Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3XeoDZgx9ysL-Ii4AJCeA2Xb3BQ.roa
File: 3XeoDZgx9ysL-Ii4AJCeA2Xb3BQ.roa (raw, json)
Hash identifier: hrG7Fb++1G9vhE+DzUcdh4agRtcValJswz60qB2Z6Ps=
Subject key identifier: DD:77:A8:0D:98:31:F7:2B:0B:F8:88:B8:00:90:9E:03:65:DB:DC:14
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 43D1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3XeoDZgx9ysL-Ii4AJCeA2Xb3BQ.roa
Signing time: Fri 19 Apr 2024 00:23:00 +0000
ROA not before: Fri 19 Apr 2024 00:23:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17361 (0x43d1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 00:23:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DD77A80D9831F72B0BF888B800909E0365DBDC14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:3c:ca:15:41:d5:35:e8:cc:ae:16:f9:d3:9c:
4e:00:c5:d7:f0:28:2e:98:22:fe:6e:d5:90:83:cd:
2a:d6:94:52:b0:a5:db:d6:f3:fe:d3:3d:49:5a:db:
7b:9f:ef:81:83:60:6b:61:65:9f:c7:6e:c8:b3:cc:
0a:87:46:62:71:cf:47:e3:69:fa:3c:b0:bc:a7:94:
8a:90:d4:99:b1:54:e6:1e:e6:fa:24:54:79:27:35:
78:64:3e:f9:a2:e7:4a:ae:66:34:a1:50:e4:97:af:
73:ec:e7:09:61:34:96:be:40:7b:19:df:89:7b:73:
a8:a1:61:72:33:fc:09:e7:91:b6:a9:29:ec:b6:ec:
dc:63:03:dd:aa:ae:40:d5:b8:28:f9:a4:52:71:f9:
d4:53:d1:72:7f:5d:d2:18:52:5d:75:83:e1:b5:49:
c5:ba:49:32:f6:12:b5:c9:1c:0b:8b:88:ac:09:4f:
ce:b6:00:c7:0c:88:c3:d8:55:a1:41:3c:e4:81:f9:
84:e9:10:6e:af:6d:b9:c7:1a:22:9d:c4:3d:b3:b6:
08:27:ea:f7:87:f8:31:68:c8:4a:82:b4:5c:44:72:
71:5c:fe:06:02:0c:21:f1:f9:48:f7:5f:17:74:57:
01:79:1f:32:89:ae:55:f0:f5:2e:a4:15:37:fd:02:
37:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:77:A8:0D:98:31:F7:2B:0B:F8:88:B8:00:90:9E:03:65:DB:DC:14
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3XeoDZgx9ysL-Ii4AJCeA2Xb3BQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
5b:4b:e8:41:ac:39:04:1a:72:96:5c:7b:c6:55:2e:2f:57:fc:
1a:52:30:59:fe:6e:31:aa:9a:fb:3c:66:fd:8e:06:47:63:18:
b2:7a:e9:ca:67:7d:33:9f:94:90:ac:48:27:27:9e:96:0b:50:
12:33:dc:ad:aa:ed:d1:cc:9a:93:65:1d:ea:5e:1f:67:2a:95:
ff:1a:ac:db:17:08:b2:f8:80:26:ed:17:a1:66:6a:ec:8b:60:
12:d2:dd:98:8b:9e:2b:b3:8b:8e:fe:8d:64:0f:bf:9a:4e:4c:
b0:f4:60:08:7b:90:dd:e1:7c:eb:d7:37:40:2d:5e:bc:07:0f:
3a:a5:14:17:92:41:95:02:f8:6b:11:b3:d7:6c:ed:81:fe:3a:
51:bc:a8:e1:0c:87:2f:29:1b:cf:bb:08:ad:bb:9a:b1:cd:5e:
8b:5b:9d:21:fa:bb:14:55:67:59:22:73:0a:5e:e3:c5:f5:be:
0b:5c:9f:8c:9b:60:70:df:a0:31:20:57:6c:ac:c5:62:a3:68:
92:d5:6c:ad:ae:2b:59:50:87:e5:ec:54:20:13:75:a8:45:f4:
9c:f0:cf:2c:f5:d1:25:b7:f9:c8:81:3f:e2:3e:be:f7:86:03:
fd:d2:91:54:ca:11:1a:94:ec:3c:14:d0:94:18:80:68:22:ca:
fb:77:0d:5d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQ9EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkw
MDIzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERENzdBODBEOTgzMUY3
MkIwQkY4ODhCODAwOTA5RTAzNjVEQkRDMTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNPMoVQdU16MyuFvnTnE4AxdfwKC6YIv5u1ZCDzSrWlFKwpdvW
8/7TPUla23uf74GDYGthZZ/HbsizzAqHRmJxz0fjafo8sLynlIqQ1JmxVOYe5vok
VHknNXhkPvmi50quZjShUOSXr3Ps5wlhNJa+QHsZ34l7c6ihYXIz/AnnkbapKey2
7NxjA92qrkDVuCj5pFJx+dRT0XJ/XdIYUl11g+G1ScW6STL2ErXJHAuLiKwJT862
AMcMiMPYVaFBPOSB+YTpEG6vbbnHGiKdxD2ztggn6veH+DFoyEqCtFxEcnFc/gYC
DCHx+Uj3Xxd0VwF5HzKJrlXw9S6kFTf9Ajc7AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU3XeoDZgx9ysL+Ii4AJCeA2Xb3BQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzNYZW9EWmd4OXlzTC1J
aTRBSkNlQTJYYjNCUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFtL6EGsOQQacpZc
e8ZVLi9X/BpSMFn+bjGqmvs8Zv2OBkdjGLJ66cpnfTOflJCsSCcnnpYLUBIz3K2q
7dHMmpNlHepeH2cqlf8arNsXCLL4gCbtF6FmauyLYBLS3ZiLniuzi47+jWQPv5pO
TLD0YAh7kN3hfOvXN0AtXrwHDzqlFBeSQZUC+GsRs9ds7YH+OlG8qOEMhy8pG8+7
CK27mrHNXotbnSH6uxRVZ1kicwpe48X1vgtcn4ybYHDfoDEgV2ysxWKjaJLVbK2u
K1lQh+XsVCATdahF9Jzwzyz10SW3+ciBP+I+vveGA/3SkVTKERqU7DwU0JQYgGgi
yvt3DV0=
-----END CERTIFICATE-----
Generated at Sat May 17 22:50:05 2025 by rpki-client