Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/x52_xs_5fiKhx6PfUCC4glx0XQE.roa
File: x52_xs_5fiKhx6PfUCC4glx0XQE.roa (raw, json)
Hash identifier: 6bb2Incw8T5+BEo2OHIC2xTdcyMI1sDN0730Uf0nPHc=
Subject key identifier: C7:9D:BF:C6:CF:F9:7E:22:A1:C7:A3:DF:50:20:B8:82:5C:74:5D:01
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F61
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/x52_xs_5fiKhx6PfUCC4glx0XQE.roa
Signing time: Sat 13 Apr 2024 02:22:49 +0000
ROA not before: Sat 13 Apr 2024 02:22:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16225 (0x3f61)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 02:22:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C79DBFC6CFF97E22A1C7A3DF5020B8825C745D01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:2c:56:65:62:77:eb:7d:ab:f8:e8:40:12:bd:
14:22:89:4d:74:97:66:03:25:90:d2:22:8d:b0:e4:
b6:33:5f:13:80:21:0c:cd:33:a9:97:03:8c:b2:81:
39:b2:8e:3c:c3:2e:65:a7:8b:a1:f0:bb:80:61:49:
1c:4c:e5:25:f7:89:08:04:6f:ac:c4:c0:61:e5:7d:
e1:21:8f:ea:bd:3a:a7:bd:e1:ad:c9:81:00:67:54:
6a:c5:b2:96:d6:a2:4f:1e:8a:62:4f:a7:1a:95:96:
de:c0:3f:8f:c7:bc:1f:38:be:b7:29:96:4b:b8:17:
eb:b1:96:0c:f2:36:e8:61:69:bb:f5:ee:4e:ae:80:
9d:18:d6:05:1a:e2:b4:c8:9b:8d:55:d8:e6:2e:18:
12:fc:f9:cf:c9:4a:c8:b3:79:c3:2a:5f:ce:73:9c:
b9:67:24:08:d4:62:cb:c6:24:94:74:cd:ca:02:40:
f8:9d:f3:9b:cf:c0:3f:f6:ca:86:48:23:af:ab:e2:
47:21:3f:c0:a8:91:8b:32:51:e9:db:e5:ce:b3:41:
15:bc:cd:a3:72:1c:b4:30:ee:0e:6c:9f:e9:f6:a3:
97:55:d4:18:82:7f:10:bd:95:ca:d9:d0:17:40:85:
6d:3f:8c:42:8a:c8:3f:ef:24:77:bc:7f:0c:8c:b5:
26:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:9D:BF:C6:CF:F9:7E:22:A1:C7:A3:DF:50:20:B8:82:5C:74:5D:01
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/x52_xs_5fiKhx6PfUCC4glx0XQE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
89:d9:67:b9:c8:d7:67:96:4a:34:53:93:35:09:ff:8c:9b:ca:
20:c7:76:58:25:3c:7d:af:e4:94:6a:36:db:55:8b:cc:12:5e:
76:ca:35:d4:18:92:e3:48:bb:af:df:6d:df:2c:30:97:17:01:
b7:ef:b8:c4:9c:31:f6:af:73:2d:56:9c:63:32:42:9a:13:57:
e4:bd:68:96:dd:06:9b:86:c0:7b:b8:84:76:4a:42:a7:90:b4:
5b:b4:6b:8b:84:72:f0:86:de:f0:8b:ba:e7:11:72:96:0c:ed:
ea:f8:b9:26:6a:38:37:b6:11:61:c2:f3:79:66:c2:49:78:f0:
68:9b:38:a4:08:d8:03:37:21:4c:6a:9c:c2:d8:b7:5d:27:04:
7d:66:e6:67:f5:31:dd:66:cf:c9:08:7a:b9:bc:98:79:9e:4f:
40:7a:1d:88:72:12:bc:2a:eb:cb:ea:07:64:8a:ca:94:52:61:
43:7c:f0:75:3d:f4:96:34:60:b7:34:06:a2:8a:f2:d2:de:b5:
01:9c:5c:fb:f0:76:27:3d:f0:ae:94:c8:d8:dc:b1:ba:c9:c1:
0b:4b:32:0e:86:30:a8:f3:a5:f2:07:5c:71:40:6a:57:88:01:
a3:ac:e6:42:f5:f7:9b:e8:72:a8:07:c1:37:a8:39:f0:18:2b:
78:49:8d:79
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICP2EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMw
MjIyNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM3OURCRkM2Q0ZGOTdF
MjJBMUM3QTNERjUwMjBCODgyNUM3NDVEMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDtLFZlYnfrfav46EASvRQiiU10l2YDJZDSIo2w5LYzXxOAIQzN
M6mXA4yygTmyjjzDLmWni6Hwu4BhSRxM5SX3iQgEb6zEwGHlfeEhj+q9Oqe94a3J
gQBnVGrFspbWok8eimJPpxqVlt7AP4/HvB84vrcplku4F+uxlgzyNuhhabv17k6u
gJ0Y1gUa4rTIm41V2OYuGBL8+c/JSsizecMqX85znLlnJAjUYsvGJJR0zcoCQPid
85vPwD/2yoZII6+r4kchP8CokYsyUenb5c6zQRW8zaNyHLQw7g5sn+n2o5dV1BiC
fxC9lcrZ0BdAhW0/jEKKyD/vJHe8fwyMtSY3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUx52/xs/5fiKhx6PfUCC4glx0XQEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3g1Ml94c181ZmlLaHg2
UGZVQ0M0Z2x4MFhRRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAInZZ7nI12eWSjRT
kzUJ/4ybyiDHdlglPH2v5JRqNttVi8wSXnbKNdQYkuNIu6/fbd8sMJcXAbfvuMSc
Mfavcy1WnGMyQpoTV+S9aJbdBpuGwHu4hHZKQqeQtFu0a4uEcvCG3vCLuucRcpYM
7er4uSZqODe2EWHC83lmwkl48GibOKQI2AM3IUxqnMLYt10nBH1m5mf1Md1mz8kI
erm8mHmeT0B6HYhyErwq68vqB2SKypRSYUN88HU99JY0YLc0BqKK8tLetQGcXPvw
dic98K6UyNjcsbrJwQtLMg6GMKjzpfIHXHFAaleIAaOs5kL195vocqgHwTeoOfAY
K3hJjXk=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:23:20 2025 by rpki-client