Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rfFomH7fpEY5rvuhKr26scM4Gb0.roa
File: rfFomH7fpEY5rvuhKr26scM4Gb0.roa (raw, json)
Hash identifier: BNDkO1YU/j/5syT1CJx0CaoHz6C0cyvXLSHUsK8pulQ=
Subject key identifier: AD:F1:68:98:7E:DF:A4:46:39:AE:FB:A1:2A:BD:BA:B1:C3:38:19:BD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 33FD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rfFomH7fpEY5rvuhKr26scM4Gb0.roa
Signing time: Thu 28 Mar 2024 21:52:09 +0000
ROA not before: Thu 28 Mar 2024 21:52:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13309 (0x33fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 21:52:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ADF168987EDFA44639AEFBA12ABDBAB1C33819BD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:e1:32:cb:d9:a1:5d:45:f5:21:d9:62:71:5e:
50:da:de:18:b3:58:22:6f:1f:35:c3:b1:0b:2f:5e:
60:d3:b9:c8:2b:d1:d6:c4:a0:a6:96:9b:31:40:c3:
fe:4c:6f:f8:39:a8:5a:13:49:d2:3f:71:7d:2e:56:
93:8b:52:93:8a:27:69:25:c0:41:1e:27:61:89:44:
af:9c:eb:81:0e:6b:0f:01:68:10:67:86:8d:12:87:
22:6d:b3:31:a1:01:60:5b:07:b0:28:be:b9:a7:e8:
bc:9e:ad:3e:51:7d:6d:eb:ad:18:6c:18:1d:3f:89:
eb:1a:6a:4d:3d:39:09:2b:7d:66:9a:a8:3a:76:35:
f3:56:c2:71:6a:64:24:79:83:c8:ab:c2:84:39:2a:
db:b4:35:ac:46:34:05:2f:f3:e4:d5:ba:25:dc:e0:
5b:77:fc:be:52:1a:37:a8:21:d0:5a:f6:bc:fa:02:
11:9b:e1:cc:6b:68:63:db:fc:74:be:4b:40:3d:30:
69:d6:5d:0e:cc:2a:58:db:04:3d:dc:f4:65:f1:90:
40:8e:df:5c:3c:95:4e:ee:3c:08:75:c6:f4:ca:98:
0c:a0:34:a1:6d:36:6c:53:02:a8:c6:9d:5c:13:a1:
28:31:b0:9f:12:85:5a:70:a9:6f:60:b0:28:b8:1c:
55:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:F1:68:98:7E:DF:A4:46:39:AE:FB:A1:2A:BD:BA:B1:C3:38:19:BD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rfFomH7fpEY5rvuhKr26scM4Gb0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
29:97:61:52:0c:0d:01:12:5c:13:28:da:68:74:58:88:89:fb:
f5:82:43:81:ab:ec:c4:49:d6:7d:ee:47:cd:59:c0:3e:ef:02:
0f:ab:e7:93:08:45:3c:77:7b:50:af:71:85:91:b7:59:c5:31:
d0:51:0f:ae:6b:9e:00:77:8e:f6:fb:dc:e8:93:0a:be:5e:e9:
4a:b4:08:30:c9:4b:1b:b8:85:51:a4:c6:6b:2a:a0:5f:ef:96:
d6:6f:aa:ee:20:23:a6:5a:f1:5b:5f:19:d3:ed:9c:a0:73:43:
30:c5:f7:ed:d2:ee:b2:16:fd:c4:6a:f8:d5:3c:1b:b4:52:27:
7c:31:aa:09:66:13:0e:a8:5e:37:d1:08:59:d5:b4:63:d7:46:
68:74:f6:6e:81:8d:23:d2:e7:9d:0a:aa:4a:47:99:17:da:4d:
67:ad:e5:63:a9:6d:61:13:f6:3d:ca:6c:9e:42:49:6d:58:66:
d4:48:d1:ae:b2:09:e4:b4:c5:ec:43:9b:7c:57:db:b1:eb:a0:
d1:69:47:8a:a2:94:46:93:8b:30:41:f0:2c:5b:08:e5:b3:be:
f3:96:8e:2c:5f:ce:2b:8f:a0:47:40:e3:88:e0:c4:a8:7d:4f:
1e:c1:8f:66:85:c9:16:31:62:4a:d7:d0:3d:ed:54:e6:6f:8f:
6a:bd:60:84
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICM/0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgy
MTUyMDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFERjE2ODk4N0VERkE0
NDYzOUFFRkJBMTJBQkRCQUIxQzMzODE5QkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCf4TLL2aFdRfUh2WJxXlDa3hizWCJvHzXDsQsvXmDTucgr0dbE
oKaWmzFAw/5Mb/g5qFoTSdI/cX0uVpOLUpOKJ2klwEEeJ2GJRK+c64EOaw8BaBBn
ho0ShyJtszGhAWBbB7Aovrmn6LyerT5RfW3rrRhsGB0/iesaak09OQkrfWaaqDp2
NfNWwnFqZCR5g8irwoQ5Ktu0NaxGNAUv8+TVuiXc4Ft3/L5SGjeoIdBa9rz6AhGb
4cxraGPb/HS+S0A9MGnWXQ7MKljbBD3c9GXxkECO31w8lU7uPAh1xvTKmAygNKFt
NmxTAqjGnVwToSgxsJ8ShVpwqW9gsCi4HFXJAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUrfFomH7fpEY5rvuhKr26scM4Gb0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JmRm9tSDdmcEVZNXJ2
dWhLcjI2c2NNNEdiMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACmXYVIMDQESXBMo
2mh0WIiJ+/WCQ4Gr7MRJ1n3uR81ZwD7vAg+r55MIRTx3e1CvcYWRt1nFMdBRD65r
ngB3jvb73OiTCr5e6Uq0CDDJSxu4hVGkxmsqoF/vltZvqu4gI6Za8VtfGdPtnKBz
QzDF9+3S7rIW/cRq+NU8G7RSJ3wxqglmEw6oXjfRCFnVtGPXRmh09m6BjSPS550K
qkpHmRfaTWet5WOpbWET9j3KbJ5CSW1YZtRI0a6yCeS0xexDm3xX27HroNFpR4qi
lEaTizBB8CxbCOWzvvOWjixfziuPoEdA44jgxKh9Tx7Bj2aFyRYxYkrX0D3tVOZv
j2q9YIQ=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:20 2025 by rpki-client