYp5cdzqp6FsB1GHsbi5N7UBr+j
zlKjoK0St6MwG7Lj82MKG5qRMX6tyPmcenwp+Pprb+ZMto6mFexvEvWw3Imk7UGa
VxD3u/jL4UdoBmHJ1XXC1cLPHz2C/z3hWl+FGPA9pe7fEzGidBceZum5YmzBu66q
0mjFERSf03k/C8Td2wucab3b6PB9rwnZ59AUr2tvkpC2qdutZh1V/cujXv/6asXy
vV9nht38LcH5Nee1cUltr0R7ax0Zv5JNZvmrgQwiqW04iqpSBWf0Rg9bnlBr8ajP
xoSyU14=
-----END CERTIFICATE-----
Generated at Sat Jun 21 14:42:47 2025 by rpki-client