Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/JGN9v_d5O6p9RMzPwvxwNBD2afw.roa
File: JGN9v_d5O6p9RMzPwvxwNBD2afw.roa (raw, json)
Hash identifier: Sjmwav1B7uzSVIYww30JVEbjpeys8ChMIYmdbmUhgu8=
Subject key identifier: 24:63:7D:BF:F7:79:3B:AA:7D:44:CC:CF:C2:FC:70:34:10:F6:69:FC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4BC1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JGN9v_d5O6p9RMzPwvxwNBD2afw.roa
Signing time: Mon 29 Apr 2024 14:23:29 +0000
ROA not before: Mon 29 Apr 2024 14:23:29 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19393 (0x4bc1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 14:23:29 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=24637DBFF7793BAA7D44CCCFC2FC703410F669FC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:de:13:19:f6:67:17:59:21:db:19:a2:a1:fa:
8d:9a:7f:4b:32:e9:c6:a3:7d:f8:ab:7c:89:1c:ba:
eb:79:7d:28:23:e0:64:87:28:cb:4d:8e:04:95:79:
c0:43:99:c2:05:09:92:1b:35:d9:3e:ea:44:64:e4:
d0:8a:ef:01:40:aa:71:d5:05:6b:db:f8:ed:da:5a:
cc:0d:2b:6d:47:9a:78:82:08:d6:59:6c:95:f3:40:
34:1d:96:5b:e0:01:bf:7b:bd:5c:87:27:82:25:ed:
31:f7:e6:21:83:cb:78:b1:19:d6:e9:b7:b8:18:4b:
8e:29:b1:b1:34:dc:ff:ae:ab:ec:71:02:6e:e5:27:
b3:91:20:5e:e6:9a:86:1b:27:44:9d:1f:80:6e:c5:
bf:26:03:73:7b:6d:1a:e0:88:7b:6f:b5:23:a2:36:
e7:2f:c4:33:a4:b7:1e:3a:9b:81:50:1b:f8:d6:ec:
c6:8c:2f:7a:b2:ad:ca:f2:cf:c0:06:5e:48:48:a1:
18:aa:de:e4:84:29:e2:ec:8f:98:be:83:ca:50:b5:
44:65:9a:f2:83:78:2f:d8:a9:7f:e7:5b:45:78:2a:
b5:15:2b:72:1c:09:6f:b0:3a:bf:d5:ba:d2:42:19:
09:b8:89:db:81:c4:b5:66:22:24:fb:39:d2:8a:fa:
7b:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:63:7D:BF:F7:79:3B:AA:7D:44:CC:CF:C2:FC:70:34:10:F6:69:FC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JGN9v_d5O6p9RMzPwvxwNBD2afw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
89:47:e1:17:43:eb:cb:ed:23:1e:db:05:fa:03:b1:01:31:ad:
7f:dd:33:0a:21:af:d9:e8:2a:cf:d3:7a:a7:6b:9e:22:8f:d8:
20:75:d3:dd:10:8a:d7:69:6e:c4:19:77:1a:9a:7b:c1:36:93:
6c:75:aa:cf:5a:02:e7:e9:25:7d:a2:af:e1:2c:8c:51:7b:6e:
8a:a7:b5:fe:02:3b:8b:8c:0e:9b:0b:0a:e3:e5:67:d8:e3:18:
c5:de:ae:da:c9:ac:cb:86:7a:a6:3b:49:83:d5:05:1b:be:7f:
b5:59:96:2f:02:d6:bf:b8:70:b7:33:e0:28:08:e3:1d:29:3f:
2d:94:b0:a1:20:40:17:ec:d0:7a:a0:6d:a9:44:70:5b:5e:d6:
a6:b2:50:dd:31:84:94:70:d3:4c:29:d7:77:c2:9d:93:7d:3d:
6b:83:f3:f3:4f:37:b3:9c:59:75:50:cb:32:ce:e5:d9:9d:f8:
53:8c:60:26:a2:0a:cc:fd:08:50:50:9f:11:22:0d:af:5a:2b:
46:d5:17:8c:0e:20:40:03:ce:78:6f:d7:aa:01:84:e7:12:c5:
52:b2:a3:ce:cc:36:03:8b:02:49:5c:dc:fd:24:95:04:0b:37:
43:a1:d7:27:b5:ed:b2:96:2b:3f:43:35:c3:1e:78:73:1c:a9:
f9:f0:5a:b8
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICS8EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkx
NDIzMjlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI0NjM3REJGRjc3OTNC
QUE3RDQ0Q0NDRkMyRkM3MDM0MTBGNjY5RkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCg3hMZ9mcXWSHbGaKh+o2af0sy6cajffirfIkcuut5fSgj4GSH
KMtNjgSVecBDmcIFCZIbNdk+6kRk5NCK7wFAqnHVBWvb+O3aWswNK21HmniCCNZZ
bJXzQDQdllvgAb97vVyHJ4Il7TH35iGDy3ixGdbpt7gYS44psbE03P+uq+xxAm7l
J7ORIF7mmoYbJ0SdH4Buxb8mA3N7bRrgiHtvtSOiNucvxDOktx46m4FQG/jW7MaM
L3qyrcryz8AGXkhIoRiq3uSEKeLsj5i+g8pQtURlmvKDeC/YqX/nW0V4KrUVK3Ic
CW+wOr/VutJCGQm4iduBxLVmIiT7OdKK+ntJAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUJGN9v/d5O6p9RMzPwvxwNBD2afwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0pHTjl2X2Q1TzZwOVJN
elB3dnh3TkJEMmFmdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIlH4RdD68vtIx7b
BfoDsQExrX/dMwohr9noKs/TeqdrniKP2CB1090QitdpbsQZdxqae8E2k2x1qs9a
AufpJX2ir+EsjFF7boqntf4CO4uMDpsLCuPlZ9jjGMXertrJrMuGeqY7SYPVBRu+
f7VZli8C1r+4cLcz4CgI4x0pPy2UsKEgQBfs0HqgbalEcFte1qayUN0xhJRw00wp
13fCnZN9PWuD8/NPN7OcWXVQyzLO5dmd+FOMYCaiCsz9CFBQnxEiDa9aK0bVF4wO
IEADznhv16oBhOcSxVKyo87MNgOLAklc3P0klQQLN0Oh1ye17bKWKz9DNcMeeHMc
qfnwWrg=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:07:45 2025 by rpki-client