Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7BKpYZcLDNcMcAyOOLHZAilN56M.roa
File: 7BKpYZcLDNcMcAyOOLHZAilN56M.roa (raw, json)
Hash identifier: NWly/9NjSat5XwI8z8rpjBPpSkQjE7+zLpuJKnd5J/Y=
Subject key identifier: EC:12:A9:61:97:0B:0C:D7:0C:70:0C:8E:38:B1:D9:02:29:4D:E7:A3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C49
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7BKpYZcLDNcMcAyOOLHZAilN56M.roa
Signing time: Mon 08 Apr 2024 23:22:35 +0000
ROA not before: Mon 08 Apr 2024 23:22:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15433 (0x3c49)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 23:22:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EC12A961970B0CD70C700C8E38B1D902294DE7A3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:39:12:96:1f:aa:9e:c7:61:85:fd:ba:fe:4d:
a1:0b:36:69:af:c6:ba:f6:a1:ab:77:ef:66:fc:79:
c9:06:a0:8f:c6:ab:aa:96:56:85:64:f3:70:a0:f9:
d7:a7:ec:ab:b0:cc:8e:ed:1a:8b:c9:30:8a:2c:e9:
4d:ae:33:34:4f:cb:64:ca:bb:33:ca:99:0a:25:c3:
a7:35:1a:38:f1:39:f2:24:5a:d9:07:d6:e7:a1:55:
4e:c3:4a:04:09:43:4d:31:c0:2c:d5:54:07:71:5a:
0f:2b:0b:53:6b:a5:c5:d2:45:75:2f:e7:87:cb:f5:
b1:1a:e1:f8:da:ba:73:f1:9e:90:da:f4:14:ee:66:
e6:23:fa:5c:92:07:2e:25:3c:ee:aa:d4:f6:c6:3b:
83:0c:38:93:c1:5d:04:8a:3a:bf:de:8c:d4:72:8a:
ab:f3:09:ca:3d:79:5d:80:d7:5d:cf:f8:6b:5d:1d:
eb:4c:77:be:71:12:96:de:9a:dc:1c:89:e9:dd:35:
6e:e3:38:82:23:7f:72:a2:b8:df:d5:52:36:02:d3:
84:15:20:05:40:7a:e7:1c:8a:76:5e:e1:36:a8:fe:
8d:96:89:c3:47:7e:67:bb:14:5a:11:40:c3:47:00:
b3:58:14:cc:85:92:9f:d9:74:16:eb:85:ad:db:78:
24:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:12:A9:61:97:0B:0C:D7:0C:70:0C:8E:38:B1:D9:02:29:4D:E7:A3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7BKpYZcLDNcMcAyOOLHZAilN56M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
a8:90:a8:e7:fa:5a:f6:6c:17:cb:7b:3b:34:80:bd:8f:84:34:
d3:ce:17:ab:bd:52:40:28:6e:b2:7d:2c:d9:fa:e5:93:36:44:
29:7f:5e:dc:cc:fd:ca:12:80:ca:73:a1:9b:a7:28:ea:ff:18:
7a:21:a5:bd:e2:0a:b8:78:ca:f8:04:e3:b6:73:a2:ca:7d:a6:
53:ba:66:3a:e6:0d:d1:19:4f:4f:18:98:7b:5f:ba:e7:e1:08:
38:95:4d:d8:d6:c9:8e:3c:21:a7:9b:07:47:a2:8e:06:56:ca:
62:57:d8:40:06:e1:c7:54:a8:ac:4e:77:2d:a8:65:fa:c2:cc:
01:e1:dc:a2:2a:41:9a:2a:ab:21:7a:7f:da:28:be:70:41:5e:
c5:9b:6b:94:a4:8b:73:6c:81:a7:d5:fb:a4:28:b8:9d:cf:2b:
b1:5d:c3:a1:34:e1:5d:f5:0e:9e:24:9f:d3:c4:0c:2b:7b:f6:
50:6e:f3:66:25:a5:3b:6e:87:5a:7e:d9:45:82:1b:81:75:00:
56:56:27:6a:77:bd:c2:93:96:92:d2:d3:a7:a5:19:ac:6e:fe:
6d:f6:f4:34:c6:19:fb:82:e5:23:51:88:b9:0b:38:66:5e:3d:
e9:cc:0d:d2:7e:86:80:42:02:88:3b:90:84:19:d7:32:b6:15:
d4:c0:ef:7c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPEkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgy
MzIyMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVDMTJBOTYxOTcwQjBD
RDcwQzcwMEM4RTM4QjFEOTAyMjk0REU3QTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDkORKWH6qex2GF/br+TaELNmmvxrr2oat372b8eckGoI/Gq6qW
VoVk83Cg+den7KuwzI7tGovJMIos6U2uMzRPy2TKuzPKmQolw6c1GjjxOfIkWtkH
1uehVU7DSgQJQ00xwCzVVAdxWg8rC1NrpcXSRXUv54fL9bEa4fjaunPxnpDa9BTu
ZuYj+lySBy4lPO6q1PbGO4MMOJPBXQSKOr/ejNRyiqvzCco9eV2A113P+GtdHetM
d75xEpbemtwciendNW7jOIIjf3KiuN/VUjYC04QVIAVAeuccinZe4Tao/o2WicNH
fme7FFoRQMNHALNYFMyFkp/ZdBbrha3beCRpAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU7BKpYZcLDNcMcAyOOLHZAilN56MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdCS3BZWmNMRE5jTWNB
eU9PTEhaQWlsTjU2TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKiQqOf6WvZsF8t7
OzSAvY+ENNPOF6u9UkAobrJ9LNn65ZM2RCl/XtzM/coSgMpzoZunKOr/GHohpb3i
Crh4yvgE47Zzosp9plO6ZjrmDdEZT08YmHtfuufhCDiVTdjWyY48IaebB0eijgZW
ymJX2EAG4cdUqKxOdy2oZfrCzAHh3KIqQZoqqyF6f9oovnBBXsWba5Ski3NsgafV
+6QouJ3PK7Fdw6E04V31Dp4kn9PEDCt79lBu82YlpTtuh1p+2UWCG4F1AFZWJ2p3
vcKTlpLS06elGaxu/m329DTGGfuC5SNRiLkLOGZePenMDdJ+hoBCAog7kIQZ1zK2
FdTA73w=
-----END CERTIFICATE-----
Generated at Sun May 18 16:53:59 2025 by rpki-client