Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7OArUkGZ0BBamd27IpPSHYdF0eM.roa
File: 7OArUkGZ0BBamd27IpPSHYdF0eM.roa (raw, json)
Hash identifier: /Gy6pEAMvmTVZkyn0gYArhtUXTuunFItF1I/qx7YFjI=
Subject key identifier: EC:E0:2B:52:41:99:D0:10:5A:99:DD:BB:22:93:D2:1D:87:45:D1:E3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4AF9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7OArUkGZ0BBamd27IpPSHYdF0eM.roa
Signing time: Sun 28 Apr 2024 13:23:26 +0000
ROA not before: Sun 28 Apr 2024 13:23:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19193 (0x4af9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 13:23:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ECE02B524199D0105A99DDBB2293D21D8745D1E3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:62:6a:5e:74:38:8f:8f:f6:47:e6:49:63:31:
e9:cf:22:36:25:de:38:30:1d:da:22:59:fd:d2:f2:
bc:1c:8e:b3:c9:5a:0c:a9:dd:c1:40:d6:0e:45:a0:
b3:84:45:16:52:0e:dd:b8:84:20:37:54:92:77:0f:
44:56:31:f3:00:ac:ad:42:74:33:4d:5b:19:fc:30:
71:b8:af:8e:8e:b5:8e:7f:4a:03:82:15:b0:b4:64:
7d:c9:a9:79:61:ce:b5:1c:87:74:4e:89:d5:46:ca:
c0:f1:96:96:d8:8a:e4:67:d0:82:b1:a9:a5:0f:00:
00:ac:ad:e7:8a:ff:f1:bb:76:61:cb:ff:4b:10:1a:
4d:0b:ab:bf:4a:75:bd:67:fa:57:3d:62:c1:77:8f:
bc:98:62:1e:17:cf:71:dd:38:4f:5e:59:bc:6b:23:
60:e2:51:e3:22:e9:59:96:21:f1:67:e0:1f:b2:4b:
09:49:ce:79:3c:3e:8c:24:94:eb:f6:30:f0:b4:bb:
e1:1b:51:54:52:93:83:bb:0c:3d:9b:98:99:b2:61:
58:1e:a7:37:a7:e4:06:93:7e:c6:97:1b:c3:d2:06:
57:24:ab:35:97:ac:31:50:ee:22:5f:73:19:8e:bb:
ac:94:27:82:5e:3d:68:24:7b:18:92:8a:66:f9:5c:
9f:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:E0:2B:52:41:99:D0:10:5A:99:DD:BB:22:93:D2:1D:87:45:D1:E3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7OArUkGZ0BBamd27IpPSHYdF0eM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
51:f8:06:ec:af:56:54:8a:99:fa:e2:bd:4c:29:cb:0c:08:0e:
db:d9:09:ed:fe:e8:24:68:85:97:0e:98:0d:26:24:29:18:c3:
0b:82:b2:cb:d9:e0:d3:2c:80:9a:ec:c6:35:98:9d:8d:7a:08:
cc:25:a2:58:f7:10:30:c4:fb:9d:fc:e6:72:e7:b6:cb:4b:bf:
d3:ec:89:fc:b9:8b:c7:5b:56:a4:94:42:50:c8:28:98:a8:8e:
a5:a2:7d:cb:56:13:37:e7:f0:74:df:02:77:16:c1:dc:29:40:
c2:7f:13:80:f7:17:1e:5b:69:73:21:8a:05:6f:0d:b0:5f:be:
bd:53:de:1b:63:36:71:fb:a6:32:0d:5a:aa:83:aa:8c:ba:b8:
65:23:b0:81:48:3d:76:c5:ce:19:9c:32:be:13:52:72:b5:47:
9b:e1:ec:c3:1a:09:20:f8:6c:24:fb:0f:df:6f:3c:6b:0d:8d:
e0:55:96:40:43:d8:2a:e4:7d:2e:77:65:40:6a:bc:de:bb:8b:
2b:b6:28:02:66:26:f5:79:24:37:75:49:79:07:79:9c:4a:17:
20:78:1b:5f:61:ee:6a:f5:76:ea:fe:6c:25:64:d9:84:d8:de:
18:95:92:6c:58:74:63:97:29:87:d5:58:f0:0d:07:6a:ca:83:
55:fc:0c:64
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSvkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgx
MzIzMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVDRTAyQjUyNDE5OUQw
MTA1QTk5RERCQjIyOTNEMjFEODc0NUQxRTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCyYmpedDiPj/ZH5kljMenPIjYl3jgwHdoiWf3S8rwcjrPJWgyp
3cFA1g5FoLOERRZSDt24hCA3VJJ3D0RWMfMArK1CdDNNWxn8MHG4r46OtY5/SgOC
FbC0ZH3JqXlhzrUch3ROidVGysDxlpbYiuRn0IKxqaUPAACsreeK//G7dmHL/0sQ
Gk0Lq79Kdb1n+lc9YsF3j7yYYh4Xz3HdOE9eWbxrI2DiUeMi6VmWIfFn4B+ySwlJ
znk8PowklOv2MPC0u+EbUVRSk4O7DD2bmJmyYVgepzen5AaTfsaXG8PSBlckqzWX
rDFQ7iJfcxmOu6yUJ4JePWgkexiSimb5XJ/VAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU7OArUkGZ0BBamd27IpPSHYdF0eMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdPQXJVa0daMEJCYW1k
MjdJcFBTSFlkRjBlTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFH4BuyvVlSKmfri
vUwpywwIDtvZCe3+6CRohZcOmA0mJCkYwwuCssvZ4NMsgJrsxjWYnY16CMwlolj3
EDDE+5385nLntstLv9Psify5i8dbVqSUQlDIKJiojqWifctWEzfn8HTfAncWwdwp
QMJ/E4D3Fx5baXMhigVvDbBfvr1T3htjNnH7pjINWqqDqoy6uGUjsIFIPXbFzhmc
Mr4TUnK1R5vh7MMaCSD4bCT7D99vPGsNjeBVlkBD2CrkfS53ZUBqvN67iyu2KAJm
JvV5JDd1SXkHeZxKFyB4G19h7mr1dur+bCVk2YTY3hiVkmxYdGOXKYfVWPANB2rK
g1X8DGQ=
-----END CERTIFICATE-----
Generated at Sat May 17 22:54:25 2025 by rpki-client