Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/S60tx9_xTT7TdDMtWdc1TPIe0-I.roa
File: S60tx9_xTT7TdDMtWdc1TPIe0-I.roa (raw, json)
Hash identifier: dU2jUKKuRDXB6QfDrv5S4Qtw++oTFO42cIRe8oJYKtI=
Subject key identifier: 4B:AD:2D:C7:DF:F1:4D:3E:D3:74:33:2D:59:D7:35:4C:F2:1E:D3:E2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3759
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S60tx9_xTT7TdDMtWdc1TPIe0-I.roa
Signing time: Tue 02 Apr 2024 09:22:13 +0000
ROA not before: Tue 02 Apr 2024 09:22:13 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14169 (0x3759)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 2 09:22:13 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4BAD2DC7DFF14D3ED374332D59D7354CF21ED3E2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:bc:dc:c8:c5:14:51:e6:4b:46:6f:05:3d:61:
47:5e:94:fe:8b:fb:3f:82:a1:8b:d4:aa:95:90:8f:
ad:4f:db:5c:ea:d8:42:d6:72:e8:7f:bf:b7:65:08:
28:69:1e:07:bb:a2:ad:90:c2:f6:f3:75:bc:f9:b3:
94:b2:3e:9e:f1:32:9d:9f:9b:23:fd:55:e1:f8:33:
9d:7f:ec:e0:78:ef:13:0d:e5:4b:66:3d:3e:79:3b:
4c:16:fc:5a:2d:f9:ca:04:22:f9:a2:b2:72:89:64:
0a:21:d0:17:21:91:a9:c1:6f:c7:70:c0:ba:f0:33:
cb:dd:f8:77:14:6b:24:17:73:0f:ef:a6:ea:8e:32:
ff:75:25:61:29:db:92:5e:b3:3b:0a:76:6c:30:8e:
9e:61:0d:01:ec:c9:a1:46:7a:5b:0b:24:01:88:ef:
0f:cb:0e:b2:ec:a9:5b:dd:29:13:58:0b:5b:01:39:
30:93:01:85:32:17:16:eb:76:23:1e:af:ba:f1:d2:
ad:b9:b7:04:b8:87:7b:75:cb:2b:c8:a0:46:70:89:
9f:64:2a:a1:7c:19:bf:c6:2a:20:a5:a4:dc:79:e9:
d8:52:2f:77:fc:d4:83:3a:45:8f:09:a1:71:d7:b2:
75:ad:af:83:23:bf:95:db:32:35:b8:0a:be:1d:5f:
ad:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:AD:2D:C7:DF:F1:4D:3E:D3:74:33:2D:59:D7:35:4C:F2:1E:D3:E2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S60tx9_xTT7TdDMtWdc1TPIe0-I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
64:10:3a:20:72:d2:07:41:57:16:04:af:7a:78:d5:38:d7:99:
01:8b:03:16:78:0e:f9:08:e6:8d:8c:5a:21:94:c7:69:ed:03:
7a:02:89:19:ba:aa:47:56:bd:d9:19:fd:da:4b:3e:4f:b5:ad:
f4:b6:08:c1:06:bd:31:26:00:ad:a1:6b:4c:12:d0:3f:40:ff:
33:41:fb:72:94:be:04:2c:92:bd:98:f7:62:6e:5a:a7:8c:be:
09:7a:4e:d6:6e:e9:7a:90:ab:ad:65:09:ad:6f:04:40:34:54:
32:24:1a:ae:b4:25:16:1f:e6:a1:1f:11:58:ae:21:c0:fb:5a:
9b:57:99:f6:9d:83:6f:62:8c:32:95:c2:8e:39:57:b5:99:d1:
a5:10:7d:e4:44:13:1a:8e:74:1a:dd:59:8c:fe:60:d5:14:84:
c0:62:18:02:c3:ab:6c:2f:77:8a:ee:83:ba:ce:93:9d:37:3e:
d9:07:75:7c:48:8b:5d:1f:0d:26:5e:f9:10:94:05:2a:23:a1:
93:8f:4a:09:f5:1e:0f:61:7a:ad:6f:bd:c7:12:8b:12:79:48:
86:e8:bd:68:cb:4c:c2:1f:dd:e2:a3:dd:82:e2:6a:94:02:5b:
b9:e5:8c:3d:d1:77:0b:73:9d:9b:e8:43:ba:4a:32:44:1d:63:
f4:8a:2b:6c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICN1kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDIw
OTIyMTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRCQUQyREM3REZGMTRE
M0VEMzc0MzMyRDU5RDczNTRDRjIxRUQzRTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNvNzIxRRR5ktGbwU9YUdelP6L+z+CoYvUqpWQj61P21zq2ELW
cuh/v7dlCChpHge7oq2Qwvbzdbz5s5SyPp7xMp2fmyP9VeH4M51/7OB47xMN5Utm
PT55O0wW/Fot+coEIvmisnKJZAoh0BchkanBb8dwwLrwM8vd+HcUayQXcw/vpuqO
Mv91JWEp25JeszsKdmwwjp5hDQHsyaFGelsLJAGI7w/LDrLsqVvdKRNYC1sBOTCT
AYUyFxbrdiMer7rx0q25twS4h3t1yyvIoEZwiZ9kKqF8Gb/GKiClpNx56dhSL3f8
1IM6RY8JoXHXsnWtr4Mjv5XbMjW4Cr4dX63lAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUS60tx9/xTT7TdDMtWdc1TPIe0+IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1M2MHR4OV94VFQ3VGRE
TXRXZGMxVFBJZTAtSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGQQOiBy0gdBVxYE
r3p41TjXmQGLAxZ4DvkI5o2MWiGUx2ntA3oCiRm6qkdWvdkZ/dpLPk+1rfS2CMEG
vTEmAK2ha0wS0D9A/zNB+3KUvgQskr2Y92JuWqeMvgl6TtZu6XqQq61lCa1vBEA0
VDIkGq60JRYf5qEfEViuIcD7WptXmfadg29ijDKVwo45V7WZ0aUQfeREExqOdBrd
WYz+YNUUhMBiGALDq2wvd4rug7rOk503PtkHdXxIi10fDSZe+RCUBSojoZOPSgn1
Hg9heq1vvccSixJ5SIbovWjLTMIf3eKj3YLiapQCW7nljD3RdwtznZvoQ7pKMkQd
Y/SKK2w=
-----END CERTIFICATE-----
Generated at Thu Jun 5 19:15:11 2025 by rpki-client