Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/14Jb7qeJgqbsJdcZdWbnIcgDQRY.roa
File: 14Jb7qeJgqbsJdcZdWbnIcgDQRY.roa (raw, json)
Hash identifier: 9WAb0f3SSh8NfKUX9RFsdzBFbegcIXenq4z4uF8Pluk=
Subject key identifier: D7:82:5B:EE:A7:89:82:A6:EC:25:D7:19:75:66:E7:21:C8:03:41:16
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 379D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/14Jb7qeJgqbsJdcZdWbnIcgDQRY.roa
Signing time: Tue 02 Apr 2024 17:52:39 +0000
ROA not before: Tue 02 Apr 2024 17:52:39 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14237 (0x379d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 2 17:52:39 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D7825BEEA78982A6EC25D7197566E721C8034116
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:96:5f:d3:d3:ea:9f:c5:d0:94:37:2e:8d:b0:
3f:28:4e:16:cf:01:c4:b2:ba:3c:6e:da:1e:35:c3:
13:2d:6f:55:9e:2a:0b:fc:13:d6:93:87:cc:b2:14:
1f:d5:3c:51:5a:cf:e9:9f:dc:30:88:e0:3d:ee:d8:
5a:c9:ed:90:6b:9c:4c:41:06:2d:3a:67:61:f9:b9:
93:da:ce:71:27:69:d3:65:1b:3f:07:8f:44:35:eb:
f9:cc:8d:37:6f:d9:70:ab:64:54:72:b8:79:e1:d1:
f7:2e:8d:2d:96:32:24:83:36:5d:69:36:ad:f5:da:
71:9b:7f:d0:92:2b:a1:b0:af:97:87:7a:56:0e:40:
ef:bc:2e:77:2d:dd:f4:5e:00:e0:88:2f:7b:eb:98:
9b:36:61:4e:0c:58:05:cd:c7:9f:32:e8:f8:13:01:
75:4b:4a:eb:55:c2:85:90:54:e4:21:99:74:6a:66:
2a:2e:0d:c6:42:55:f0:46:4d:c0:95:da:ea:03:18:
05:2a:9f:c9:80:7e:1a:27:18:45:ad:0b:49:22:55:
2d:d9:22:da:df:f9:9b:03:c5:b5:32:0a:ef:26:a7:
dc:08:63:2e:4d:9b:b0:1f:4f:46:ef:37:65:8c:86:
98:e5:7f:e6:c1:a4:b0:25:86:4e:51:b5:bb:18:19:
28:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:82:5B:EE:A7:89:82:A6:EC:25:D7:19:75:66:E7:21:C8:03:41:16
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/14Jb7qeJgqbsJdcZdWbnIcgDQRY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
8c:ea:dd:3d:22:0d:6c:d0:10:f3:3e:ec:79:ca:7c:ab:5e:4f:
fa:5b:08:c5:70:74:98:2c:c5:a6:c8:3a:89:18:2f:94:2d:42:
1d:81:4c:d2:62:77:8d:09:9c:33:fc:cd:2c:24:b3:a0:dd:9d:
ae:4f:74:ea:2b:90:37:2f:7f:c6:f1:11:5b:74:6d:76:82:de:
e9:5e:d3:7b:ff:7f:b2:a4:56:10:53:87:c9:e5:65:b4:2a:93:
a8:26:4b:70:b6:ed:23:64:4f:2e:6d:f2:af:94:5c:d9:5d:ba:
8e:16:dc:f7:5e:18:36:42:58:2b:99:24:21:52:f6:88:ea:01:
6c:dd:9c:72:75:25:92:29:bf:d4:85:c7:14:a9:f0:82:a8:ba:
27:37:ee:c5:7d:b3:7d:c7:f5:2e:0a:33:eb:43:57:ca:7e:af:
dd:dd:6d:d1:32:1d:f1:d2:d6:bd:b9:c8:e7:c3:d5:64:24:4f:
a8:1a:9b:df:4d:0e:de:40:af:81:e0:2c:a4:80:c0:15:95:f0:
4d:86:da:aa:82:52:25:b0:4c:51:93:17:a1:1b:36:39:d3:40:
fb:1e:c1:24:a3:f3:b4:4f:47:a9:c4:59:bc:36:f5:6b:c5:4f:
b2:b7:e0:26:3c:88:f3:57:00:23:b2:40:ec:98:d9:c0:d1:dd:
2b:4c:d1:42
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICN50wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDIx
NzUyMzlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ3ODI1QkVFQTc4OTgy
QTZFQzI1RDcxOTc1NjZFNzIxQzgwMzQxMTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4ll/T0+qfxdCUNy6NsD8oThbPAcSyujxu2h41wxMtb1WeKgv8
E9aTh8yyFB/VPFFaz+mf3DCI4D3u2FrJ7ZBrnExBBi06Z2H5uZPaznEnadNlGz8H
j0Q16/nMjTdv2XCrZFRyuHnh0fcujS2WMiSDNl1pNq312nGbf9CSK6Gwr5eHelYO
QO+8Lnct3fReAOCIL3vrmJs2YU4MWAXNx58y6PgTAXVLSutVwoWQVOQhmXRqZiou
DcZCVfBGTcCV2uoDGAUqn8mAfhonGEWtC0kiVS3ZItrf+ZsDxbUyCu8mp9wIYy5N
m7AfT0bvN2WMhpjlf+bBpLAlhk5RtbsYGSgvAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU14Jb7qeJgqbsJdcZdWbnIcgDQRYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzE0SmI3cWVKZ3Fic0pk
Y1pkV2JuSWNnRFFSWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIzq3T0iDWzQEPM+
7HnKfKteT/pbCMVwdJgsxabIOokYL5QtQh2BTNJid40JnDP8zSwks6Ddna5PdOor
kDcvf8bxEVt0bXaC3ule03v/f7KkVhBTh8nlZbQqk6gmS3C27SNkTy5t8q+UXNld
uo4W3PdeGDZCWCuZJCFS9ojqAWzdnHJ1JZIpv9SFxxSp8IKouic37sV9s33H9S4K
M+tDV8p+r93dbdEyHfHS1r25yOfD1WQkT6gam99NDt5Ar4HgLKSAwBWV8E2G2qqC
UiWwTFGTF6EbNjnTQPsewSSj87RPR6nEWbw29WvFT7K34CY8iPNXACOyQOyY2cDR
3StM0UI=
-----END CERTIFICATE-----
Generated at Sun May 18 03:55:46 2025 by rpki-client