Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/9wpVODto1rHLSdIyXd5iygBgstY.roa
File: 9wpVODto1rHLSdIyXd5iygBgstY.roa (raw, json)
Hash identifier: PlYL3EFCxyHc0ShaGrqyGF5XbnglRs9O3MUXBMxkH1Y=
Subject key identifier: F7:0A:55:38:3B:68:D6:B1:CB:49:D2:32:5D:DE:62:CA:00:60:B2:D6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4B89
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9wpVODto1rHLSdIyXd5iygBgstY.roa
Signing time: Mon 29 Apr 2024 07:23:39 +0000
ROA not before: Mon 29 Apr 2024 07:23:39 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19337 (0x4b89)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 07:23:39 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F70A55383B68D6B1CB49D2325DDE62CA0060B2D6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:a5:86:2b:1c:83:97:c0:d9:ff:21:35:4c:6a:
04:fd:ee:56:32:d7:c3:14:53:4b:24:b4:df:4f:09:
b3:06:83:86:1d:50:a7:aa:29:fc:7b:e6:c1:76:98:
75:5c:54:cf:65:14:a6:19:7b:36:0f:6d:75:25:5f:
de:ad:b3:8d:27:c6:e2:15:0f:3b:a5:e6:3d:76:9b:
ef:84:0d:91:1b:d2:75:dd:56:4c:e9:3b:6a:24:91:
9b:16:1a:65:43:c1:ec:22:4b:b1:94:2a:e6:89:6d:
a9:4b:3e:8a:93:88:bc:92:ff:e9:2b:35:65:a5:da:
01:f2:f5:45:f0:5a:35:13:3a:25:20:bd:2d:1c:75:
1f:fd:6f:a7:2a:e1:2c:74:7a:d1:7b:88:b3:7c:27:
6c:04:49:88:9a:09:40:81:c1:6b:ae:dd:b2:a9:ca:
1e:42:21:2c:2d:9e:8f:c1:17:e3:b8:66:e2:10:38:
8c:a0:32:7f:93:ab:7e:61:89:87:be:c5:17:4e:4c:
64:0c:1e:0a:76:9a:c3:92:4e:c3:c3:48:06:f0:2d:
19:e9:77:51:58:bd:ed:78:2f:63:a3:f1:73:87:52:
1b:0e:df:26:a0:03:77:ef:a5:ea:3c:b2:da:26:5d:
4e:70:aa:5e:34:15:10:41:9b:c2:ab:33:b4:23:d5:
d6:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:0A:55:38:3B:68:D6:B1:CB:49:D2:32:5D:DE:62:CA:00:60:B2:D6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9wpVODto1rHLSdIyXd5iygBgstY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
0f:b4:23:ed:eb:5a:53:f3:69:40:6b:a4:03:50:d4:0a:df:2c:
1c:5c:65:da:fb:f1:a1:37:b4:7f:fa:8e:74:c1:30:08:15:56:
6f:d5:88:bc:94:80:6c:89:88:3b:e0:97:86:4c:09:9b:73:a6:
53:15:12:80:16:06:9a:9f:b9:da:99:8f:f2:16:76:92:3a:fc:
57:19:00:b5:44:ca:f3:14:76:db:d1:a4:3b:90:32:3d:13:43:
28:7c:23:4b:79:e4:bf:d4:3b:f4:f0:89:df:35:46:2d:c2:f8:
05:1e:8f:48:d7:8b:42:f7:2e:8a:71:34:04:fe:c0:49:12:70:
a4:3f:9e:29:b9:0b:1e:8f:90:0e:a3:8c:8b:97:59:eb:ea:3a:
e0:fd:c7:36:5b:b6:ce:c8:dc:f5:73:d7:ed:0d:df:0a:49:16:
98:81:4f:bc:1d:1a:26:20:ed:18:22:96:ae:dc:46:2a:59:3b:
d8:26:03:07:74:45:8f:7e:77:7f:58:16:f9:a1:34:91:8f:b5:
fe:cf:58:91:c9:98:f7:af:b6:5f:84:94:5d:f4:77:0d:ac:7f:
59:f5:7f:63:1a:d2:ed:99:91:2d:35:ed:c5:50:ab:ad:02:9a:
66:a0:94:84:91:42:0a:f0:f3:a2:38:78:3c:71:c7:b1:61:1a:
3b:82:28:45
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICS4kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkw
NzIzMzlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY3MEE1NTM4M0I2OEQ2
QjFDQjQ5RDIzMjVEREU2MkNBMDA2MEIyRDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdpYYrHIOXwNn/ITVMagT97lYy18MUU0sktN9PCbMGg4YdUKeq
Kfx75sF2mHVcVM9lFKYZezYPbXUlX96ts40nxuIVDzul5j12m++EDZEb0nXdVkzp
O2okkZsWGmVDwewiS7GUKuaJbalLPoqTiLyS/+krNWWl2gHy9UXwWjUTOiUgvS0c
dR/9b6cq4Sx0etF7iLN8J2wESYiaCUCBwWuu3bKpyh5CISwtno/BF+O4ZuIQOIyg
Mn+Tq35hiYe+xRdOTGQMHgp2msOSTsPDSAbwLRnpd1FYve14L2Oj8XOHUhsO3yag
A3fvpeo8stomXU5wql40FRBBm8KrM7Qj1dYhAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU9wpVODto1rHLSdIyXd5iygBgstYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Lzl3cFZPRHRvMXJITFNk
SXlYZDVpeWdCZ3N0WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAA+0I+3rWlPzaUBr
pANQ1ArfLBxcZdr78aE3tH/6jnTBMAgVVm/ViLyUgGyJiDvgl4ZMCZtzplMVEoAW
BpqfudqZj/IWdpI6/FcZALVEyvMUdtvRpDuQMj0TQyh8I0t55L/UO/Twid81Ri3C
+AUej0jXi0L3LopxNAT+wEkScKQ/nim5Cx6PkA6jjIuXWevqOuD9xzZbts7I3PVz
1+0N3wpJFpiBT7wdGiYg7Rgilq7cRipZO9gmAwd0RY9+d39YFvmhNJGPtf7PWJHJ
mPevtl+ElF30dw2sf1n1f2Ma0u2ZkS017cVQq60CmmaglISRQgrw86I4eDxxx7Fh
GjuCKEU=
-----END CERTIFICATE-----
Generated at Sun May 18 00:52:40 2025 by rpki-client