Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xI82ocjFAHZdUyzSfrVWHfw4Jq0.roa
File: xI82ocjFAHZdUyzSfrVWHfw4Jq0.roa (raw, json)
Hash identifier: J+AybxvdlWEFIhmxUbywFrZbNTZjC+tQf9WQf7f9n5Y=
Subject key identifier: C4:8F:36:A1:C8:C5:00:76:5D:53:2C:D2:7E:B5:56:1D:FC:38:26:AD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57C1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xI82ocjFAHZdUyzSfrVWHfw4Jq0.roa
Signing time: Wed 15 May 2024 14:24:12 +0000
ROA not before: Wed 15 May 2024 14:24:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22465 (0x57c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 14:24:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C48F36A1C8C500765D532CD27EB5561DFC3826AD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:d1:2b:ae:01:3a:6e:77:62:e0:64:6a:d2:94:
2f:60:a6:3a:cf:d2:cd:d5:81:ec:46:02:2f:76:20:
76:80:0f:11:aa:46:f7:48:42:25:af:2f:7b:d3:41:
85:b6:d0:c8:40:f9:3c:08:b3:a9:9a:66:54:93:58:
fa:85:a2:47:8a:69:87:5b:a5:d4:35:4e:93:e2:2a:
ca:00:0f:6f:24:87:46:41:de:02:40:63:c3:08:17:
c9:4b:2c:24:49:6c:0e:8a:bf:31:23:ee:cb:3a:8d:
19:b0:ef:3a:9c:11:e7:be:d3:b5:77:dd:eb:b4:1c:
a6:ec:4d:e4:01:ff:fc:52:7c:dd:82:ba:8d:62:ba:
1d:25:3d:6f:b9:8a:1e:81:90:eb:dc:0c:43:89:75:
c3:5e:74:f3:98:4b:20:ff:ae:39:7b:b5:0f:c9:a3:
83:33:23:95:a2:43:e2:9f:fa:63:dd:4c:81:f0:a2:
c1:76:3f:a2:9f:19:47:50:bb:07:86:4f:a8:ad:41:
95:a4:7a:2a:58:3f:6b:2a:94:ed:a8:93:ae:b7:72:
ca:db:92:36:4f:39:dc:71:5e:d4:6d:7f:16:1d:de:
9a:8e:85:12:ba:cb:45:81:96:95:e9:6c:32:23:ae:
b9:33:88:72:5e:1e:6e:37:c0:86:f9:68:65:d0:3f:
95:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:8F:36:A1:C8:C5:00:76:5D:53:2C:D2:7E:B5:56:1D:FC:38:26:AD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xI82ocjFAHZdUyzSfrVWHfw4Jq0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
ac:2e:45:c1:ef:f8:77:5c:9b:df:d7:6e:89:3c:52:99:bd:42:
00:6d:a9:80:13:38:76:0c:6e:c6:ed:6a:3b:87:39:3a:28:b4:
56:ac:88:d5:36:79:7f:84:23:8d:ae:6c:60:59:36:f5:89:7d:
b7:66:c2:b7:6c:16:1e:01:15:32:5c:fe:99:0e:17:88:aa:cf:
1c:a9:84:2b:30:c6:71:cc:00:a8:e5:6f:d6:8b:a0:e2:b1:10:
4c:1f:f7:dc:0a:f8:a2:74:dd:6f:24:fb:4d:34:17:40:ad:d0:
6f:62:52:ab:2e:68:68:f3:72:b2:52:fe:a3:08:dc:e4:5a:9a:
29:8b:9d:c4:db:12:79:71:d5:83:aa:30:14:45:d5:5c:6d:86:
8b:f3:d2:fd:e2:71:02:b6:12:88:32:c4:8d:61:ae:e2:36:04:
ff:d0:28:cc:1b:0c:d2:71:94:f2:3f:8a:c5:84:53:09:ef:f2:
fe:5a:fe:f8:ea:21:15:fa:13:a0:e3:a1:58:a9:c6:d7:07:6e:
c1:ec:ba:b8:70:74:3e:fb:88:33:2d:ac:94:92:cc:c5:75:e5:
30:87:9d:ab:56:c2:38:c4:5c:18:92:17:8a:90:1a:58:32:9f:
f1:95:00:d2:1b:9a:86:72:a3:3d:8c:27:01:af:d2:35:f4:76:
b4:a3:76:0f
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICV8EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUx
NDI0MTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM0OEYzNkExQzhDNTAw
NzY1RDUzMkNEMjdFQjU1NjFERkMzODI2QUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDu0SuuATpud2LgZGrSlC9gpjrP0s3VgexGAi92IHaADxGqRvdI
QiWvL3vTQYW20MhA+TwIs6maZlSTWPqFokeKaYdbpdQ1TpPiKsoAD28kh0ZB3gJA
Y8MIF8lLLCRJbA6KvzEj7ss6jRmw7zqcEee+07V33eu0HKbsTeQB//xSfN2Cuo1i
uh0lPW+5ih6BkOvcDEOJdcNedPOYSyD/rjl7tQ/Jo4MzI5WiQ+Kf+mPdTIHwosF2
P6KfGUdQuweGT6itQZWkeipYP2sqlO2ok663csrbkjZPOdxxXtRtfxYd3pqOhRK6
y0WBlpXpbDIjrrkziHJeHm43wIb5aGXQP5XPAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUxI82ocjFAHZdUyzSfrVWHfw4Jq0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hJODJvY2pGQUhaZFV5
elNmclZXSGZ3NEpxMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKwuRcHv+Hdcm9/X
bok8Upm9QgBtqYATOHYMbsbtajuHOTootFasiNU2eX+EI42ubGBZNvWJfbdmwrds
Fh4BFTJc/pkOF4iqzxyphCswxnHMAKjlb9aLoOKxEEwf99wK+KJ03W8k+000F0Ct
0G9iUqsuaGjzcrJS/qMI3ORamimLncTbEnlx1YOqMBRF1Vxthovz0v3icQK2Eogy
xI1hruI2BP/QKMwbDNJxlPI/isWEUwnv8v5a/vjqIRX6E6DjoVipxtcHbsHsurhw
dD77iDMtrJSSzMV15TCHnatWwjjEXBiSF4qQGlgyn/GVANIbmoZyoz2MJwGv0jX0
drSjdg8=
-----END CERTIFICATE-----
Generated at Sun Jun 22 07:58:40 2025 by rpki-client