Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/5w6vigDGRgyR47rSr4l-UkJ0dMA.roa
File: 5w6vigDGRgyR47rSr4l-UkJ0dMA.roa (raw, json)
Hash identifier: xFxxRPs0oVKYgvWV35HNDHxnvlDRdB0qhZ8XzG8d/9o=
Subject key identifier: E7:0E:AF:8A:00:C6:46:0C:91:E3:BA:D2:AF:89:7E:52:42:74:74:C0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4CDD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5w6vigDGRgyR47rSr4l-UkJ0dMA.roa
Signing time: Wed 01 May 2024 01:53:35 +0000
ROA not before: Wed 01 May 2024 01:53:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19677 (0x4cdd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 01:53:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E70EAF8A00C6460C91E3BAD2AF897E52427474C0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:50:69:38:02:0f:8a:4e:91:1d:21:fa:74:49:
2a:49:c5:27:c1:c3:dd:cc:ae:32:71:c3:86:e0:8c:
41:61:2f:25:f6:14:3d:58:2d:51:08:6e:f6:7e:b5:
e4:92:9c:de:d6:a8:84:3b:89:f3:be:e0:2f:00:e9:
27:a8:7d:90:92:ec:e0:13:1c:08:08:c4:a7:1f:cf:
fe:7d:d5:a5:1f:56:36:4d:06:49:76:c2:13:33:3a:
52:4b:71:84:ed:52:bd:58:87:1b:c1:3b:b5:3d:68:
42:b2:ec:fb:20:70:34:c3:73:be:f2:d6:b6:59:5c:
43:34:68:b8:94:33:4e:33:09:ab:dd:07:6c:08:cc:
5e:1c:e5:51:83:8c:a5:8d:e2:f0:cb:3d:fb:ce:85:
84:05:f4:f6:56:93:67:15:11:65:64:09:c8:95:45:
db:c6:a7:85:77:01:4c:2b:8f:42:3d:38:d5:eb:b6:
90:b4:d5:ef:7e:f7:85:5a:3d:ff:6a:cb:39:c8:53:
51:7a:a0:67:06:1f:94:ee:59:4b:a0:c9:37:9b:dd:
96:4b:75:be:3d:31:08:4a:e3:f4:31:2b:eb:9c:42:
df:a7:00:cc:38:a9:9b:f1:bb:20:40:f4:ff:58:8a:
1c:60:6a:43:a4:51:fe:71:11:44:37:3c:b2:2b:f8:
1e:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:0E:AF:8A:00:C6:46:0C:91:E3:BA:D2:AF:89:7E:52:42:74:74:C0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5w6vigDGRgyR47rSr4l-UkJ0dMA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
69:a0:c3:ec:e4:5f:8b:51:87:1d:52:28:69:62:bf:67:d0:66:
da:c2:af:c5:70:c6:84:55:01:75:ba:e7:e7:d2:e4:8f:ef:32:
00:cc:16:05:fc:80:88:07:77:0c:00:0c:c2:0b:f5:6a:09:82:
48:0b:b8:68:8c:ea:63:4e:f8:d9:48:de:96:28:3a:39:bd:10:
6a:35:a2:e1:d7:a4:0a:21:2f:e7:a9:c3:b0:93:74:28:0a:d1:
af:b8:6a:40:a3:64:44:d6:8c:45:0d:2a:32:15:df:4e:98:78:
22:09:6f:12:8d:45:5c:9a:ef:1c:05:bd:f8:58:b3:33:d8:6f:
d3:0f:ed:57:11:74:8d:92:7f:12:ee:63:74:3b:40:36:5f:c4:
ac:00:af:d3:59:af:6c:85:e3:2c:c3:b4:45:3f:d1:ba:7f:dd:
15:1c:59:22:b4:3e:62:d7:34:b9:3a:de:ae:a3:35:8c:43:fd:
30:bb:df:b2:76:f8:3c:f5:ba:d6:f1:44:9b:cb:17:9b:fc:e9:
03:3e:1c:c6:7d:2a:f1:23:a1:1c:d3:70:10:f7:ce:ea:0f:50:
0d:64:d2:88:bc:ea:f1:a4:6a:11:75:42:71:e2:da:e1:bf:19:
82:c9:7a:3d:c9:01:45:fd:42:9a:30:75:8f:6d:99:43:9f:8d:
8d:5d:50:3b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTN0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEw
MTUzMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU3MEVBRjhBMDBDNjQ2
MEM5MUUzQkFEMkFGODk3RTUyNDI3NDc0QzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDaUGk4Ag+KTpEdIfp0SSpJxSfBw93MrjJxw4bgjEFhLyX2FD1Y
LVEIbvZ+teSSnN7WqIQ7ifO+4C8A6SeofZCS7OATHAgIxKcfz/591aUfVjZNBkl2
whMzOlJLcYTtUr1YhxvBO7U9aEKy7PsgcDTDc77y1rZZXEM0aLiUM04zCavdB2wI
zF4c5VGDjKWN4vDLPfvOhYQF9PZWk2cVEWVkCciVRdvGp4V3AUwrj0I9ONXrtpC0
1e9+94VaPf9qyznIU1F6oGcGH5TuWUugyTeb3ZZLdb49MQhK4/QxK+ucQt+nAMw4
qZvxuyBA9P9YihxgakOkUf5xEUQ3PLIr+B5RAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU5w6vigDGRgyR47rSr4l+UkJ0dMAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzV3NnZpZ0RHUmd5UjQ3
clNyNGwtVWtKMGRNQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGmgw+zkX4tRhx1S
KGliv2fQZtrCr8VwxoRVAXW65+fS5I/vMgDMFgX8gIgHdwwADMIL9WoJgkgLuGiM
6mNO+NlI3pYoOjm9EGo1ouHXpAohL+epw7CTdCgK0a+4akCjZETWjEUNKjIV306Y
eCIJbxKNRVya7xwFvfhYszPYb9MP7VcRdI2SfxLuY3Q7QDZfxKwAr9NZr2yF4yzD
tEU/0bp/3RUcWSK0PmLXNLk63q6jNYxD/TC737J2+Dz1utbxRJvLF5v86QM+HMZ9
KvEjoRzTcBD3zuoPUA1k0oi86vGkahF1QnHi2uG/GYLJej3JAUX9QpowdY9tmUOf
jY1dUDs=
-----END CERTIFICATE-----
Generated at Sat May 17 19:46:58 2025 by rpki-client