Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Bcqpo9V0Q6lxcLb34c_qe9GCyJM.roa
File: Bcqpo9V0Q6lxcLb34c_qe9GCyJM.roa (raw, json)
Hash identifier: Lj0YHWXrBV6p0SnGZiWYEVZkPyQmbPmWVxS/3YbNMpI=
Subject key identifier: 05:CA:A9:A3:D5:74:43:A9:71:70:B6:F7:E1:CF:EA:7B:D1:82:C8:93
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4AA1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Bcqpo9V0Q6lxcLb34c_qe9GCyJM.roa
Signing time: Sun 28 Apr 2024 02:23:25 +0000
ROA not before: Sun 28 Apr 2024 02:23:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19105 (0x4aa1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 02:23:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=05CAA9A3D57443A97170B6F7E1CFEA7BD182C893
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:0f:14:8d:c1:59:e3:53:52:ed:9b:10:63:a5:
86:21:9d:b6:72:77:4a:21:12:13:30:b9:f9:03:74:
8d:8c:ab:ee:d1:b4:3a:7c:60:2c:37:2d:a6:d8:c1:
8c:53:0e:18:51:55:09:0b:fe:21:84:19:1f:ab:57:
fa:df:cc:ad:4b:ee:a9:90:3d:34:b4:cd:fa:60:99:
78:0f:ff:36:1a:1a:83:55:6e:bb:88:ea:47:e2:b6:
0c:15:b2:fa:7d:bb:8e:42:52:42:16:c0:cc:74:a1:
4c:9b:20:b7:2e:1c:ae:d5:02:a2:4d:0c:1c:f5:e0:
bd:e7:05:84:00:13:5e:63:de:0b:1f:f3:97:7f:53:
74:36:ac:56:e1:28:6f:08:f5:a0:51:e9:2e:c9:96:
9f:95:2e:6a:b0:4a:64:ab:a3:84:e9:aa:10:22:ae:
4f:07:4f:ea:30:78:ee:e1:9c:9a:dd:72:ad:bc:14:
44:f4:36:e1:27:53:10:46:b5:e8:20:c9:d0:c7:4a:
97:ce:37:6e:30:e0:bb:20:49:79:a7:87:26:4b:5b:
b9:26:cd:3d:cf:d7:29:90:98:c7:0a:20:41:01:af:
a7:9b:de:d3:82:b5:cf:cc:fb:d0:d6:79:68:1c:c0:
cc:58:a4:85:ca:04:cc:03:21:af:6a:23:a6:85:7c:
fa:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:CA:A9:A3:D5:74:43:A9:71:70:B6:F7:E1:CF:EA:7B:D1:82:C8:93
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Bcqpo9V0Q6lxcLb34c_qe9GCyJM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
70:53:da:b6:02:1d:1e:86:21:e8:4c:aa:63:41:60:f9:54:dd:
f7:a1:d2:c6:bd:0b:6c:5c:57:40:71:73:ec:9b:ed:a8:42:93:
07:97:53:0e:94:2c:b5:ed:d9:fe:0e:10:c0:e3:2f:36:b3:36:
33:e3:c6:6a:12:4d:c8:cc:9b:32:49:38:5e:40:76:0d:4b:0e:
8f:e3:0f:67:ab:c1:35:73:7b:0f:5e:87:ab:f7:4d:9a:90:d2:
5a:01:43:1e:d9:12:08:e2:87:4b:66:cd:c7:06:8a:0b:dc:cb:
8b:02:b5:11:bd:94:e0:53:95:3d:8d:76:7f:14:d3:ac:e7:d1:
c5:57:1d:dd:c6:8c:1f:51:e2:f1:c4:9d:c1:b7:2a:0f:cc:27:
ca:73:a7:13:08:f0:9f:22:8a:e8:ad:21:79:bc:0d:42:cf:b0:
80:49:6a:3f:b4:60:20:a4:67:3c:99:fb:07:fa:f4:78:a2:9a:
d1:57:a6:d2:f9:1a:57:c2:62:c1:83:4c:84:a6:ee:5c:a4:c2:
3c:05:50:79:c5:43:ea:cb:66:55:e4:81:50:e0:d9:83:22:5a:
47:fa:c4:19:62:64:b0:b7:c9:42:15:c8:82:d8:f5:a5:9d:02:
9c:6b:c4:e6:74:15:c3:93:5f:d5:84:a8:52:50:20:71:ee:db:
c4:bb:f4:98
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSqEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgw
MjIzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA1Q0FBOUEzRDU3NDQz
QTk3MTcwQjZGN0UxQ0ZFQTdCRDE4MkM4OTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKDxSNwVnjU1LtmxBjpYYhnbZyd0ohEhMwufkDdI2Mq+7RtDp8
YCw3LabYwYxTDhhRVQkL/iGEGR+rV/rfzK1L7qmQPTS0zfpgmXgP/zYaGoNVbruI
6kfitgwVsvp9u45CUkIWwMx0oUybILcuHK7VAqJNDBz14L3nBYQAE15j3gsf85d/
U3Q2rFbhKG8I9aBR6S7Jlp+VLmqwSmSro4TpqhAirk8HT+oweO7hnJrdcq28FET0
NuEnUxBGteggydDHSpfON24w4LsgSXmnhyZLW7kmzT3P1ymQmMcKIEEBr6eb3tOC
tc/M+9DWeWgcwMxYpIXKBMwDIa9qI6aFfPpVAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUBcqpo9V0Q6lxcLb34c/qe9GCyJMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JjcXBvOVYwUTZseGNM
YjM0Y19xZTlHQ3lKTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHBT2rYCHR6GIehM
qmNBYPlU3feh0sa9C2xcV0Bxc+yb7ahCkweXUw6ULLXt2f4OEMDjLzazNjPjxmoS
TcjMmzJJOF5Adg1LDo/jD2erwTVzew9eh6v3TZqQ0loBQx7ZEgjih0tmzccGigvc
y4sCtRG9lOBTlT2Ndn8U06zn0cVXHd3GjB9R4vHEncG3Kg/MJ8pzpxMI8J8iiuit
IXm8DULPsIBJaj+0YCCkZzyZ+wf69HiimtFXptL5GlfCYsGDTISm7lykwjwFUHnF
Q+rLZlXkgVDg2YMiWkf6xBliZLC3yUIVyILY9aWdApxrxOZ0FcOTX9WEqFJQIHHu
28S79Jg=
-----END CERTIFICATE-----
Generated at Sat May 17 20:03:30 2025 by rpki-client