Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8Ha3ilrsAH9Oy7qlnlJxN-JUJKY.roa
File: 8Ha3ilrsAH9Oy7qlnlJxN-JUJKY.roa (raw, json)
Hash identifier: ITeFpnL24kGzKBdC+chwqOP59hFMnFZBziDFk0/hGRQ=
Subject key identifier: F0:76:B7:8A:5A:EC:00:7F:4E:CB:BA:A5:9E:52:71:37:E2:54:24:A6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57FD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8Ha3ilrsAH9Oy7qlnlJxN-JUJKY.roa
Signing time: Wed 15 May 2024 21:54:15 +0000
ROA not before: Wed 15 May 2024 21:54:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22525 (0x57fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 21:54:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F076B78A5AEC007F4ECBBAA59E527137E25424A6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:bb:7a:69:08:80:c2:b9:9a:ca:21:38:48:8e:
6e:10:2c:44:1f:4f:9a:2b:cf:cb:56:3c:3d:8c:e9:
b6:c6:7c:d2:62:5d:bd:05:61:8a:e7:41:d8:07:9c:
11:1c:c6:a0:0a:0a:05:71:67:10:a7:b1:0c:68:6c:
f8:1c:68:73:d7:de:b6:b3:d3:99:ee:75:2c:2a:2d:
60:5f:01:e0:c9:0f:2b:5d:71:02:7c:72:cc:79:47:
6f:01:6b:bc:34:8f:37:12:ff:73:a7:53:27:09:77:
74:52:ac:22:eb:6b:9b:43:15:af:4c:3b:79:a7:0a:
20:47:0c:92:96:a7:7b:7f:7d:7d:6c:56:f6:25:b3:
dd:8c:f4:e8:b5:6e:49:78:ba:c4:07:bd:6d:65:75:
31:01:0b:d0:3d:19:af:ba:2f:0c:22:7a:17:ba:86:
d2:e4:e4:59:96:f1:6e:c7:22:ac:ef:f3:f8:52:e6:
fd:12:66:d9:4a:1c:3e:7b:7a:7f:7a:c9:bd:47:55:
ab:c4:ef:eb:93:76:85:49:33:4e:a9:b9:aa:84:27:
1b:94:bc:07:85:b5:85:da:e3:69:78:36:08:36:7f:
e7:1b:1f:f0:db:85:5a:bd:e8:a9:8e:26:8f:cb:c5:
da:30:69:f1:13:bb:50:33:6a:93:d0:6c:12:c6:87:
f6:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:76:B7:8A:5A:EC:00:7F:4E:CB:BA:A5:9E:52:71:37:E2:54:24:A6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8Ha3ilrsAH9Oy7qlnlJxN-JUJKY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
84:d2:c8:fc:e6:51:dd:3a:a0:8d:92:79:c7:24:02:60:56:95:
ad:54:d7:ff:ee:90:5f:7b:b5:e7:ff:96:fe:29:b2:bf:17:fe:
63:7b:c8:99:84:cf:a1:ec:8b:55:8e:7e:0c:05:7a:b2:57:d2:
5d:db:ae:f2:44:0a:ce:a8:4d:f6:ba:db:7e:33:04:24:a3:51:
15:ca:88:29:e8:45:53:41:76:77:d4:c7:01:c6:42:43:36:47:
69:eb:b6:35:35:e1:f2:bd:5b:24:24:55:f8:ef:e8:9f:15:8f:
f8:16:b9:dd:74:00:87:54:cc:bb:5a:cb:64:94:08:df:71:a9:
47:28:2b:1f:8c:35:29:99:40:01:dc:1c:b3:e6:9e:8d:6d:39:
b1:69:a8:33:0e:da:8e:60:90:29:64:3a:e4:9a:82:99:7f:6b:
42:e9:17:6d:70:49:f9:2a:3e:49:13:ef:80:19:37:b0:74:96:
25:91:85:36:5c:55:46:68:ca:bf:13:7a:fa:fa:02:f0:06:f7:
05:f4:4a:d7:f6:6b:89:74:f2:22:fb:c0:de:d5:7e:f7:be:72:
41:a4:1d:7f:10:27:94:14:64:15:65:3d:af:ff:3f:ce:91:68:
c9:48:40:32:4d:8d:0b:06:bb:86:d5:ef:20:a5:55:7d:06:14:
4b:21:2b:3c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICV/0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUy
MTU0MTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEYwNzZCNzhBNUFFQzAw
N0Y0RUNCQkFBNTlFNTI3MTM3RTI1NDI0QTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIu3ppCIDCuZrKIThIjm4QLEQfT5orz8tWPD2M6bbGfNJiXb0F
YYrnQdgHnBEcxqAKCgVxZxCnsQxobPgcaHPX3raz05nudSwqLWBfAeDJDytdcQJ8
csx5R28Ba7w0jzcS/3OnUycJd3RSrCLra5tDFa9MO3mnCiBHDJKWp3t/fX1sVvYl
s92M9Oi1bkl4usQHvW1ldTEBC9A9Ga+6Lwwiehe6htLk5FmW8W7HIqzv8/hS5v0S
ZtlKHD57en96yb1HVavE7+uTdoVJM06puaqEJxuUvAeFtYXa42l4Ngg2f+cbH/Db
hVq96KmOJo/LxdowafETu1AzapPQbBLGh/Y9AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU8Ha3ilrsAH9Oy7qlnlJxN+JUJKYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhIYTNpbHJzQUg5T3k3
cWxubEp4Ti1KVUpLWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAITSyPzmUd06oI2S
ecckAmBWla1U1//ukF97tef/lv4psr8X/mN7yJmEz6Hsi1WOfgwFerJX0l3brvJE
Cs6oTfa6234zBCSjURXKiCnoRVNBdnfUxwHGQkM2R2nrtjU14fK9WyQkVfjv6J8V
j/gWud10AIdUzLtay2SUCN9xqUcoKx+MNSmZQAHcHLPmno1tObFpqDMO2o5gkClk
OuSagpl/a0LpF21wSfkqPkkT74AZN7B0liWRhTZcVUZoyr8Tevr6AvAG9wX0Stf2
a4l08iL7wN7Vfve+ckGkHX8QJ5QUZBVlPa//P86RaMlIQDJNjQsGu4bV7yClVX0G
FEshKzw=
-----END CERTIFICATE-----
Generated at Sun May 18 18:51:51 2025 by rpki-client