Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/G6OwCH3Hz6nfSzXaOnfHmCMGc_8.roa
File: G6OwCH3Hz6nfSzXaOnfHmCMGc_8.roa (raw, json)
Hash identifier: I9NoWAzh3Q7GDj/rHjI5VGwDyum7zzCePCeprTUhco4=
Subject key identifier: 1B:A3:B0:08:7D:C7:CF:A9:DF:4B:35:DA:3A:77:C7:98:23:06:73:FF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 432D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G6OwCH3Hz6nfSzXaOnfHmCMGc_8.roa
Signing time: Thu 18 Apr 2024 03:52:59 +0000
ROA not before: Thu 18 Apr 2024 03:52:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17197 (0x432d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 03:52:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1BA3B0087DC7CFA9DF4B35DA3A77C798230673FF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:b9:84:bf:9e:70:a8:bf:42:92:25:ec:6e:74:
31:49:22:1f:ee:86:1c:ca:2d:01:5c:26:87:bd:03:
d6:67:be:00:21:05:c4:ec:32:92:07:68:67:69:fe:
10:a3:b0:41:79:c2:2c:b9:f8:46:15:b6:c5:3a:16:
63:5d:c0:9a:3b:ce:74:dd:d1:a3:52:27:e1:bb:21:
93:a7:a8:8f:a4:16:4d:c0:e2:ab:d0:31:ff:43:15:
af:3f:8c:cb:ce:83:51:00:e2:7d:f3:32:37:c9:a3:
8d:d9:29:70:26:a7:b0:6f:ff:e0:d7:ed:7f:f0:1a:
49:b4:36:c2:85:f6:e2:09:a3:7b:b0:b6:90:10:c7:
c6:1b:0b:2e:4d:da:46:44:8a:dd:e3:18:1b:fe:4b:
df:7e:bf:6a:18:21:f9:62:ad:99:af:b1:32:58:cc:
3c:58:5b:2c:aa:42:b9:e0:7b:62:00:48:7a:ee:5f:
50:82:cb:aa:72:e4:9d:0b:25:94:83:d7:8a:3d:05:
ea:9c:a6:4e:4f:7b:78:14:c9:10:76:02:5c:ee:78:
7f:c2:19:d9:49:d0:28:f9:68:0a:42:d2:26:81:07:
3f:58:42:85:77:30:16:a4:7f:b6:61:27:c8:7b:f8:
02:b7:39:63:48:59:8a:a3:3f:96:5c:0a:c3:9a:d0:
f8:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:A3:B0:08:7D:C7:CF:A9:DF:4B:35:DA:3A:77:C7:98:23:06:73:FF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G6OwCH3Hz6nfSzXaOnfHmCMGc_8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
73:19:9c:e8:03:71:9b:cc:6d:d9:06:c1:24:62:f9:14:f1:51:
88:1a:8a:ab:43:e5:74:44:77:18:cc:28:1b:ef:22:d4:ac:20:
6b:82:61:9e:ce:be:ba:60:5d:50:05:e4:d5:eb:e5:a9:82:d9:
85:a7:24:ee:ba:80:cf:09:26:14:c6:70:b0:96:56:54:0d:38:
4d:49:09:ae:06:c3:d0:08:3c:7d:9a:4e:97:1a:d0:d1:af:23:
d1:f2:f7:13:b8:22:5a:f1:eb:f2:ae:89:87:10:03:06:98:9d:
d1:1b:82:92:58:4d:7c:c6:48:34:0a:88:dc:59:b9:ff:86:dc:
2f:2b:96:98:c6:ca:ec:c6:e4:a5:7e:1a:f7:c0:7c:46:52:ac:
d6:0f:1d:78:03:19:71:24:47:aa:69:90:bb:01:ec:ab:ee:4d:
b6:b7:3b:e3:2a:8c:5f:da:55:8f:a7:a2:8b:e7:52:42:e7:f0:
a3:50:78:29:47:b5:ad:6e:53:8a:24:ee:45:b6:d0:69:b9:6c:
3f:8d:10:ae:0e:2e:bb:69:fd:fc:2f:00:11:50:e6:3e:76:b3:
1d:4e:37:2e:b7:7a:1a:6a:eb:61:11:5b:9a:e0:33:3a:fd:ce:
9c:39:7e:6f:55:02:76:c2:22:d7:01:00:0f:ce:58:aa:e7:9d:
c6:60:d4:6b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQy0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgw
MzUyNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFCQTNCMDA4N0RDN0NG
QTlERjRCMzVEQTNBNzdDNzk4MjMwNjczRkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDcuYS/nnCov0KSJexudDFJIh/uhhzKLQFcJoe9A9ZnvgAhBcTs
MpIHaGdp/hCjsEF5wiy5+EYVtsU6FmNdwJo7znTd0aNSJ+G7IZOnqI+kFk3A4qvQ
Mf9DFa8/jMvOg1EA4n3zMjfJo43ZKXAmp7Bv/+DX7X/wGkm0NsKF9uIJo3uwtpAQ
x8YbCy5N2kZEit3jGBv+S99+v2oYIflirZmvsTJYzDxYWyyqQrnge2IASHruX1CC
y6py5J0LJZSD14o9Beqcpk5Pe3gUyRB2AlzueH/CGdlJ0Cj5aApC0iaBBz9YQoV3
MBakf7ZhJ8h7+AK3OWNIWYqjP5ZcCsOa0Pi1AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUG6OwCH3Hz6nfSzXaOnfHmCMGc/8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0c2T3dDSDNIejZuZlN6
WGFPbmZIbUNNR2NfOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHMZnOgDcZvMbdkG
wSRi+RTxUYgaiqtD5XREdxjMKBvvItSsIGuCYZ7OvrpgXVAF5NXr5amC2YWnJO66
gM8JJhTGcLCWVlQNOE1JCa4Gw9AIPH2aTpca0NGvI9Hy9xO4Ilrx6/KuiYcQAwaY
ndEbgpJYTXzGSDQKiNxZuf+G3C8rlpjGyuzG5KV+GvfAfEZSrNYPHXgDGXEkR6pp
kLsB7KvuTba3O+MqjF/aVY+noovnUkLn8KNQeClHta1uU4ok7kW20Gm5bD+NEK4O
Lrtp/fwvABFQ5j52sx1ONy63ehpq62ERW5rgMzr9zpw5fm9VAnbCItcBAA/OWKrn
ncZg1Gs=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:04 2025 by rpki-client