Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tlE_1pRbXMp6YP6s63sCmkcMy_w.roa
File: tlE_1pRbXMp6YP6s63sCmkcMy_w.roa (raw, json)
Hash identifier: XVwCy7Fp0uSb+tReNR0sI8EG8hDNuMA2u5+iyI63jGQ=
Subject key identifier: B6:51:3F:D6:94:5B:5C:CA:7A:60:FE:AC:EB:7B:02:9A:47:0C:CB:FC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 391D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tlE_1pRbXMp6YP6s63sCmkcMy_w.roa
Signing time: Thu 04 Apr 2024 17:52:21 +0000
ROA not before: Thu 04 Apr 2024 17:52:21 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14621 (0x391d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 4 17:52:21 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B6513FD6945B5CCA7A60FEACEB7B029A470CCBFC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:79:b7:68:f5:cc:ed:4f:f8:0a:fc:d7:c9:e7:
50:5a:62:b6:78:d0:b4:31:bd:de:9b:63:4f:9b:d2:
40:f6:19:f5:1f:fb:97:ad:c1:9e:6b:37:72:4e:87:
87:9d:4d:ee:f2:7b:9f:ca:c2:8a:0c:ef:b2:fc:96:
4d:39:7f:6f:32:10:75:15:bc:e2:5e:86:7c:04:49:
f2:e8:20:86:40:6e:c3:24:84:c8:64:7f:f0:26:1a:
f6:82:15:31:a8:59:cd:8a:76:8a:c8:e0:fb:09:ba:
33:d8:72:69:64:f3:8b:5a:5f:da:70:8d:9b:a0:b0:
1f:b3:b2:c4:d5:0a:2f:93:e4:bb:4b:5e:30:f0:c5:
46:46:55:b8:92:24:ed:07:e1:cd:39:cb:6c:7a:17:
94:9e:b1:83:7f:24:c1:c7:a9:4b:e4:f5:2e:c8:47:
ce:22:c2:7f:12:7d:ae:c4:0f:bd:84:12:9b:bd:5c:
d2:93:22:5f:0c:70:b1:9e:71:de:46:e1:35:7d:94:
78:d5:13:c2:69:0d:ef:14:b7:a3:08:68:18:84:d4:
05:51:55:b1:ed:9a:1c:f2:69:39:ec:2b:2c:c2:bc:
88:ab:15:f5:8b:cb:57:5f:90:a6:63:bc:37:3e:2a:
be:69:13:02:f5:31:51:e5:96:1a:be:db:73:27:2e:
00:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:51:3F:D6:94:5B:5C:CA:7A:60:FE:AC:EB:7B:02:9A:47:0C:CB:FC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tlE_1pRbXMp6YP6s63sCmkcMy_w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
4c:f4:00:8d:50:93:9f:14:6b:b1:09:ec:97:cb:3d:fb:5d:a7:
9f:6b:68:91:72:e1:d3:08:fc:40:1d:5b:e2:11:3e:26:4b:76:
49:bb:81:b1:2e:73:32:a3:ae:6d:c4:bf:7b:1f:12:a9:db:f5:
c1:07:af:0f:ff:f1:25:6a:34:48:b9:85:bb:35:3d:a3:bc:c3:
c4:af:3b:49:69:d2:8b:03:38:de:3c:69:29:c8:0a:70:db:76:
82:9f:42:57:4a:f7:34:b1:8e:15:75:68:c5:9e:cf:15:29:a2:
96:87:ad:80:15:6f:e8:0c:f4:65:87:26:72:6e:a3:6c:48:1c:
a6:7e:01:ab:a4:db:2c:9d:44:f3:49:9d:f7:06:dc:a8:ed:29:
e5:b3:30:6c:bf:b9:33:8c:b7:cc:59:07:0c:15:45:23:09:07:
07:d6:a4:72:b3:21:c0:e2:e2:2d:75:8e:4e:3c:0c:aa:b4:a0:
b1:fe:47:2a:30:cf:9f:fa:6a:ed:11:5e:63:0d:58:7f:2c:d2:
30:84:66:91:d4:32:a9:6a:01:b5:c5:ce:13:a5:bb:fe:ac:89:
47:96:39:09:14:65:c7:e8:a3:11:fe:6f:86:54:c5:5e:f9:92:
df:09:a5:a2:07:90:66:64:71:49:ec:16:0a:90:1c:36:b5:2e:
2f:20:4c:b1
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOR0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDQx
NzUyMjFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI2NTEzRkQ2OTQ1QjVD
Q0E3QTYwRkVBQ0VCN0IwMjlBNDcwQ0NCRkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCebdo9cztT/gK/NfJ51BaYrZ40LQxvd6bY0+b0kD2GfUf+5et
wZ5rN3JOh4edTe7ye5/KwooM77L8lk05f28yEHUVvOJehnwESfLoIIZAbsMkhMhk
f/AmGvaCFTGoWc2KdorI4PsJujPYcmlk84taX9pwjZugsB+zssTVCi+T5LtLXjDw
xUZGVbiSJO0H4c05y2x6F5SesYN/JMHHqUvk9S7IR84iwn8Sfa7ED72EEpu9XNKT
Il8McLGecd5G4TV9lHjVE8JpDe8Ut6MIaBiE1AVRVbHtmhzyaTnsKyzCvIirFfWL
y1dfkKZjvDc+Kr5pEwL1MVHllhq+23MnLgDbAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUtlE/1pRbXMp6YP6s63sCmkcMy/wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RsRV8xcFJiWE1wNllQ
NnM2M3NDbWtjTXlfdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEz0AI1Qk58Ua7EJ
7JfLPftdp59raJFy4dMI/EAdW+IRPiZLdkm7gbEuczKjrm3Ev3sfEqnb9cEHrw//
8SVqNEi5hbs1PaO8w8SvO0lp0osDON48aSnICnDbdoKfQldK9zSxjhV1aMWezxUp
opaHrYAVb+gM9GWHJnJuo2xIHKZ+Aauk2yydRPNJnfcG3KjtKeWzMGy/uTOMt8xZ
BwwVRSMJBwfWpHKzIcDi4i11jk48DKq0oLH+Ryowz5/6au0RXmMNWH8s0jCEZpHU
MqlqAbXFzhOlu/6siUeWOQkUZcfooxH+b4ZUxV75kt8JpaIHkGZkcUnsFgqQHDa1
Li8gTLE=
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:49:00 2025 by rpki-client