Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/v5LA_QhHW7P_9zYajHlcsopG1qk.roa
File: v5LA_QhHW7P_9zYajHlcsopG1qk.roa (raw, json)
Hash identifier: dSo+bBAebjEHaPW/LOsPjXQi0cNF2UNTp+J4Da3Qha4=
Subject key identifier: BF:92:C0:FD:08:47:5B:B3:FF:F7:36:1A:8C:79:5C:B2:8A:46:D6:A9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4B7D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/v5LA_QhHW7P_9zYajHlcsopG1qk.roa
Signing time: Mon 29 Apr 2024 05:53:28 +0000
ROA not before: Mon 29 Apr 2024 05:53:28 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19325 (0x4b7d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 05:53:28 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=BF92C0FD08475BB3FFF7361A8C795CB28A46D6A9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:d2:f4:1c:24:f1:be:25:42:f0:83:76:87:d2:
de:6f:dd:6b:00:d0:22:93:e5:51:6c:ba:91:43:f9:
d3:7d:1b:5f:97:76:76:27:22:6d:fb:ea:34:3a:35:
b4:af:4b:8c:a8:93:64:52:2c:e6:b3:6c:16:f7:d5:
dd:2b:5f:e8:67:ad:b5:06:93:27:88:46:00:6e:b5:
f7:95:b2:34:45:7d:e5:19:36:40:c3:7e:6c:67:f8:
e8:76:db:19:f0:3b:87:dd:47:09:64:19:db:55:e5:
42:1c:55:9c:14:ac:86:7a:86:40:af:39:99:8e:ac:
9b:3c:14:4b:03:06:7b:34:79:1a:b6:f4:3c:1e:b8:
36:ee:b2:35:4b:d7:66:00:8e:25:01:22:cb:12:22:
3c:01:aa:dc:8e:ee:02:2a:65:76:95:c2:28:ad:2c:
28:3c:65:bf:72:09:cc:94:66:b6:57:11:a4:08:22:
fb:6e:9d:28:00:1e:1e:a7:56:ad:0b:51:33:5f:eb:
80:c1:43:a6:91:34:b3:45:90:bd:10:b4:55:00:83:
d5:83:44:32:94:4e:52:eb:19:1d:58:4a:5b:22:be:
38:11:02:46:5d:c7:53:f9:b0:f4:55:fa:50:47:7b:
01:21:28:d1:62:2f:54:be:e3:24:71:8e:2d:ee:bb:
81:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:92:C0:FD:08:47:5B:B3:FF:F7:36:1A:8C:79:5C:B2:8A:46:D6:A9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/v5LA_QhHW7P_9zYajHlcsopG1qk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
12:a0:22:4f:d4:83:24:df:83:b4:71:10:9f:3f:eb:8e:b9:22:
6f:ba:89:4b:b5:3f:ab:99:7f:25:f8:bc:8e:cc:fb:b0:3c:d1:
5f:eb:f5:b8:d4:21:bd:cd:14:e7:99:e6:1f:a4:fc:cd:5a:20:
4e:b0:c2:b0:6b:f8:31:77:17:34:c9:56:dd:f6:b3:22:cd:4a:
fc:8c:25:cd:c2:7c:b8:2c:e5:99:38:a9:a1:c5:c1:06:0d:87:
e0:a5:9a:81:eb:06:91:39:00:95:1c:0b:a2:a2:79:34:ec:30:
21:4d:5c:c2:05:8f:8e:38:f2:d7:98:28:ee:08:9a:42:16:c0:
c9:05:e5:2f:7f:28:90:14:73:a1:81:45:cd:c4:88:4a:e4:c4:
e8:90:25:0a:cc:9c:fd:5b:60:df:cd:f1:a5:cb:4f:d3:c4:26:
57:63:d8:87:8a:0e:48:51:54:31:bd:ff:21:9f:66:51:76:17:
39:ad:5d:34:d7:ba:26:70:1d:db:fc:37:57:86:52:c6:4f:75:
de:0e:74:0d:36:a9:86:0a:63:a3:f5:70:9a:13:c8:41:d8:9d:
11:e8:25:f2:db:62:0c:4d:fd:f5:78:69:7e:e9:58:61:a7:1d:
8b:87:e3:ea:bc:f8:b5:f5:93:03:dd:fc:b8:37:40:be:9a:93:
30:e2:7a:23
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICS30wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkw
NTUzMjhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJGOTJDMEZEMDg0NzVC
QjNGRkY3MzYxQThDNzk1Q0IyOEE0NkQ2QTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDF0vQcJPG+JULwg3aH0t5v3WsA0CKT5VFsupFD+dN9G1+XdnYn
Im376jQ6NbSvS4yok2RSLOazbBb31d0rX+hnrbUGkyeIRgButfeVsjRFfeUZNkDD
fmxn+Oh22xnwO4fdRwlkGdtV5UIcVZwUrIZ6hkCvOZmOrJs8FEsDBns0eRq29Dwe
uDbusjVL12YAjiUBIssSIjwBqtyO7gIqZXaVwiitLCg8Zb9yCcyUZrZXEaQIIvtu
nSgAHh6nVq0LUTNf64DBQ6aRNLNFkL0QtFUAg9WDRDKUTlLrGR1YSlsivjgRAkZd
x1P5sPRV+lBHewEhKNFiL1S+4yRxji3uu4GZAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUv5LA/QhHW7P/9zYajHlcsopG1qkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3Y1TEFfUWhIVzdQXzl6
WWFqSGxjc29wRzFxay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABKgIk/UgyTfg7Rx
EJ8/6465Im+6iUu1P6uZfyX4vI7M+7A80V/r9bjUIb3NFOeZ5h+k/M1aIE6wwrBr
+DF3FzTJVt32syLNSvyMJc3CfLgs5Zk4qaHFwQYNh+ClmoHrBpE5AJUcC6KieTTs
MCFNXMIFj4448teYKO4ImkIWwMkF5S9/KJAUc6GBRc3EiErkxOiQJQrMnP1bYN/N
8aXLT9PEJldj2IeKDkhRVDG9/yGfZlF2FzmtXTTXuiZwHdv8N1eGUsZPdd4OdA02
qYYKY6P1cJoTyEHYnRHoJfLbYgxN/fV4aX7pWGGnHYuH4+q8+LX1kwPd/Lg3QL6a
kzDieiM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:10:21 2025 by rpki-client