Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3QaITTcscxqjlkIW0Up4kl1yIXE.roa
File: 3QaITTcscxqjlkIW0Up4kl1yIXE.roa (raw, json)
Hash identifier: jHeEwUzCwsVuACA1hRXGPRmvL/iMGucMaQDZC/EWER8=
Subject key identifier: DD:06:88:4D:37:2C:73:1A:A3:96:42:16:D1:4A:78:92:5D:72:21:71
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A75
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3QaITTcscxqjlkIW0Up4kl1yIXE.roa
Signing time: Sat 27 Apr 2024 20:53:25 +0000
ROA not before: Sat 27 Apr 2024 20:53:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19061 (0x4a75)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 20:53:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DD06884D372C731AA3964216D14A78925D722171
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:b2:5e:7f:17:29:32:ed:df:1b:b0:7e:2c:4f:
cc:b0:f5:66:f2:22:0f:a8:d1:ce:b4:70:d2:96:7a:
6a:51:b0:73:58:0b:f5:25:46:c6:58:eb:e8:e5:84:
83:b4:ab:64:19:cd:55:48:8c:63:cb:b4:6f:37:d0:
ba:a3:4f:ec:7a:fd:3e:1d:98:0d:4e:36:0a:33:31:
81:ef:4b:85:9c:04:fd:9c:e4:e6:bf:6d:3c:9c:72:
9b:05:91:f5:9e:b2:dc:ef:c3:4e:11:83:cb:23:7c:
66:78:ca:9d:18:64:a1:4c:e9:78:be:24:90:56:03:
e6:8e:13:e4:e3:e6:b3:bd:57:98:c9:cc:9a:88:19:
36:6b:ba:33:f6:31:3b:06:3b:07:16:cc:f9:39:d9:
32:e4:8b:6b:9b:81:21:1d:e8:b9:6b:e9:e1:26:4e:
d7:82:fb:a8:45:6e:ec:d2:73:48:32:13:b6:1f:f9:
d1:b2:f9:9c:ab:2c:3e:8c:2d:74:b6:97:74:0a:e4:
5d:38:9c:19:d8:b2:cf:de:e3:35:21:40:13:a2:e0:
7b:e1:6e:30:a6:02:7b:5b:2e:68:02:28:42:72:db:
8c:a1:24:59:08:73:ae:12:e0:62:1d:ed:84:e5:5b:
fa:18:76:ec:42:05:25:ce:e8:e5:d2:0f:1d:c9:98:
b0:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:06:88:4D:37:2C:73:1A:A3:96:42:16:D1:4A:78:92:5D:72:21:71
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3QaITTcscxqjlkIW0Up4kl1yIXE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
bb:c8:2f:18:bc:0f:d8:99:0d:5f:86:58:f6:eb:db:37:9b:57:
f4:c1:b5:98:da:1a:4b:ac:48:0d:35:e2:c8:ed:59:05:6a:81:
4d:1a:92:f7:5b:75:3e:33:fd:ca:1b:e1:b1:7c:66:cd:80:0c:
fb:99:1d:e8:c4:b8:f4:2e:cd:05:7b:84:52:f2:4a:d3:d1:f9:
31:8c:50:bd:91:3e:d0:87:83:6b:99:d0:bc:a9:e6:0b:28:0b:
e2:6f:48:14:2f:d2:98:82:5e:f9:c9:93:bc:20:aa:3a:b1:43:
fe:2e:c8:f4:d6:41:c5:3f:91:3b:07:b3:fb:01:27:22:a5:82:
84:6f:08:69:5b:86:ed:c3:ad:d0:e9:5d:66:ba:55:e9:6e:31:
1f:13:bb:c7:90:e1:84:58:db:ea:bc:a5:80:96:95:4e:06:82:
87:80:a1:58:d4:c1:e2:48:c5:c2:27:f6:e2:44:50:23:1f:0b:
2c:68:f4:da:08:e4:f1:d1:b2:f9:d7:4b:05:01:bb:a0:53:4b:
46:a9:3d:97:43:26:4d:5e:eb:b9:12:84:da:77:25:58:c3:e9:
b8:d6:08:17:37:00:50:67:ff:9a:df:2c:19:b6:90:d3:29:24:
75:fd:3a:cf:74:13:a6:a3:0f:d6:29:cb:ea:e8:71:7f:da:ed:
36:de:18:32
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSnUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcy
MDUzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEREMDY4ODREMzcyQzcz
MUFBMzk2NDIxNkQxNEE3ODkyNUQ3MjIxNzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtsl5/Fyky7d8bsH4sT8yw9WbyIg+o0c60cNKWempRsHNYC/Ul
RsZY6+jlhIO0q2QZzVVIjGPLtG830LqjT+x6/T4dmA1ONgozMYHvS4WcBP2c5Oa/
bTyccpsFkfWestzvw04Rg8sjfGZ4yp0YZKFM6Xi+JJBWA+aOE+Tj5rO9V5jJzJqI
GTZrujP2MTsGOwcWzPk52TLki2ubgSEd6Llr6eEmTteC+6hFbuzSc0gyE7Yf+dGy
+ZyrLD6MLXS2l3QK5F04nBnYss/e4zUhQBOi4HvhbjCmAntbLmgCKEJy24yhJFkI
c64S4GId7YTlW/oYduxCBSXO6OXSDx3JmLB9AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU3QaITTcscxqjlkIW0Up4kl1yIXEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzNRYUlUVGNzY3hxamxr
SVcwVXA0a2wxeUlYRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALvILxi8D9iZDV+G
WPbr2zebV/TBtZjaGkusSA014sjtWQVqgU0akvdbdT4z/cob4bF8Zs2ADPuZHejE
uPQuzQV7hFLyStPR+TGMUL2RPtCHg2uZ0Lyp5gsoC+JvSBQv0piCXvnJk7wgqjqx
Q/4uyPTWQcU/kTsHs/sBJyKlgoRvCGlbhu3DrdDpXWa6VeluMR8Tu8eQ4YRY2+q8
pYCWlU4GgoeAoVjUweJIxcIn9uJEUCMfCyxo9NoI5PHRsvnXSwUBu6BTS0apPZdD
Jk1e67kShNp3JVjD6bjWCBc3AFBn/5rfLBm2kNMpJHX9Os90E6ajD9Ypy+rocX/a
7TbeGDI=
-----END CERTIFICATE-----
Generated at Sun May 18 02:00:49 2025 by rpki-client