Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1u0nbGWQoCh2zCF9SZ2kI_nnNVY.roa
File: 1u0nbGWQoCh2zCF9SZ2kI_nnNVY.roa (raw, json)
Hash identifier: 8FzCahNBAD5A+oYeQxv6Xh5XrLZXn0cnqlg2vzqG4pk=
Subject key identifier: D6:ED:27:6C:65:90:A0:28:76:CC:21:7D:49:9D:A4:23:F9:E7:35:56
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4B11
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1u0nbGWQoCh2zCF9SZ2kI_nnNVY.roa
Signing time: Sun 28 Apr 2024 16:23:26 +0000
ROA not before: Sun 28 Apr 2024 16:23:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19217 (0x4b11)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 16:23:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D6ED276C6590A02876CC217D499DA423F9E73556
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:8c:24:8d:e8:5b:89:6e:7d:64:1b:03:b6:fa:
93:fd:09:81:5a:0a:65:b3:15:c6:f4:2b:f2:75:ce:
8e:37:cc:6c:4c:5b:8c:3b:fe:ae:60:31:34:1e:b1:
91:c9:d0:28:32:dd:b6:00:35:7a:e9:43:86:1f:70:
cb:b2:27:2c:c0:0a:77:3f:d5:32:7f:a3:49:ed:d7:
00:f7:b4:7e:d3:5f:63:e3:08:66:5b:4d:27:7c:d6:
74:d8:be:69:5b:58:fd:90:99:98:89:49:7d:81:af:
37:25:02:71:6b:a9:78:78:f5:c0:ee:31:3c:85:64:
04:36:8b:62:9a:88:b4:9c:41:4a:8e:31:d1:30:82:
47:a1:34:dd:92:3b:c1:9a:c0:8c:e1:fd:e1:18:5c:
a4:58:c1:17:53:aa:ce:5f:68:c4:10:fd:df:b0:ec:
f7:d0:66:28:ee:b5:a2:5e:78:c0:0c:bd:7d:b9:dc:
1b:30:8e:4b:a8:7d:c2:f7:3b:7b:93:9e:1b:6f:92:
31:4c:90:58:b2:f4:4c:e0:67:96:e4:c6:a2:55:72:
eb:4b:db:42:ed:5e:ff:a0:23:c8:0c:7e:2f:09:1f:
cc:79:9d:15:c0:48:ea:f5:5f:02:d0:8e:b2:22:09:
54:13:01:8a:dc:ed:cb:d5:a5:3a:d2:97:84:58:10:
c3:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:ED:27:6C:65:90:A0:28:76:CC:21:7D:49:9D:A4:23:F9:E7:35:56
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1u0nbGWQoCh2zCF9SZ2kI_nnNVY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
90:76:58:bf:36:ab:04:1c:2c:aa:c0:ec:30:08:4e:47:7f:04:
42:e7:22:89:70:12:bb:84:ed:8b:ab:ef:41:0d:d6:9c:ad:c8:
68:2f:24:f9:b2:b7:fb:55:e6:eb:2b:15:6b:9e:9e:b0:4e:b5:
41:75:da:57:17:39:68:2e:e3:8f:c6:39:b4:fe:ef:e2:2e:10:
ab:50:ca:72:15:cb:54:3d:b3:fb:f4:06:4f:a1:77:48:14:3c:
41:ef:e6:e1:83:bd:7a:73:9e:a2:83:ad:af:8b:71:8d:9a:4b:
20:c1:95:cb:f9:8f:08:85:ea:f3:04:4d:58:d7:3c:3d:b6:6e:
f1:3c:5e:41:22:32:54:1d:f6:28:a4:ab:86:a8:b6:5d:d1:1e:
46:1c:91:ec:34:87:7a:43:6f:3d:b5:fd:5f:d2:ee:dd:6f:c8:
1d:c6:9b:9f:aa:6a:9e:cf:95:5c:df:bc:45:40:08:66:ce:1d:
35:af:1d:04:7e:91:37:d9:d2:3d:0d:37:5e:3e:85:83:ed:46:
30:a7:d8:5a:25:bc:44:ae:44:29:e6:dd:cd:8a:a8:f1:e2:fd:
51:8a:80:2c:84:25:e9:d6:38:80:96:35:01:1b:4f:9a:79:b4:
7c:fd:a8:63:d6:05:12:88:50:c0:3b:73:e2:a3:2d:d6:31:cc:
ee:41:59:09
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSxEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgx
NjIzMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ2RUQyNzZDNjU5MEEw
Mjg3NkNDMjE3RDQ5OURBNDIzRjlFNzM1NTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOjCSN6FuJbn1kGwO2+pP9CYFaCmWzFcb0K/J1zo43zGxMW4w7
/q5gMTQesZHJ0Cgy3bYANXrpQ4YfcMuyJyzACnc/1TJ/o0nt1wD3tH7TX2PjCGZb
TSd81nTYvmlbWP2QmZiJSX2BrzclAnFrqXh49cDuMTyFZAQ2i2KaiLScQUqOMdEw
gkehNN2SO8GawIzh/eEYXKRYwRdTqs5faMQQ/d+w7PfQZijutaJeeMAMvX253Bsw
jkuofcL3O3uTnhtvkjFMkFiy9EzgZ5bkxqJVcutL20LtXv+gI8gMfi8JH8x5nRXA
SOr1XwLQjrIiCVQTAYrc7cvVpTrSl4RYEMMDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU1u0nbGWQoCh2zCF9SZ2kI/nnNVYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzF1MG5iR1dRb0NoMnpD
RjlTWjJrSV9ubk5WWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJB2WL82qwQcLKrA
7DAITkd/BELnIolwEruE7Yur70EN1pytyGgvJPmyt/tV5usrFWuenrBOtUF12lcX
OWgu44/GObT+7+IuEKtQynIVy1Q9s/v0Bk+hd0gUPEHv5uGDvXpznqKDra+LcY2a
SyDBlcv5jwiF6vMETVjXPD22bvE8XkEiMlQd9iikq4aotl3RHkYckew0h3pDbz21
/V/S7t1vyB3Gm5+qap7PlVzfvEVACGbOHTWvHQR+kTfZ0j0NN14+hYPtRjCn2Fol
vESuRCnm3c2KqPHi/VGKgCyEJenWOICWNQEbT5p5tHz9qGPWBRKIUMA7c+KjLdYx
zO5BWQk=
-----END CERTIFICATE-----
Generated at Sat May 17 21:23:45 2025 by rpki-client