Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hJXYeKBrMIMwkp5A4nmZ7pZ6TdY.roa
File: hJXYeKBrMIMwkp5A4nmZ7pZ6TdY.roa (raw, json)
Hash identifier: DWpC2YDgUmILj1kGMO11dGs2f97FtLYwkcoMucqnIbQ=
Subject key identifier: 84:95:D8:78:A0:6B:30:83:30:92:9E:40:E2:79:99:EE:96:7A:4D:D6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F81
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hJXYeKBrMIMwkp5A4nmZ7pZ6TdY.roa
Signing time: Sat 13 Apr 2024 06:22:48 +0000
ROA not before: Sat 13 Apr 2024 06:22:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16257 (0x3f81)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 06:22:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8495D878A06B308330929E40E27999EE967A4DD6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:69:3a:02:bc:cf:2f:00:f1:22:55:fd:e2:5e:
b2:33:99:65:19:02:d4:7c:e1:4d:68:94:a4:68:ee:
26:d1:1c:03:ee:17:c6:9d:33:67:e2:6e:e0:b8:76:
23:b2:d2:ca:47:61:41:bb:4f:cc:69:25:46:ca:0a:
52:0c:f7:d6:4d:4a:49:a7:e9:b5:f4:20:12:19:e1:
53:69:94:22:1e:91:04:9a:4b:27:ac:fd:2c:b7:ed:
9f:e0:d6:b1:e6:bf:e1:4f:18:7a:b0:bf:c0:fc:04:
d1:10:ad:15:62:dd:60:d8:5b:65:7b:48:4e:2d:18:
4d:80:32:9a:97:46:1a:4a:c2:51:38:99:86:82:8a:
82:43:a5:e1:b4:4a:2e:5e:85:6f:0e:cb:56:19:a7:
51:0d:3f:fd:40:3a:0f:58:b6:86:80:76:5b:e1:8a:
34:93:cf:f7:bf:25:c9:d3:8e:02:61:5d:82:2a:29:
5d:55:3e:57:5b:c3:d2:c1:15:68:9e:1f:a2:65:cb:
8a:24:9e:9b:80:3e:93:48:69:f2:b1:c8:14:31:5d:
f0:f4:e2:45:e4:30:bd:a7:bf:ee:ad:9f:fc:83:37:
6c:d0:e0:d9:1e:d4:fa:d1:8c:8a:64:48:17:42:52:
8c:27:37:e7:be:83:00:af:5f:4b:1e:f2:c3:e7:91:
fe:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:95:D8:78:A0:6B:30:83:30:92:9E:40:E2:79:99:EE:96:7A:4D:D6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hJXYeKBrMIMwkp5A4nmZ7pZ6TdY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b8:7a:64:9e:c7:ff:4e:9e:20:0c:74:38:fa:b3:15:a2:03:e6:
09:c7:7e:14:e3:4f:30:45:b5:d1:9f:ea:de:8d:46:bb:5c:82:
3f:2d:63:b4:29:80:35:80:28:4e:64:73:7d:1f:36:c6:35:ec:
7b:25:83:fb:eb:4e:63:39:82:95:8e:10:7f:d1:84:b9:22:2f:
62:26:34:91:ce:36:e9:4c:ec:b5:9e:c2:49:47:59:f6:a6:f1:
5c:ca:ba:c1:bd:c6:2f:d7:14:60:43:92:46:fa:2a:4e:69:72:
28:5f:a4:09:be:49:2a:0c:87:9e:3f:25:98:d7:3f:98:14:31:
fe:36:c0:09:c5:4a:77:47:f4:0d:23:87:eb:cd:e3:b3:3e:7c:
0c:f8:06:e7:f6:37:74:b5:81:ca:14:44:39:2a:4c:fb:90:fa:
15:5f:f5:60:d5:c9:9c:c2:d6:47:0d:08:17:66:0d:1c:58:86:
a5:8d:cc:f4:39:5d:e6:18:9e:7d:56:51:ff:57:9c:4a:7a:23:
b0:28:3c:c8:47:ef:62:81:0d:5e:4f:45:a4:28:bc:d2:5d:08:
3d:94:39:f0:cd:9b:da:2e:7a:12:6e:31:c0:39:66:72:15:ef:
27:d9:1a:75:3f:53:11:70:82:c6:be:69:68:bf:f5:9e:59:cf:
3e:58:40:d6
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICP4EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMw
NjIyNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg0OTVEODc4QTA2QjMw
ODMzMDkyOUU0MEUyNzk5OUVFOTY3QTRERDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwaToCvM8vAPEiVf3iXrIzmWUZAtR84U1olKRo7ibRHAPuF8ad
M2fibuC4diOy0spHYUG7T8xpJUbKClIM99ZNSkmn6bX0IBIZ4VNplCIekQSaSyes
/Sy37Z/g1rHmv+FPGHqwv8D8BNEQrRVi3WDYW2V7SE4tGE2AMpqXRhpKwlE4mYaC
ioJDpeG0Si5ehW8Oy1YZp1ENP/1AOg9YtoaAdlvhijSTz/e/JcnTjgJhXYIqKV1V
Pldbw9LBFWieH6Jly4oknpuAPpNIafKxyBQxXfD04kXkML2nv+6tn/yDN2zQ4Nke
1PrRjIpkSBdCUownN+e+gwCvX0se8sPnkf7PAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUhJXYeKBrMIMwkp5A4nmZ7pZ6TdYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hKWFllS0JyTUlNd2tw
NUE0bm1aN3BaNlRkWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALh6ZJ7H/06eIAx0
OPqzFaID5gnHfhTjTzBFtdGf6t6NRrtcgj8tY7QpgDWAKE5kc30fNsY17Hslg/vr
TmM5gpWOEH/RhLkiL2ImNJHONulM7LWewklHWfam8VzKusG9xi/XFGBDkkb6Kk5p
cihfpAm+SSoMh54/JZjXP5gUMf42wAnFSndH9A0jh+vN47M+fAz4Buf2N3S1gcoU
RDkqTPuQ+hVf9WDVyZzC1kcNCBdmDRxYhqWNzPQ5XeYYnn1WUf9XnEp6I7AoPMhH
72KBDV5PRaQovNJdCD2UOfDNm9ouehJuMcA5ZnIV7yfZGnU/UxFwgsa+aWi/9Z5Z
zz5YQNY=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:08:19 2025 by rpki-client