Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1AmBvPI7zF-eSSe6Gay8lwk1BcE.roa
File: 1AmBvPI7zF-eSSe6Gay8lwk1BcE.roa (raw, json)
Hash identifier: qwfKcZQeiMaQ/60sgV4IJhrM0UY6TuT/urcy0ieRWbU=
Subject key identifier: D4:09:81:BC:F2:3B:CC:5F:9E:49:27:BA:19:AC:BC:97:09:35:05:C1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4879
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1AmBvPI7zF-eSSe6Gay8lwk1BcE.roa
Signing time: Thu 25 Apr 2024 05:23:20 +0000
ROA not before: Thu 25 Apr 2024 05:23:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18553 (0x4879)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 25 05:23:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D40981BCF23BCC5F9E4927BA19ACBC97093505C1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:e8:62:5b:a2:90:1c:9f:fb:03:ad:4f:da:10:
48:cc:30:eb:a1:6a:3c:91:a6:22:ee:cd:61:cb:55:
4c:13:16:d4:0e:55:fd:5c:64:fd:c6:db:55:1d:2e:
60:32:bb:6a:b3:c8:54:85:55:3c:bf:37:69:ca:23:
ea:f0:5e:76:18:70:b2:03:9e:5b:9e:a0:85:a7:bb:
d5:22:2b:19:81:71:31:e3:c0:9c:56:e1:7c:9d:02:
db:cf:87:47:65:85:cd:2e:4a:a1:7b:05:75:9d:09:
de:b6:89:dd:f8:9a:bb:aa:09:dc:18:12:76:fb:25:
32:ca:64:3f:5e:41:db:f3:7e:7e:bd:54:25:84:47:
bb:a9:29:18:98:60:88:25:8e:61:5d:5c:e4:00:fe:
ff:5d:71:f5:48:55:24:60:82:5f:ae:d7:90:0f:b6:
69:df:99:94:86:cf:a5:3e:d8:38:ae:c2:96:3a:a0:
1c:6b:4e:9d:9c:0f:26:e2:71:5b:ac:e1:c6:fb:a8:
b0:8e:af:b1:04:b4:c3:b5:42:42:a1:a8:ec:6b:16:
23:45:df:d1:87:7a:1a:44:a0:82:0d:54:89:82:03:
42:b2:b5:ca:4d:b4:89:85:fb:3c:f1:c2:e9:08:ff:
c8:e2:27:ec:26:26:bc:ea:e3:38:68:e0:9f:dd:ce:
b8:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:09:81:BC:F2:3B:CC:5F:9E:49:27:BA:19:AC:BC:97:09:35:05:C1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1AmBvPI7zF-eSSe6Gay8lwk1BcE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
78:c2:fb:00:25:fe:89:61:0f:6d:d5:65:18:c2:34:36:7e:8d:
10:c6:f6:76:04:3f:5c:01:00:7e:45:b2:b5:66:78:c5:a4:ce:
83:17:c6:bc:9e:28:9e:aa:ad:d3:48:b1:d4:85:20:d8:c6:da:
64:82:b6:7d:59:34:db:fb:39:1e:36:27:6f:4d:18:fb:aa:da:
af:6f:5e:d2:b8:7c:bf:32:20:f6:30:fd:ef:a7:ff:af:2c:59:
d8:ed:c3:f2:d8:c7:4a:ce:36:f7:9a:de:0d:81:cf:3d:52:6c:
56:c0:15:67:6f:24:b6:fd:87:2c:86:dd:96:42:6f:7a:c4:cf:
bb:a2:75:ec:ed:91:03:0f:85:d0:45:f7:8a:8c:05:7a:03:89:
26:21:41:34:6a:fa:ae:2a:b4:be:34:02:2a:2b:f3:b5:fe:7b:
cc:aa:cb:93:e5:55:39:6b:7b:a2:51:49:0e:a1:c6:73:5e:dc:
c2:ad:fa:f0:4a:06:65:86:3d:bb:14:fa:b1:f1:39:cb:f2:1f:
a8:08:59:02:c0:04:84:55:42:b0:79:23:05:2a:df:d5:5c:0c:
45:24:a4:52:3c:53:2a:b2:a3:54:b9:80:1f:71:00:ef:9c:48:
30:cc:df:34:a8:35:df:a0:52:0a:0f:a8:4c:91:14:55:2d:54:
15:9f:de:dd
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSHkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjUw
NTIzMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ0MDk4MUJDRjIzQkND
NUY5RTQ5MjdCQTE5QUNCQzk3MDkzNTA1QzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC86GJbopAcn/sDrU/aEEjMMOuhajyRpiLuzWHLVUwTFtQOVf1c
ZP3G21UdLmAyu2qzyFSFVTy/N2nKI+rwXnYYcLIDnlueoIWnu9UiKxmBcTHjwJxW
4XydAtvPh0dlhc0uSqF7BXWdCd62id34mruqCdwYEnb7JTLKZD9eQdvzfn69VCWE
R7upKRiYYIgljmFdXOQA/v9dcfVIVSRggl+u15APtmnfmZSGz6U+2DiuwpY6oBxr
Tp2cDybicVus4cb7qLCOr7EEtMO1QkKhqOxrFiNF39GHehpEoIINVImCA0KytcpN
tImF+zzxwukI/8jiJ+wmJrzq4zho4J/dzrg3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU1AmBvPI7zF+eSSe6Gay8lwk1BcEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFBbUJ2UEk3ekYtZVNT
ZTZHYXk4bHdrMUJjRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHjC+wAl/olhD23V
ZRjCNDZ+jRDG9nYEP1wBAH5FsrVmeMWkzoMXxryeKJ6qrdNIsdSFINjG2mSCtn1Z
NNv7OR42J29NGPuq2q9vXtK4fL8yIPYw/e+n/68sWdjtw/LYx0rONvea3g2Bzz1S
bFbAFWdvJLb9hyyG3ZZCb3rEz7uideztkQMPhdBF94qMBXoDiSYhQTRq+q4qtL40
Aior87X+e8yqy5PlVTlre6JRSQ6hxnNe3MKt+vBKBmWGPbsU+rHxOcvyH6gIWQLA
BIRVQrB5IwUq39VcDEUkpFI8Uyqyo1S5gB9xAO+cSDDM3zSoNd+gUgoPqEyRFFUt
VBWf3t0=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:56 2025 by rpki-client