Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-6LBxWw4AQUkXY4nQxrLtjT5SLg.roa
File: -6LBxWw4AQUkXY4nQxrLtjT5SLg.roa (raw, json)
Hash identifier: R9mXIBa3N0WEafTKuUpnywIQQq/gtCkrCysqDDQlQRc=
Subject key identifier: FB:A2:C1:C5:6C:38:01:05:24:5D:8E:27:43:1A:CB:B6:34:F9:48:B8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35CD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-6LBxWw4AQUkXY4nQxrLtjT5SLg.roa
Signing time: Sun 31 Mar 2024 07:52:10 +0000
ROA not before: Sun 31 Mar 2024 07:52:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13773 (0x35cd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 07:52:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FBA2C1C56C380105245D8E27431ACBB634F948B8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:91:00:a0:a9:f9:98:83:11:52:89:0a:7c:34:
8d:c8:1c:19:d6:66:88:da:02:54:d7:a9:96:ae:48:
31:cc:71:4c:99:df:ae:94:6f:b0:59:28:63:b5:cb:
5e:04:9b:21:fa:92:08:d3:bc:9b:27:27:73:c5:d4:
f3:d3:19:9d:72:c2:cd:6d:29:d8:02:50:7e:13:1e:
80:3d:71:fb:5c:fa:12:ef:20:db:88:05:53:45:12:
12:0b:6d:48:92:f8:84:df:dd:1d:65:b5:83:0b:cd:
1b:33:f8:e3:df:54:e8:53:b8:b5:8e:15:7c:ab:ef:
9b:8d:8c:65:c8:69:c6:10:e1:42:a4:bc:1b:50:2b:
e6:5f:f1:1f:53:b1:ff:d7:a3:bd:eb:5b:d5:34:58:
30:2f:3a:38:00:c9:9b:6e:3d:25:3e:5e:cd:f9:a2:
4d:22:99:27:d2:1e:fd:01:62:3d:c9:9d:71:f3:82:
28:7a:bd:a7:85:d6:68:28:99:3d:7d:f5:22:29:42:
6a:cc:6c:b7:49:3a:53:74:d5:3d:ce:95:fe:a9:8f:
2c:15:88:2b:23:e2:83:1e:3e:3c:1f:df:78:86:08:
f7:a2:7b:32:b1:09:20:3a:c4:c4:2e:76:1e:b0:87:
86:70:5e:bf:cd:c7:f9:e2:33:cc:54:d3:d6:fc:ad:
93:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:A2:C1:C5:6C:38:01:05:24:5D:8E:27:43:1A:CB:B6:34:F9:48:B8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-6LBxWw4AQUkXY4nQxrLtjT5SLg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
76:12:d6:ef:a8:72:2d:66:70:ab:99:c6:5f:05:0c:22:af:3e:
e1:b6:21:a9:45:db:a9:0c:a4:45:4e:3f:b9:f8:50:f8:ec:3f:
bc:5a:a9:6e:47:b4:79:e5:f4:45:cb:a0:97:66:e4:e5:1c:97:
98:84:fb:95:a7:0a:cd:89:55:3d:8d:64:bf:00:c2:4d:1e:2e:
1a:b8:6c:a0:b5:a3:cb:8e:62:17:50:9b:fe:fa:a1:01:09:10:
5d:ad:cb:4b:c5:63:5b:2e:f3:fd:d0:82:4a:60:68:28:c0:52:
ac:7f:5f:00:a8:57:31:41:0b:b7:ff:66:47:6c:31:5d:30:e9:
a2:6c:00:ce:85:8f:e0:45:5a:ae:cd:f6:5e:d7:a6:c3:68:90:
82:12:51:28:a3:a0:4f:93:4d:33:9c:98:2d:8a:14:81:8a:ae:
43:06:8f:45:32:b3:44:53:b9:b5:e6:1f:50:35:3f:89:b5:06:
5b:56:e6:6f:59:38:b2:93:43:1f:f7:03:1d:1d:4e:bf:fd:b0:
14:10:e3:6b:0e:45:2c:98:fa:6e:5a:37:70:61:58:02:4e:c0:
34:e0:99:39:de:26:e6:72:7d:b4:e6:95:2b:44:36:4e:7d:e9:
5a:e8:d6:28:3e:af:2a:81:ce:ae:a9:d2:fb:df:85:26:98:e8:
2b:83:03:d6
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNc0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
NzUyMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZCQTJDMUM1NkMzODAx
MDUyNDVEOEUyNzQzMUFDQkI2MzRGOTQ4QjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSkQCgqfmYgxFSiQp8NI3IHBnWZojaAlTXqZauSDHMcUyZ366U
b7BZKGO1y14EmyH6kgjTvJsnJ3PF1PPTGZ1yws1tKdgCUH4THoA9cftc+hLvINuI
BVNFEhILbUiS+ITf3R1ltYMLzRsz+OPfVOhTuLWOFXyr75uNjGXIacYQ4UKkvBtQ
K+Zf8R9Tsf/Xo73rW9U0WDAvOjgAyZtuPSU+Xs35ok0imSfSHv0BYj3JnXHzgih6
vaeF1mgomT199SIpQmrMbLdJOlN01T3Olf6pjywViCsj4oMePjwf33iGCPeiezKx
CSA6xMQudh6wh4ZwXr/Nx/niM8xU09b8rZNBAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU+6LBxWw4AQUkXY4nQxrLtjT5SLgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly02TEJ4V3c0QVFVa1hZ
NG5ReHJMdGpUNVNMZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHYS1u+oci1mcKuZ
xl8FDCKvPuG2IalF26kMpEVOP7n4UPjsP7xaqW5HtHnl9EXLoJdm5OUcl5iE+5Wn
Cs2JVT2NZL8Awk0eLhq4bKC1o8uOYhdQm/76oQEJEF2ty0vFY1su8/3QgkpgaCjA
Uqx/XwCoVzFBC7f/ZkdsMV0w6aJsAM6Fj+BFWq7N9l7XpsNokIISUSijoE+TTTOc
mC2KFIGKrkMGj0Uys0RTubXmH1A1P4m1BltW5m9ZOLKTQx/3Ax0dTr/9sBQQ42sO
RSyY+m5aN3BhWAJOwDTgmTneJuZyfbTmlStENk596Vro1ig+ryqBzq6p0vvfhSaY
6CuDA9Y=
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:20:48 2025 by rpki-client