Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/r4kJUhDfXXwcPDu64WCBNQKq1i0.roa
File: r4kJUhDfXXwcPDu64WCBNQKq1i0.roa (raw, json)
Hash identifier: XF5a+nODhWW4EwUCKWh4DoXL8okCMXQt2+D5v01fyTk=
Subject key identifier: AF:89:09:52:10:DF:5D:7C:1C:3C:3B:BA:E1:60:81:35:02:AA:D6:2D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E15
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/r4kJUhDfXXwcPDu64WCBNQKq1i0.roa
Signing time: Thu 11 Apr 2024 08:52:44 +0000
ROA not before: Thu 11 Apr 2024 08:52:44 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15893 (0x3e15)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 08:52:44 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AF89095210DF5D7C1C3C3BBAE160813502AAD62D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:d0:3d:00:2f:88:3c:cc:7e:4d:2f:1e:31:62:
8f:46:75:16:16:90:a1:d1:c3:41:1d:9d:ec:77:e9:
a6:0d:41:4a:3f:be:cb:28:15:08:dc:bf:4e:0b:a6:
91:96:0c:7d:66:e9:f2:f7:d5:f4:5f:b9:4c:fe:96:
2c:bc:fe:85:ac:33:ed:f0:66:f4:9f:68:6f:ee:01:
84:6f:53:57:37:a3:74:47:49:7b:35:a3:82:46:f1:
18:e6:be:2f:91:3c:36:65:18:77:a5:3f:42:90:8a:
15:b0:0d:f2:fc:01:ee:d4:0f:62:89:50:0c:36:6b:
e1:d4:cd:aa:02:16:e7:38:42:67:fb:48:c9:5d:6a:
bf:f0:eb:ff:bf:1b:07:5c:e3:8f:03:d1:98:09:c3:
3b:84:42:46:80:d2:dc:c6:5d:69:e8:e6:24:6b:84:
e8:1d:86:1a:f3:23:24:43:a1:10:0a:7d:03:d0:c2:
b5:6c:37:1e:dc:7c:85:c6:50:5d:21:a6:1a:0f:cf:
1a:0a:2e:b9:ed:be:42:7c:4d:da:e7:f1:0d:06:4e:
de:94:ee:b0:1d:d8:9b:17:66:9e:b8:23:97:8a:cb:
93:62:00:40:b3:0d:05:9e:44:83:95:55:8a:0a:41:
83:47:24:fc:fa:36:54:48:80:19:cb:19:07:7e:15:
8d:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:89:09:52:10:DF:5D:7C:1C:3C:3B:BA:E1:60:81:35:02:AA:D6:2D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/r4kJUhDfXXwcPDu64WCBNQKq1i0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b2:11:9b:5d:7c:51:08:69:ff:8a:f1:11:b1:65:91:34:13:e6:
6e:e8:98:55:56:e1:31:eb:78:2d:98:d7:4a:17:6b:07:4d:59:
59:86:2f:ee:93:70:8f:47:cf:2b:22:18:3c:73:4f:9c:54:10:
0c:b6:02:7b:d6:24:1e:65:61:9a:a8:4e:2a:f8:54:f2:45:33:
2f:dd:07:97:52:c8:d2:db:c6:e1:1d:29:f3:29:98:2b:4c:41:
50:39:0b:09:38:02:82:4e:d3:96:39:28:cb:10:a3:71:88:bd:
ac:d9:d1:b1:c0:c2:7e:53:c6:23:67:f7:6d:9c:fe:2c:e8:a9:
ef:24:00:a8:d8:cb:49:63:40:2d:6d:ef:8e:16:ae:ff:4c:5b:
20:64:9c:21:ff:20:7e:69:0d:21:b6:d5:fd:58:5e:2e:a0:fd:
87:ad:f9:70:59:c2:2a:02:80:34:60:ce:11:dc:ea:a2:95:d2:
e6:c1:57:48:9f:d8:c0:9f:c6:d8:26:3b:ca:99:45:59:40:ca:
1c:d5:16:3b:62:0c:c5:76:22:aa:06:d5:57:2e:c5:21:96:17:
d2:e2:ab:93:a0:61:66:4f:b6:77:e5:16:02:ab:63:d3:fb:81:
93:42:34:89:06:75:1c:ee:8d:04:a0:7f:a8:c3:c6:6d:98:14:
28:96:15:0d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPhUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEw
ODUyNDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFGODkwOTUyMTBERjVE
N0MxQzNDM0JCQUUxNjA4MTM1MDJBQUQ2MkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDP0D0AL4g8zH5NLx4xYo9GdRYWkKHRw0Ednex36aYNQUo/vsso
FQjcv04LppGWDH1m6fL31fRfuUz+liy8/oWsM+3wZvSfaG/uAYRvU1c3o3RHSXs1
o4JG8Rjmvi+RPDZlGHelP0KQihWwDfL8Ae7UD2KJUAw2a+HUzaoCFuc4Qmf7SMld
ar/w6/+/Gwdc448D0ZgJwzuEQkaA0tzGXWno5iRrhOgdhhrzIyRDoRAKfQPQwrVs
Nx7cfIXGUF0hphoPzxoKLrntvkJ8Tdrn8Q0GTt6U7rAd2JsXZp64I5eKy5NiAECz
DQWeRIOVVYoKQYNHJPz6NlRIgBnLGQd+FY3TAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUr4kJUhDfXXwcPDu64WCBNQKq1i0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3I0a0pVaERmWFh3Y1BE
dTY0V0NCTlFLcTFpMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALIRm118UQhp/4rx
EbFlkTQT5m7omFVW4THreC2Y10oXawdNWVmGL+6TcI9HzysiGDxzT5xUEAy2AnvW
JB5lYZqoTir4VPJFMy/dB5dSyNLbxuEdKfMpmCtMQVA5Cwk4AoJO05Y5KMsQo3GI
vazZ0bHAwn5TxiNn922c/izoqe8kAKjYy0ljQC1t744Wrv9MWyBknCH/IH5pDSG2
1f1YXi6g/Yet+XBZwioCgDRgzhHc6qKV0ubBV0if2MCfxtgmO8qZRVlAyhzVFjti
DMV2IqoG1VcuxSGWF9Liq5OgYWZPtnflFgKrY9P7gZNCNIkGdRzujQSgf6jDxm2Y
FCiWFQ0=
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:20:59 2025 by rpki-client