Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-QqAZBLchO79oUJkxAEDvNoge4s.roa
File: -QqAZBLchO79oUJkxAEDvNoge4s.roa (raw, json)
Hash identifier: ah7BePzPvh0x6Pkkp62kXI8wyQ7QUzfIN6GnVdjMIhI=
Subject key identifier: F9:0A:80:64:12:DC:84:EE:FD:A1:42:64:C4:01:03:BC:DA:20:7B:8B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3BA1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-QqAZBLchO79oUJkxAEDvNoge4s.roa
Signing time: Mon 08 Apr 2024 02:22:32 +0000
ROA not before: Mon 08 Apr 2024 02:22:32 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15265 (0x3ba1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 02:22:32 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F90A806412DC84EEFDA14264C40103BCDA207B8B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:0b:a7:a6:81:b6:ce:1d:92:1f:a8:a6:51:f0:
20:f6:e9:fd:03:4f:f1:bc:49:48:30:f0:f7:ad:e1:
d6:e5:f1:58:1b:7d:7f:c1:b6:dc:c1:6c:96:b0:a6:
ba:8f:fe:8b:eb:31:e5:5f:6a:1c:54:d1:1a:e7:52:
f9:c8:64:a1:69:c7:81:66:de:09:b8:f3:0d:6c:55:
94:7a:59:6c:20:e9:42:8d:42:af:84:55:eb:6b:9e:
81:89:d0:a2:53:4d:be:b1:9a:24:5d:a5:c3:9d:62:
4e:f0:c3:e3:19:68:94:3e:ba:0a:c3:49:b2:fb:e5:
5e:bc:79:e1:13:d9:b8:4f:e8:36:f6:30:ee:53:60:
3c:e1:76:41:f3:02:be:80:e2:0b:71:ac:e8:51:01:
72:26:61:2b:e9:4c:95:9d:05:ae:18:eb:e6:c6:fb:
3c:b4:e4:b3:3d:9a:07:b3:61:d0:6b:1e:37:67:b5:
fb:76:3f:89:fd:99:b5:2c:8a:8f:d0:fd:bb:10:6f:
b7:24:29:97:e2:e1:a0:b7:45:60:96:18:db:2b:23:
20:8e:f7:3c:6d:f3:c9:a8:8b:86:74:7d:ac:12:88:
7c:33:fc:4f:76:67:89:56:99:d8:92:1b:65:67:59:
a5:87:63:58:ff:ee:bc:41:f5:8a:f2:22:e4:74:1f:
da:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:0A:80:64:12:DC:84:EE:FD:A1:42:64:C4:01:03:BC:DA:20:7B:8B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-QqAZBLchO79oUJkxAEDvNoge4s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
49:c4:4b:d9:73:1d:86:46:a7:98:2c:55:91:b4:2c:45:ed:00:
f8:84:8f:2f:cc:02:92:6c:01:a5:1f:85:e7:c9:e2:23:21:30:
a0:09:fe:33:57:91:28:dc:83:ae:2f:07:5d:ef:d4:d2:08:88:
26:e2:09:b2:56:0c:50:20:8e:2f:74:cc:8b:48:df:09:a9:be:
d6:1f:5b:bd:0f:3e:a2:f6:28:f1:c0:a7:fd:a3:b7:85:c0:16:
58:cc:75:c3:9f:4d:41:01:20:02:b1:4f:9c:b4:58:df:00:de:
01:b5:65:fc:c0:5a:8f:6a:98:35:d9:60:1e:44:56:c0:21:39:
75:e6:6c:dd:9a:26:66:b8:4d:16:b3:3c:5b:bd:d9:18:76:f4:
7e:d8:15:67:64:ea:7d:1c:ac:7b:43:89:c2:d7:94:ac:a4:b9:
69:49:f9:a6:b0:be:f4:2d:82:d4:ca:71:99:28:bd:8c:1e:79:
bc:6e:49:91:7d:7d:74:0b:dd:bf:3d:3a:4e:14:9b:1c:74:95:
4e:ce:7c:27:9b:af:d8:90:93:86:2f:fb:31:f6:5b:89:6d:99:
28:58:22:a9:c6:82:38:ac:4a:4f:78:67:51:34:e7:96:ff:8e:
a5:f9:1d:5b:22:84:40:cb:82:ce:83:0a:af:87:a8:fb:ba:f4:
61:0c:d3:d4
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICO6EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgw
MjIyMzJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY5MEE4MDY0MTJEQzg0
RUVGREExNDI2NEM0MDEwM0JDREEyMDdCOEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwC6emgbbOHZIfqKZR8CD26f0DT/G8SUgw8Pet4dbl8VgbfX/B
ttzBbJawprqP/ovrMeVfahxU0RrnUvnIZKFpx4Fm3gm48w1sVZR6WWwg6UKNQq+E
VetrnoGJ0KJTTb6xmiRdpcOdYk7ww+MZaJQ+ugrDSbL75V68eeET2bhP6Db2MO5T
YDzhdkHzAr6A4gtxrOhRAXImYSvpTJWdBa4Y6+bG+zy05LM9mgezYdBrHjdntft2
P4n9mbUsio/Q/bsQb7ckKZfi4aC3RWCWGNsrIyCO9zxt88moi4Z0fawSiHwz/E92
Z4lWmdiSG2VnWaWHY1j/7rxB9YryIuR0H9rZAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU+QqAZBLchO79oUJkxAEDvNoge4swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly1RcUFaQkxjaE83OW9V
Smt4QUVEdk5vZ2U0cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEnES9lzHYZGp5gs
VZG0LEXtAPiEjy/MApJsAaUfhefJ4iMhMKAJ/jNXkSjcg64vB13v1NIIiCbiCbJW
DFAgji90zItI3wmpvtYfW70PPqL2KPHAp/2jt4XAFljMdcOfTUEBIAKxT5y0WN8A
3gG1ZfzAWo9qmDXZYB5EVsAhOXXmbN2aJma4TRazPFu92Rh29H7YFWdk6n0crHtD
icLXlKykuWlJ+aawvvQtgtTKcZkovYweebxuSZF9fXQL3b89Ok4Umxx0lU7OfCeb
r9iQk4Yv+zH2W4ltmShYIqnGgjisSk94Z1E055b/jqX5HVsihEDLgs6DCq+HqPu6
9GEM09Q=
-----END CERTIFICATE-----
Generated at Sun May 18 09:52:53 2025 by rpki-client