Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yUSiehjcHoqkQgFxv7Fm7INydtM.roa
File: yUSiehjcHoqkQgFxv7Fm7INydtM.roa (raw, json)
Hash identifier: aNF1VQlTgQMM5dJ44mCdjPb1MLqTWy56TS/UTPLelLM=
Subject key identifier: C9:44:A2:7A:18:DC:1E:8A:A4:42:01:71:BF:B1:66:EC:83:72:76:D3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42D5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yUSiehjcHoqkQgFxv7Fm7INydtM.roa
Signing time: Wed 17 Apr 2024 16:52:59 +0000
ROA not before: Wed 17 Apr 2024 16:52:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17109 (0x42d5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 16:52:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C944A27A18DC1E8AA4420171BFB166EC837276D3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:7a:98:1d:95:78:48:c4:01:32:17:d9:b2:d0:
e3:35:c4:cb:ff:87:d2:91:fa:b8:48:fb:27:6a:98:
80:4f:85:55:42:29:ba:f0:f2:f1:4c:a1:af:cc:f0:
2a:ae:82:1d:27:55:b3:16:a3:a4:a4:00:51:47:b0:
df:9a:2c:a0:d0:b0:2f:b7:0e:aa:c6:22:1f:2e:7f:
b7:e3:ea:a8:d4:cb:49:8f:86:7d:60:f1:07:92:15:
63:e2:fb:57:3b:94:1d:13:50:b2:dd:05:d7:2d:ed:
7f:5e:d2:21:0c:e1:f2:d2:3d:c5:dd:35:63:7f:6a:
44:02:2d:22:f6:44:9c:bc:5a:08:95:a8:06:41:12:
2e:21:0c:bf:a9:0c:85:4c:da:be:29:5b:5b:b8:7d:
21:bb:d2:78:df:72:fb:d8:83:74:bf:ad:b6:35:f0:
7b:aa:62:65:79:f2:56:d3:db:db:89:2a:2c:d0:bb:
c9:ec:44:93:7f:47:3e:36:63:d8:a1:e8:36:df:c5:
8a:cc:d1:57:fe:b5:84:3d:ba:4a:13:79:bf:66:b7:
fb:11:ee:cd:c5:75:f6:6a:83:5a:fd:02:ef:ef:5b:
3d:42:c8:02:7f:96:19:c5:7e:02:cd:23:e5:58:58:
ed:3f:b6:68:05:ef:0a:16:fe:9e:b2:22:ef:b4:56:
82:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:44:A2:7A:18:DC:1E:8A:A4:42:01:71:BF:B1:66:EC:83:72:76:D3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yUSiehjcHoqkQgFxv7Fm7INydtM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
18:c4:78:2a:27:18:e2:80:68:be:55:ec:5f:cc:a8:ba:47:b6:
d2:0c:83:10:c8:15:a8:e5:af:3a:76:95:e0:fc:80:14:10:d8:
31:5a:bd:96:31:1d:12:80:7f:00:96:04:27:b5:14:8a:7e:b3:
7d:7d:7b:a3:ff:d7:87:07:9f:94:94:4f:f4:fd:08:c5:f3:38:
fc:a0:e0:f8:51:8b:09:09:25:2b:5a:2c:a7:98:de:42:43:62:
66:a5:e7:36:e5:7e:e3:9e:21:6a:30:d6:77:a7:12:dc:48:15:
9b:8c:a3:b1:ec:ac:c0:c4:b7:ce:2b:33:94:aa:9f:8a:eb:dd:
1c:b9:01:e3:e7:c6:48:d7:98:7e:23:e9:b0:3f:ca:c5:a7:ec:
d8:ab:69:02:d1:4e:19:62:f9:6d:55:99:0a:30:80:2b:7d:64:
5c:a8:4c:ee:d5:57:ee:b9:21:5f:ed:85:3e:4b:e0:a8:71:5d:
d7:46:38:ab:2d:6e:fa:d1:54:d8:b4:ff:83:d9:22:f3:c6:aa:
e5:f9:14:c8:98:ab:2f:31:33:3e:cb:85:21:ab:b1:38:3d:48:
2d:95:ce:eb:c2:9e:e0:5e:d5:38:6a:96:db:c1:a8:6d:69:38:
e4:d9:07:27:5a:aa:40:69:0c:82:25:82:99:ce:6b:c5:1d:e1:
a0:af:74:0c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQtUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcx
NjUyNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM5NDRBMjdBMThEQzFF
OEFBNDQyMDE3MUJGQjE2NkVDODM3Mjc2RDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdepgdlXhIxAEyF9my0OM1xMv/h9KR+rhI+ydqmIBPhVVCKbrw
8vFMoa/M8Cqugh0nVbMWo6SkAFFHsN+aLKDQsC+3DqrGIh8uf7fj6qjUy0mPhn1g
8QeSFWPi+1c7lB0TULLdBdct7X9e0iEM4fLSPcXdNWN/akQCLSL2RJy8WgiVqAZB
Ei4hDL+pDIVM2r4pW1u4fSG70njfcvvYg3S/rbY18HuqYmV58lbT29uJKizQu8ns
RJN/Rz42Y9ih6DbfxYrM0Vf+tYQ9ukoTeb9mt/sR7s3FdfZqg1r9Au/vWz1CyAJ/
lhnFfgLNI+VYWO0/tmgF7woW/p6yIu+0VoKXAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUyUSiehjcHoqkQgFxv7Fm7INydtMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3lVU2llaGpjSG9xa1Fn
Rnh2N0ZtN0lOeWR0TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABjEeConGOKAaL5V
7F/MqLpHttIMgxDIFajlrzp2leD8gBQQ2DFavZYxHRKAfwCWBCe1FIp+s319e6P/
14cHn5SUT/T9CMXzOPyg4PhRiwkJJStaLKeY3kJDYmal5zblfuOeIWow1nenEtxI
FZuMo7HsrMDEt84rM5Sqn4rr3Ry5AePnxkjXmH4j6bA/ysWn7NiraQLRThli+W1V
mQowgCt9ZFyoTO7VV+65IV/thT5L4KhxXddGOKstbvrRVNi0/4PZIvPGquX5FMiY
qy8xMz7LhSGrsTg9SC2VzuvCnuBe1ThqltvBqG1pOOTZBydaqkBpDIIlgpnOa8Ud
4aCvdAw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:15:35 2025 by rpki-client