Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xqXK3kWcgSKLsEp9NUK61hQW8S0.roa
File: xqXK3kWcgSKLsEp9NUK61hQW8S0.roa (raw, json)
Hash identifier: bNGAKRaujMMC7tCXNVX0NeEcMe6go3ecCINFWoJSTVg=
Subject key identifier: C6:A5:CA:DE:45:9C:81:22:8B:B0:4A:7D:35:42:BA:D6:14:16:F1:2D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5239
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xqXK3kWcgSKLsEp9NUK61hQW8S0.roa
Signing time: Wed 08 May 2024 05:23:56 +0000
ROA not before: Wed 08 May 2024 05:23:56 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21049 (0x5239)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 8 05:23:56 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C6A5CADE459C81228BB04A7D3542BAD61416F12D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:22:1d:ee:90:cb:4c:4b:96:88:29:38:b8:bf:
9e:22:3a:13:a2:2d:ec:8e:bc:60:4d:8c:47:0f:31:
27:32:dd:4c:44:00:65:37:aa:e7:1f:da:b0:a5:9a:
73:18:c2:45:76:f7:3b:8d:0f:ea:d8:32:30:c3:c2:
45:bf:d0:0e:be:a8:49:df:87:44:7d:57:a6:c6:1d:
b3:9e:bf:8f:68:a4:d8:e0:55:48:9d:86:1e:f6:32:
64:b7:95:b1:5d:ce:42:40:dd:82:e1:83:72:99:a4:
9b:79:6b:25:ab:7b:f7:d9:97:b6:e4:86:d1:97:2e:
90:46:b3:fc:ba:9a:51:32:06:a6:00:a0:3e:9c:b2:
d3:45:6e:89:c2:3c:8d:81:3b:1f:ed:10:de:42:14:
2f:7e:97:e9:ee:9a:c9:7f:60:71:14:82:e5:8c:5b:
0f:8d:74:4f:9a:b0:bc:17:ce:1e:77:b0:d7:27:f1:
15:00:c9:c5:36:cd:8a:bf:43:3e:58:bf:ba:96:31:
c8:72:16:58:a6:e9:55:29:17:40:18:66:1a:1e:91:
0b:48:26:e5:da:f8:7f:dd:ae:c9:2d:f0:be:50:76:
8c:51:4e:95:96:91:82:d1:9f:d1:73:06:13:49:1b:
fc:2f:ae:3f:67:72:47:e6:62:72:b8:57:60:92:35:
ac:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:A5:CA:DE:45:9C:81:22:8B:B0:4A:7D:35:42:BA:D6:14:16:F1:2D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xqXK3kWcgSKLsEp9NUK61hQW8S0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
8a:fa:e5:3a:06:c7:84:41:31:db:e0:52:a0:f4:ba:4b:be:99:
39:5b:2d:05:66:c1:8b:59:c8:f4:4c:24:63:fc:70:f5:49:4a:
e6:2b:2c:36:ba:c7:cd:b8:a2:86:b2:9f:5e:7e:2d:a6:d4:db:
c4:3e:5e:15:2d:d7:39:34:e7:11:17:ce:5a:9f:3e:03:38:d0:
98:7e:d1:0a:0e:57:71:b4:45:3c:17:65:b9:1c:8c:3d:50:ce:
29:7d:14:2f:88:d9:cf:3f:79:47:15:9a:a6:70:b8:0b:29:c4:
d4:54:0e:a4:19:65:b1:93:a8:f7:9f:f8:57:0a:22:d1:56:18:
8a:5c:6c:02:38:0c:92:d2:29:5e:dc:02:9f:e0:7d:24:ae:e5:
e6:90:26:5b:91:92:e1:5a:ff:db:e2:63:48:2d:69:2d:70:2c:
9a:2b:ee:1e:cb:f7:eb:28:45:7a:3d:44:bb:78:57:5b:83:24:
58:35:d2:e1:db:2d:47:db:d6:be:c2:51:ca:04:3b:df:a0:ba:
1f:08:3d:c2:05:bf:37:c9:cc:01:45:5e:16:f9:30:a8:e2:b0:
55:89:ab:b4:b7:f3:51:77:58:95:18:5a:85:fe:04:07:ee:10:
63:71:f8:8b:84:8e:7d:7a:73:6f:9e:84:50:ac:1c:3b:ce:ae:
c0:b1:a2:fb
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUjkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDgw
NTIzNTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM2QTVDQURFNDU5Qzgx
MjI4QkIwNEE3RDM1NDJCQUQ2MTQxNkYxMkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD4Ih3ukMtMS5aIKTi4v54iOhOiLeyOvGBNjEcPMScy3UxEAGU3
qucf2rClmnMYwkV29zuND+rYMjDDwkW/0A6+qEnfh0R9V6bGHbOev49opNjgVUid
hh72MmS3lbFdzkJA3YLhg3KZpJt5ayWre/fZl7bkhtGXLpBGs/y6mlEyBqYAoD6c
stNFbonCPI2BOx/tEN5CFC9+l+numsl/YHEUguWMWw+NdE+asLwXzh53sNcn8RUA
ycU2zYq/Qz5Yv7qWMchyFlim6VUpF0AYZhoekQtIJuXa+H/drskt8L5QdoxRTpWW
kYLRn9FzBhNJG/wvrj9nckfmYnK4V2CSNaxrAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUxqXK3kWcgSKLsEp9NUK61hQW8S0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hxWEsza1djZ1NLTHNF
cDlOVUs2MWhRVzhTMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIr65ToGx4RBMdvg
UqD0uku+mTlbLQVmwYtZyPRMJGP8cPVJSuYrLDa6x824ooayn15+LabU28Q+XhUt
1zk05xEXzlqfPgM40Jh+0QoOV3G0RTwXZbkcjD1Qzil9FC+I2c8/eUcVmqZwuAsp
xNRUDqQZZbGTqPef+FcKItFWGIpcbAI4DJLSKV7cAp/gfSSu5eaQJluRkuFa/9vi
Y0gtaS1wLJor7h7L9+soRXo9RLt4V1uDJFg10uHbLUfb1r7CUcoEO9+guh8IPcIF
vzfJzAFFXhb5MKjisFWJq7S381F3WJUYWoX+BAfuEGNx+IuEjn16c2+ehFCsHDvO
rsCxovs=
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:33:55 2025 by rpki-client