Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/IBkxUoAnY_QBPsCiDNRPyEMekH4.roa
File: IBkxUoAnY_QBPsCiDNRPyEMekH4.roa (raw, json)
Hash identifier: 8RrwLa34Jfa5mcPEScQUgttJU1IShwRORSTv71TZI1E=
Subject key identifier: 20:19:31:52:80:27:63:F4:01:3E:C0:A2:0C:D4:4F:C8:43:1E:90:7E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 44E5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IBkxUoAnY_QBPsCiDNRPyEMekH4.roa
Signing time: Sat 20 Apr 2024 10:53:06 +0000
ROA not before: Sat 20 Apr 2024 10:53:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17637 (0x44e5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 10:53:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=20193152802763F4013EC0A20CD44FC8431E907E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:fe:01:9d:87:8b:ac:fb:dd:8a:d2:cb:5e:7a:
62:e4:c7:8f:10:39:bb:9a:82:87:c3:72:ab:65:0c:
7f:60:f8:61:fa:a7:60:ab:65:fc:a1:f8:9e:1c:f1:
3a:0b:ce:ca:e7:a7:bf:6e:a2:3e:58:e1:ba:76:bc:
35:63:36:56:5a:62:6a:71:2b:c7:4a:28:bc:47:35:
41:a4:6a:24:92:4d:8b:49:0b:d4:42:36:be:4f:c7:
4f:19:30:14:6e:c1:7f:f2:c9:b2:a5:0f:21:fb:3f:
9a:d2:99:f1:07:c9:e0:99:63:27:62:85:13:a3:f1:
5a:ca:2e:5b:89:bd:cc:c6:62:73:60:1f:22:5d:4f:
e8:91:4a:c9:7c:a3:1c:c4:cd:fd:f4:bf:16:e5:0e:
af:60:cf:29:c5:7c:d4:1e:b2:78:31:3b:42:6e:6c:
32:4c:32:1d:e9:10:22:bf:34:93:d4:5b:a7:2d:0c:
7b:36:21:cd:ef:45:2b:af:9a:9c:f7:21:09:5c:61:
06:42:65:ed:52:bf:d5:67:b3:67:71:db:5d:9b:20:
34:51:26:91:f6:2c:b9:30:d6:5c:14:ef:5d:24:0e:
c0:09:fd:3a:a5:06:22:bd:08:69:e7:68:3a:e2:16:
e1:ba:33:b2:2e:2c:7e:68:02:3a:6e:a8:35:bd:87:
dc:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:19:31:52:80:27:63:F4:01:3E:C0:A2:0C:D4:4F:C8:43:1E:90:7E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IBkxUoAnY_QBPsCiDNRPyEMekH4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
2c:27:27:a3:54:96:36:5a:9e:6d:a5:68:f7:85:64:c0:7f:a2:
43:16:32:9c:3c:6e:7c:b1:8d:14:a9:59:32:e8:e7:46:14:7d:
6f:ad:e3:3f:49:02:90:43:0f:01:c0:99:0b:0e:79:4b:22:a7:
99:4d:37:7a:5a:bc:e1:26:c2:1d:74:0b:1f:ea:65:7a:90:c0:
e0:a2:d6:23:01:89:c9:bd:66:12:84:c8:69:31:9d:44:f1:ec:
b2:72:9f:59:a8:7c:49:41:ad:09:ae:8e:4b:76:df:5f:19:3e:
df:3b:91:4e:2d:2e:de:68:12:f9:b1:8b:d2:86:72:4c:db:2c:
85:ad:a5:15:bb:63:64:50:db:5c:eb:be:ff:ab:c2:5a:6d:4c:
f0:e1:a5:44:3d:b3:20:bd:2d:fa:77:80:fb:af:81:85:a3:4f:
32:36:44:24:35:65:a5:16:5e:dd:09:fd:c7:48:8e:cd:72:f9:
76:49:29:ac:a8:cf:e4:81:93:97:38:2b:03:57:58:09:fe:e1:
c4:5c:15:88:9e:21:5b:58:71:d7:dc:e4:33:e3:b7:23:ee:08:
98:ac:34:69:e3:2b:4e:63:ce:8e:a5:61:bb:10:cd:3d:c8:4e:
1c:ac:07:a9:42:d6:5a:56:43:e6:11:c3:37:19:ea:24:7b:e3:
63:c7:db:2d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICROUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAx
MDUzMDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIwMTkzMTUyODAyNzYz
RjQwMTNFQzBBMjBDRDQ0RkM4NDMxRTkwN0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDb/gGdh4us+92K0steemLkx48QObuagofDcqtlDH9g+GH6p2Cr
Zfyh+J4c8ToLzsrnp79uoj5Y4bp2vDVjNlZaYmpxK8dKKLxHNUGkaiSSTYtJC9RC
Nr5Px08ZMBRuwX/yybKlDyH7P5rSmfEHyeCZYydihROj8VrKLluJvczGYnNgHyJd
T+iRSsl8oxzEzf30vxblDq9gzynFfNQesngxO0JubDJMMh3pECK/NJPUW6ctDHs2
Ic3vRSuvmpz3IQlcYQZCZe1Sv9Vns2dx212bIDRRJpH2LLkw1lwU710kDsAJ/Tql
BiK9CGnnaDriFuG6M7IuLH5oAjpuqDW9h9wtAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUIBkxUoAnY/QBPsCiDNRPyEMekH4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0lCa3hVb0FuWV9RQlBz
Q2lETlJQeUVNZWtINC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACwnJ6NUljZanm2l
aPeFZMB/okMWMpw8bnyxjRSpWTLo50YUfW+t4z9JApBDDwHAmQsOeUsip5lNN3pa
vOEmwh10Cx/qZXqQwOCi1iMBicm9ZhKEyGkxnUTx7LJyn1mofElBrQmujkt2318Z
Pt87kU4tLt5oEvmxi9KGckzbLIWtpRW7Y2RQ21zrvv+rwlptTPDhpUQ9syC9Lfp3
gPuvgYWjTzI2RCQ1ZaUWXt0J/cdIjs1y+XZJKayoz+SBk5c4KwNXWAn+4cRcFYie
IVtYcdfc5DPjtyPuCJisNGnjK05jzo6lYbsQzT3IThysB6lC1lpWQ+YRwzcZ6iR7
42PH2y0=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:33 2025 by rpki-client