Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/uodTg0Eh62wp-bej9vm5wAobGWE.roa
File: uodTg0Eh62wp-bej9vm5wAobGWE.roa (raw, json)
Hash identifier: jHGZkuP6KzjujaUtRCD7XGIzIiadSmnF5Z3Nd0xScew=
Subject key identifier: BA:87:53:83:41:21:EB:6C:29:F9:B7:A3:F6:F9:B9:C0:0A:1B:19:61
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B11
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uodTg0Eh62wp-bej9vm5wAobGWE.roa
Signing time: Sun 07 Apr 2024 08:22:30 +0000
ROA not before: Sun 07 Apr 2024 08:22:30 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15121 (0x3b11)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 08:22:30 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=BA8753834121EB6C29F9B7A3F6F9B9C00A1B1961
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:f5:b1:51:59:ae:c4:3d:be:b3:cd:c1:ca:97:
82:55:1c:3f:48:43:f6:69:65:01:cf:27:7d:cd:eb:
4e:12:cb:58:9d:56:a7:72:3f:cb:46:33:ab:32:d9:
a3:e1:42:d2:18:84:45:e8:05:80:bf:2b:61:df:98:
d6:b9:d1:0b:88:2e:77:db:cf:45:6d:a0:0c:72:7a:
11:76:2b:15:78:b3:d9:6f:4a:92:9d:7e:94:1d:d1:
23:41:d8:1e:33:76:02:5f:8f:f4:30:e0:52:41:52:
26:3d:6c:0e:af:0a:3d:cc:33:bc:ba:8b:a0:a2:02:
d1:a4:66:20:81:d2:2a:bb:df:2b:a6:01:95:c8:b4:
d3:32:f9:22:2d:3f:07:25:b6:80:82:77:26:22:14:
c5:db:7c:11:a5:da:7c:67:81:ee:61:b0:6d:27:f5:
0c:ec:a3:8e:05:36:9f:9d:ba:2d:86:25:cd:45:ea:
c8:a1:1e:f8:e3:37:c1:92:63:be:6f:e6:b6:41:c3:
ee:4b:13:17:61:df:3c:c3:57:b1:ea:07:c7:eb:dd:
bb:dd:ac:e8:c5:c7:29:90:74:ae:48:6d:ba:56:7b:
a4:b6:d6:00:f9:2e:64:d7:0e:e8:fe:02:e3:62:3e:
19:e8:91:a4:83:7a:47:84:14:49:52:15:ec:98:d1:
ab:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:87:53:83:41:21:EB:6C:29:F9:B7:A3:F6:F9:B9:C0:0A:1B:19:61
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uodTg0Eh62wp-bej9vm5wAobGWE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
ac:fe:9a:db:62:2c:59:64:88:e9:c9:df:b0:0d:67:11:e0:1c:
81:8d:61:77:6c:b9:bb:14:eb:0c:f9:cd:77:0a:7e:e2:0e:b3:
03:00:ac:68:5b:f0:01:e1:b0:8f:ca:21:f1:db:fd:e7:9d:51:
47:08:76:7f:9b:41:a6:cf:44:68:3f:05:b1:ce:60:ba:f0:d5:
d2:e5:40:38:62:43:c6:3f:d0:1c:3a:77:24:ab:b4:ac:50:27:
a0:d1:c0:60:98:99:28:d4:2d:c2:3d:a7:ba:51:b4:b7:d4:79:
c1:ba:27:90:0e:4e:7c:b6:35:b5:2f:7c:33:ec:57:2f:ec:8c:
4c:3a:25:92:e4:13:3c:79:3f:f5:bc:37:cb:28:8d:b7:e1:39:
6f:e2:b1:b5:93:be:b8:b7:16:df:85:4b:4e:11:3d:11:16:19:
5a:e7:eb:73:8d:67:ef:c5:d7:6d:71:cd:c3:6b:f9:6b:fa:02:
e6:6b:e1:b0:16:35:2c:ab:c6:36:58:0c:ae:aa:7b:2b:30:16:
98:25:a7:19:46:96:4b:5b:51:32:66:93:4e:19:55:35:1e:82:
f7:c9:41:30:90:d1:c1:91:07:13:2e:1e:e9:86:02:0a:3d:7c:
4d:37:a7:f7:8a:4e:7a:4b:4b:eb:86:1b:db:3d:28:2c:2c:30:
d8:91:1c:29
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOxEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcw
ODIyMzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJBODc1MzgzNDEyMUVC
NkMyOUY5QjdBM0Y2RjlCOUMwMEExQjE5NjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCz9bFRWa7EPb6zzcHKl4JVHD9IQ/ZpZQHPJ33N604Sy1idVqdy
P8tGM6sy2aPhQtIYhEXoBYC/K2HfmNa50QuILnfbz0VtoAxyehF2KxV4s9lvSpKd
fpQd0SNB2B4zdgJfj/Qw4FJBUiY9bA6vCj3MM7y6i6CiAtGkZiCB0iq73yumAZXI
tNMy+SItPwcltoCCdyYiFMXbfBGl2nxnge5hsG0n9Qzso44FNp+dui2GJc1F6sih
HvjjN8GSY75v5rZBw+5LExdh3zzDV7HqB8fr3bvdrOjFxymQdK5IbbpWe6S21gD5
LmTXDuj+AuNiPhnokaSDekeEFElSFeyY0avzAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUuodTg0Eh62wp+bej9vm5wAobGWEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VvZFRnMEVoNjJ3cC1i
ZWo5dm01d0FvYkdXRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKz+mttiLFlkiOnJ
37ANZxHgHIGNYXdsubsU6wz5zXcKfuIOswMArGhb8AHhsI/KIfHb/eedUUcIdn+b
QabPRGg/BbHOYLrw1dLlQDhiQ8Y/0Bw6dySrtKxQJ6DRwGCYmSjULcI9p7pRtLfU
ecG6J5AOTny2NbUvfDPsVy/sjEw6JZLkEzx5P/W8N8sojbfhOW/isbWTvri3Ft+F
S04RPREWGVrn63ONZ+/F121xzcNr+Wv6AuZr4bAWNSyrxjZYDK6qeyswFpglpxlG
lktbUTJmk04ZVTUegvfJQTCQ0cGRBxMuHumGAgo9fE03p/eKTnpLS+uGG9s9KCws
MNiRHCk=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:29:53 2025 by rpki-client