Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0iCsmVU6o2DNwpssymMQnJhQfC0.roa
File: 0iCsmVU6o2DNwpssymMQnJhQfC0.roa (raw, json)
Hash identifier: Rdvg6BTaRDjrJC1D9uvV5eGhCOI/ch5Zs5qyDtt/b8c=
Subject key identifier: D2:20:AC:99:55:3A:A3:60:CD:C2:9B:2C:CA:63:10:9C:98:50:7C:2D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3509
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0iCsmVU6o2DNwpssymMQnJhQfC0.roa
Signing time: Sat 30 Mar 2024 07:22:09 +0000
ROA not before: Sat 30 Mar 2024 07:22:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13577 (0x3509)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 07:22:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D220AC99553AA360CDC29B2CCA63109C98507C2D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:d4:6a:4b:48:e6:40:95:4f:55:ea:ce:67:e7:
a1:f5:e7:5d:58:28:ed:52:88:67:f9:fb:73:77:09:
fe:2d:4d:b5:98:b1:10:af:34:a8:4f:cd:e4:bb:3b:
20:08:a5:84:e8:ad:3a:53:59:71:da:f6:3f:a9:a4:
52:46:b4:6c:b4:91:ca:08:f1:bb:3b:a6:39:d3:40:
fc:37:28:60:77:45:e3:74:83:86:50:0d:d7:25:fe:
62:4a:cf:d9:51:31:0f:4b:8f:ff:93:49:fb:03:68:
0b:e0:dd:20:61:bd:18:ba:8e:b9:f7:6d:54:91:b3:
c8:bc:d2:95:a6:0b:a8:f4:f7:5e:94:f8:c7:c7:cb:
61:07:5a:4f:74:90:b3:a7:fd:d5:3d:f1:8a:46:60:
f5:9d:18:82:d4:e3:3f:e2:37:bf:14:8d:97:56:f9:
3f:76:40:bb:d6:18:42:c5:0f:93:a0:db:38:a5:96:
76:da:ec:6b:59:cd:5c:f4:19:9f:f3:b2:b4:65:c9:
ff:8f:f2:ee:a0:29:52:16:4d:2c:be:72:75:0c:20:
78:ea:63:10:9e:ab:97:05:01:9e:ac:b4:97:16:11:
aa:78:ed:c0:75:65:d4:8f:1f:51:2d:47:8f:5a:f8:
dc:3b:e9:b8:5d:3d:e9:43:2a:f1:85:3f:19:60:85:
db:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:20:AC:99:55:3A:A3:60:CD:C2:9B:2C:CA:63:10:9C:98:50:7C:2D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0iCsmVU6o2DNwpssymMQnJhQfC0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
6e:8b:c6:04:6b:37:4e:08:7e:b6:de:da:10:d6:50:09:86:2c:
63:fa:04:77:3e:da:44:44:84:06:16:ae:96:c5:9e:8d:35:c5:
8f:7f:9d:5b:37:df:47:ec:4d:6d:e0:01:d3:30:39:a8:a0:0a:
c5:d0:34:ec:fe:f6:fe:5e:fc:b1:df:92:80:57:e6:48:6d:22:
90:f5:b2:f6:4a:1e:d3:9b:28:91:77:9e:40:f4:85:e9:08:c1:
66:53:16:09:3f:4b:7b:f9:7b:01:3a:50:c6:9c:1e:15:36:b4:
0d:3f:85:2d:8c:16:bf:b6:97:d4:1a:3e:8e:f2:1d:a0:9b:83:
5b:71:c3:10:cb:75:29:46:b1:49:58:fd:11:fc:01:d0:08:dc:
90:9a:07:50:9d:a6:54:f5:f6:b8:45:ec:e4:17:86:69:dc:83:
69:21:b7:97:7c:ca:73:d9:5b:4a:e0:79:58:76:70:12:6f:bc:
fd:c6:54:99:2c:f3:89:de:77:d2:48:69:54:98:4e:ba:39:fd:
26:81:4f:56:ec:c2:77:f8:c0:19:f6:b3:43:26:a0:ec:c9:35:
e3:96:01:3e:8d:ee:5b:08:4f:41:2b:e9:07:7a:08:16:ad:17:
41:9e:16:7f:13:91:86:77:a4:d4:0c:40:ef:8c:bc:a0:44:83:
52:76:dc:71
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNQkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAw
NzIyMDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQyMjBBQzk5NTUzQUEz
NjBDREMyOUIyQ0NBNjMxMDlDOTg1MDdDMkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDD1GpLSOZAlU9V6s5n56H1511YKO1SiGf5+3N3Cf4tTbWYsRCv
NKhPzeS7OyAIpYTorTpTWXHa9j+ppFJGtGy0kcoI8bs7pjnTQPw3KGB3ReN0g4ZQ
Ddcl/mJKz9lRMQ9Lj/+TSfsDaAvg3SBhvRi6jrn3bVSRs8i80pWmC6j0916U+MfH
y2EHWk90kLOn/dU98YpGYPWdGILU4z/iN78UjZdW+T92QLvWGELFD5Og2zillnba
7GtZzVz0GZ/zsrRlyf+P8u6gKVIWTSy+cnUMIHjqYxCeq5cFAZ6stJcWEap47cB1
ZdSPH1EtR49a+Nw76bhdPelDKvGFPxlghdshAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU0iCsmVU6o2DNwpssymMQnJhQfC0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBpQ3NtVlU2bzJETndw
c3N5bU1RbkpoUWZDMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAG6LxgRrN04Ifrbe
2hDWUAmGLGP6BHc+2kREhAYWrpbFno01xY9/nVs330fsTW3gAdMwOaigCsXQNOz+
9v5e/LHfkoBX5khtIpD1svZKHtObKJF3nkD0hekIwWZTFgk/S3v5ewE6UMacHhU2
tA0/hS2MFr+2l9QaPo7yHaCbg1txwxDLdSlGsUlY/RH8AdAI3JCaB1CdplT19rhF
7OQXhmncg2kht5d8ynPZW0rgeVh2cBJvvP3GVJks84ned9JIaVSYTro5/SaBT1bs
wnf4wBn2s0MmoOzJNeOWAT6N7lsIT0Er6Qd6CBatF0GeFn8TkYZ3pNQMQO+MvKBE
g1J23HE=
-----END CERTIFICATE-----
Generated at Sat May 17 19:29:53 2025 by rpki-client