Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OIPKdGsZ4K2i_rgQ1R7DYQL9xZE.roa
File: OIPKdGsZ4K2i_rgQ1R7DYQL9xZE.roa (raw, json)
Hash identifier: /ahXUIRvq8AJURIOTaqpJhYZ6xHelaWFMSQoDRO4x0g=
Subject key identifier: 38:83:CA:74:6B:19:E0:AD:A2:FE:B8:10:D5:1E:C3:61:02:FD:C5:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 44B9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OIPKdGsZ4K2i_rgQ1R7DYQL9xZE.roa
Signing time: Sat 20 Apr 2024 05:23:04 +0000
ROA not before: Sat 20 Apr 2024 05:23:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17593 (0x44b9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 05:23:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3883CA746B19E0ADA2FEB810D51EC36102FDC591
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:28:64:0d:93:18:95:fc:e7:c4:91:5b:83:6f:
30:b4:5c:ff:71:3d:59:f7:84:7c:9e:66:be:e5:ff:
15:0c:b6:5b:50:8f:2e:72:87:11:01:c3:55:96:fc:
97:62:58:38:b0:6d:40:be:27:e6:7d:fd:74:16:c1:
3c:98:2e:f5:c6:4e:9a:5a:b4:97:02:e6:8a:dd:dd:
18:ed:f6:40:b1:24:d8:c2:a7:3f:6b:ec:41:33:b4:
23:84:a6:42:6b:c4:7c:b3:bd:2f:66:29:7b:09:35:
2e:07:97:06:02:62:79:70:d3:01:70:41:d7:3e:85:
0e:e5:2e:7c:ee:34:c4:38:0d:88:36:73:2c:07:d9:
4e:3e:fc:5b:89:ca:f3:e2:a4:3d:8d:a8:9d:5a:6c:
ba:fb:f4:e3:c9:68:ad:68:22:44:cf:12:2c:49:00:
8b:34:e8:48:cd:bc:ff:e9:c2:da:0c:7a:5f:b8:ba:
eb:e7:c2:cb:b6:ec:24:47:84:1f:74:d4:1f:dc:2c:
18:23:15:cf:ac:91:e9:91:61:e5:73:f1:00:27:17:
b4:dd:20:0b:e8:d5:e8:82:49:74:e7:5a:dd:53:bf:
47:44:39:d6:68:0b:ee:7f:dc:d3:ef:a5:1d:4c:12:
19:88:9d:72:8c:2c:bc:70:33:c6:4c:ce:a8:5b:fc:
22:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:83:CA:74:6B:19:E0:AD:A2:FE:B8:10:D5:1E:C3:61:02:FD:C5:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OIPKdGsZ4K2i_rgQ1R7DYQL9xZE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
6e:cf:57:64:0e:9a:13:96:e8:5a:b7:e5:37:1b:60:f9:e9:0c:
48:5d:ae:8c:24:e6:43:39:39:05:6d:22:ed:c8:a4:be:4a:02:
6f:9a:53:10:c7:67:4d:03:ff:e9:74:29:4c:fc:b5:41:ce:33:
9e:19:b6:1d:e4:ca:8e:71:8a:81:5b:71:5c:e5:ef:6b:02:eb:
80:bb:dc:47:b6:3b:9d:fc:34:a0:8f:db:fc:12:e3:c6:03:56:
89:5a:4f:b8:d4:1e:dd:d8:22:29:2e:a2:d3:79:94:3f:bd:6e:
a6:75:20:fe:1e:e8:46:0c:cf:86:7a:31:a9:9d:5b:8e:c2:c8:
eb:c1:b8:2c:c5:08:84:e6:af:c0:17:07:2d:5f:8e:11:41:d2:
d1:ff:ac:2a:3c:1c:e3:87:14:26:83:3f:9b:c3:80:34:40:6d:
79:aa:b8:1d:84:db:f0:b9:86:62:ef:9f:d7:27:0c:59:19:7f:
5d:1c:6d:55:71:21:4d:d5:4f:67:d1:0c:5f:34:e2:9d:b4:50:
8e:51:21:c2:f3:b0:2f:b4:4f:6d:50:66:45:e6:49:f5:c8:30:
a0:66:ad:4d:54:e9:5d:4b:f7:e3:cc:b8:9b:00:8c:22:7b:b5:
c7:63:70:92:f3:85:44:e2:87:25:ac:f6:10:cf:dd:2b:c6:a7:
48:34:65:3e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRLkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAw
NTIzMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM4ODNDQTc0NkIxOUUw
QURBMkZFQjgxMEQ1MUVDMzYxMDJGREM1OTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCUKGQNkxiV/OfEkVuDbzC0XP9xPVn3hHyeZr7l/xUMtltQjy5y
hxEBw1WW/JdiWDiwbUC+J+Z9/XQWwTyYLvXGTppatJcC5ord3Rjt9kCxJNjCpz9r
7EEztCOEpkJrxHyzvS9mKXsJNS4HlwYCYnlw0wFwQdc+hQ7lLnzuNMQ4DYg2cywH
2U4+/FuJyvPipD2NqJ1abLr79OPJaK1oIkTPEixJAIs06EjNvP/pwtoMel+4uuvn
wsu27CRHhB901B/cLBgjFc+skemRYeVz8QAnF7TdIAvo1eiCSXTnWt1Tv0dEOdZo
C+5/3NPvpR1MEhmInXKMLLxwM8ZMzqhb/CKBAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUOIPKdGsZ4K2i/rgQ1R7DYQL9xZEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09JUEtkR3NaNEsyaV9y
Z1ExUjdEWVFMOXhaRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAG7PV2QOmhOW6Fq3
5TcbYPnpDEhdrowk5kM5OQVtIu3IpL5KAm+aUxDHZ00D/+l0KUz8tUHOM54Zth3k
yo5xioFbcVzl72sC64C73Ee2O538NKCP2/wS48YDVolaT7jUHt3YIikuotN5lD+9
bqZ1IP4e6EYMz4Z6MamdW47CyOvBuCzFCITmr8AXBy1fjhFB0tH/rCo8HOOHFCaD
P5vDgDRAbXmquB2E2/C5hmLvn9cnDFkZf10cbVVxIU3VT2fRDF804p20UI5RIcLz
sC+0T21QZkXmSfXIMKBmrU1U6V1L9+PMuJsAjCJ7tcdjcJLzhUTihyWs9hDP3SvG
p0g0ZT4=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:55:35 2025 by rpki-client