Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rujvWrz8q0Y-TNZgomBaMTmxXew.roa
File: rujvWrz8q0Y-TNZgomBaMTmxXew.roa (raw, json)
Hash identifier: A3sX7a1+MGk2eHrQriqhdgCKO8Hy0nPWHSItrYoEqs4=
Subject key identifier: AE:E8:EF:5A:BC:FC:AB:46:3E:4C:D6:60:A2:60:5A:31:39:B1:5D:EC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4CD1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rujvWrz8q0Y-TNZgomBaMTmxXew.roa
Signing time: Wed 01 May 2024 00:23:38 +0000
ROA not before: Wed 01 May 2024 00:23:38 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19665 (0x4cd1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 00:23:38 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AEE8EF5ABCFCAB463E4CD660A2605A3139B15DEC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:04:d0:89:78:eb:b2:ee:4a:bb:e0:4d:bf:78:
bb:3d:77:ba:f4:18:b0:9c:d4:29:14:2a:e5:ce:09:
71:b4:6a:3e:dc:44:86:c1:b1:87:bd:85:2b:e3:6e:
fb:16:82:b9:e8:43:c8:5e:20:77:86:b7:44:ee:aa:
27:b7:c5:b0:04:42:86:3e:15:e7:f5:9c:bf:7b:8c:
64:04:4e:e8:2b:e9:7a:89:ce:31:b2:53:8d:80:10:
b3:28:c4:c4:c0:d7:09:00:cc:1b:56:22:1f:af:cc:
1b:44:c1:56:9f:14:4d:34:4d:eb:ff:40:6b:6b:58:
0b:72:cd:c5:9e:7f:04:61:45:7b:91:4b:32:6d:76:
d9:de:45:36:e7:ca:d0:b7:a7:0f:b6:6d:b5:2c:42:
cd:ea:e0:bc:91:07:13:27:bb:91:bd:4c:e1:6a:67:
a7:ac:b8:15:be:4c:f6:b9:b5:93:6c:9d:1f:13:b4:
a9:f6:92:23:79:6f:90:cb:95:1b:61:d0:8b:73:d4:
18:12:57:38:2e:6e:24:05:58:c0:69:ca:33:07:e7:
1c:db:1b:ae:c1:21:af:e2:cc:bd:43:10:be:2c:c5:
02:54:75:66:cf:60:1b:7b:3d:d6:e3:ed:ad:b3:48:
21:ed:57:6c:d8:1e:16:f3:27:58:d6:41:2c:f4:45:
47:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:E8:EF:5A:BC:FC:AB:46:3E:4C:D6:60:A2:60:5A:31:39:B1:5D:EC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rujvWrz8q0Y-TNZgomBaMTmxXew.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
19:94:bc:76:88:45:fd:77:57:77:c6:3a:f7:8a:8c:42:17:61:
5c:a7:d2:a1:0c:a3:04:70:01:30:b1:f5:27:99:0b:15:5c:85:
ac:d0:24:0d:51:43:62:bc:75:de:d4:ef:be:d1:de:d6:10:01:
5a:4a:77:bf:3c:dd:74:67:05:00:82:d0:1b:29:68:45:b5:8e:
19:c2:77:6a:95:df:a4:ce:96:fb:81:31:09:cc:e6:48:ff:d7:
a8:20:48:43:b6:54:49:0a:ee:43:a1:ab:68:d4:6b:ce:b5:e9:
ed:bb:d5:1b:70:ab:96:ba:30:60:51:0c:7e:60:64:d5:1a:e5:
1b:32:18:45:f7:d7:0e:a3:65:89:d7:d3:c2:81:ce:76:a6:d2:
51:a5:bb:ab:e9:34:24:66:05:58:43:56:4d:bc:08:31:bb:e2:
17:b3:d7:05:bc:09:22:c5:fe:82:fa:26:2c:d1:37:c3:bc:86:
a4:d0:42:4e:de:91:9b:a0:a2:2a:b8:a1:39:a3:a9:2d:a7:7b:
0d:99:f2:09:37:06:03:9d:56:e1:24:e7:e9:2a:6c:e5:c4:4b:
d8:b7:8e:4f:6b:eb:6b:a2:c1:4b:54:f5:35:bf:42:96:c7:e7:
32:b9:36:75:63:31:d2:50:36:99:4b:2d:b8:f8:82:cc:bf:59:
7b:f4:22:a0
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTNEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEw
MDIzMzhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFFRThFRjVBQkNGQ0FC
NDYzRTRDRDY2MEEyNjA1QTMxMzlCMTVERUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7BNCJeOuy7kq74E2/eLs9d7r0GLCc1CkUKuXOCXG0aj7cRIbB
sYe9hSvjbvsWgrnoQ8heIHeGt0Tuqie3xbAEQoY+Fef1nL97jGQETugr6XqJzjGy
U42AELMoxMTA1wkAzBtWIh+vzBtEwVafFE00Tev/QGtrWAtyzcWefwRhRXuRSzJt
dtneRTbnytC3pw+2bbUsQs3q4LyRBxMnu5G9TOFqZ6esuBW+TPa5tZNsnR8TtKn2
kiN5b5DLlRth0Itz1BgSVzgubiQFWMBpyjMH5xzbG67BIa/izL1DEL4sxQJUdWbP
YBt7Pdbj7a2zSCHtV2zYHhbzJ1jWQSz0RUebAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUrujvWrz8q0Y+TNZgomBaMTmxXewwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3J1anZXcno4cTBZLVRO
WmdvbUJhTVRteFhldy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABmUvHaIRf13V3fG
OveKjEIXYVyn0qEMowRwATCx9SeZCxVchazQJA1RQ2K8dd7U777R3tYQAVpKd788
3XRnBQCC0BspaEW1jhnCd2qV36TOlvuBMQnM5kj/16ggSEO2VEkK7kOhq2jUa861
6e271Rtwq5a6MGBRDH5gZNUa5RsyGEX31w6jZYnX08KBznam0lGlu6vpNCRmBVhD
Vk28CDG74hez1wW8CSLF/oL6JizRN8O8hqTQQk7ekZugoiq4oTmjqS2new2Z8gk3
BgOdVuEk5+kqbOXES9i3jk9r62uiwUtU9TW/QpbH5zK5NnVjMdJQNplLLbj4gsy/
WXv0IqA=
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:19:27 2025 by rpki-client