Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DZ6ZZckFv1fKk6XjpwfEogY3mKo.roa
File: DZ6ZZckFv1fKk6XjpwfEogY3mKo.roa (raw, json)
Hash identifier: saOIYulcOCS9xzkUR6N3qzxadHorfv56bPCW2zkjkVk=
Subject key identifier: 0D:9E:99:65:C9:05:BF:57:CA:93:A5:E3:A7:07:C4:A2:06:37:98:AA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A19
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DZ6ZZckFv1fKk6XjpwfEogY3mKo.roa
Signing time: Sat 27 Apr 2024 09:23:35 +0000
ROA not before: Sat 27 Apr 2024 09:23:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18969 (0x4a19)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 09:23:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0D9E9965C905BF57CA93A5E3A707C4A2063798AA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:e7:d4:a7:f9:40:9d:2c:47:2b:c7:9f:05:aa:
9c:ee:04:bf:55:a4:85:30:86:6c:31:a6:2c:aa:87:
05:2a:40:0d:9d:2f:1b:76:3d:fc:bb:f1:18:fd:0b:
32:44:0e:26:da:1c:27:de:eb:bd:bc:55:34:4c:64:
0a:41:d9:88:ea:5a:f9:b0:52:e1:4f:dc:58:36:bb:
bc:cc:26:19:05:2c:47:72:e1:3d:65:17:f5:4b:ec:
d9:a8:69:69:10:67:86:e6:57:70:79:e1:d6:23:aa:
79:d3:45:16:4e:5b:44:54:42:7b:b7:26:2b:52:24:
be:4d:05:b8:29:36:14:d1:ec:86:66:e9:34:6e:16:
3d:42:6c:33:f7:21:79:6d:f7:e3:21:4c:be:90:0f:
10:3e:5a:3e:2b:9c:84:95:4e:40:cb:51:82:31:06:
e0:26:5c:9c:c2:89:b6:3d:5f:77:c3:47:0b:c4:6a:
32:f0:dd:bc:b5:0a:f4:f2:15:03:09:65:5d:e3:7e:
db:fc:91:f5:f3:0b:cc:46:8a:74:a4:74:39:c8:d1:
8c:3e:d2:bb:0c:b5:f8:b2:a5:75:6c:59:00:a8:d9:
41:6b:4b:48:00:03:b5:c7:57:56:56:78:60:a7:0b:
09:25:e1:31:40:81:b5:c1:35:79:fb:eb:b4:a4:92:
91:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:9E:99:65:C9:05:BF:57:CA:93:A5:E3:A7:07:C4:A2:06:37:98:AA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DZ6ZZckFv1fKk6XjpwfEogY3mKo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
3c:45:13:d2:6b:4e:c5:90:00:82:b7:15:d6:32:72:3b:56:0a:
70:d8:00:50:0b:56:02:2e:95:99:22:55:15:95:14:65:f1:08:
e2:c5:50:19:3d:88:0a:ca:f5:cd:33:ad:84:4e:9e:ef:a2:f3:
ce:10:2e:e0:72:43:9c:a5:c2:a4:00:87:54:bf:6d:70:58:84:
aa:25:25:24:24:e0:1a:54:01:29:93:9c:f3:be:8e:b2:7a:21:
d0:58:85:c6:52:e3:9d:9f:04:5b:b9:b5:1b:7c:f3:1a:aa:68:
1c:70:a8:f9:c3:07:37:6f:e8:6c:3c:f6:5c:11:e2:bb:f6:4a:
a3:f3:ee:48:c6:7b:a5:68:55:a9:4d:a3:41:6a:0c:b5:91:ec:
5d:bd:f1:af:7a:a9:19:84:b9:a6:e5:da:58:ff:62:ec:07:a1:
64:c2:89:6b:00:f9:1a:08:b2:28:72:60:95:29:1a:3a:9e:79:
47:e1:7a:79:68:2f:f6:64:8f:0a:55:f9:92:72:1e:2c:22:ad:
9c:ac:19:e5:6b:8c:3c:f2:b6:73:d6:8a:bb:4a:bb:41:87:09:
3d:81:5f:89:7c:93:45:69:70:58:60:29:9d:b4:66:72:95:fa:
f7:4d:02:87:04:85:c7:8c:9f:cd:8b:6e:a6:95:7b:21:dc:f4:
3e:80:37:0a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICShkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcw
OTIzMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBEOUU5OTY1QzkwNUJG
NTdDQTkzQTVFM0E3MDdDNEEyMDYzNzk4QUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCo59Sn+UCdLEcrx58FqpzuBL9VpIUwhmwxpiyqhwUqQA2dLxt2
Pfy78Rj9CzJEDibaHCfe6728VTRMZApB2YjqWvmwUuFP3Fg2u7zMJhkFLEdy4T1l
F/VL7NmoaWkQZ4bmV3B54dYjqnnTRRZOW0RUQnu3JitSJL5NBbgpNhTR7IZm6TRu
Fj1CbDP3IXlt9+MhTL6QDxA+Wj4rnISVTkDLUYIxBuAmXJzCibY9X3fDRwvEajLw
3by1CvTyFQMJZV3jftv8kfXzC8xGinSkdDnI0Yw+0rsMtfiypXVsWQCo2UFrS0gA
A7XHV1ZWeGCnCwkl4TFAgbXBNXn767SkkpEpAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUDZ6ZZckFv1fKk6XjpwfEogY3mKowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RaNlpaY2tGdjFmS2s2
WGpwd2ZFb2dZM21Lby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADxFE9JrTsWQAIK3
FdYycjtWCnDYAFALVgIulZkiVRWVFGXxCOLFUBk9iArK9c0zrYROnu+i884QLuBy
Q5ylwqQAh1S/bXBYhKolJSQk4BpUASmTnPO+jrJ6IdBYhcZS452fBFu5tRt88xqq
aBxwqPnDBzdv6Gw89lwR4rv2SqPz7kjGe6VoValNo0FqDLWR7F298a96qRmEuabl
2lj/YuwHoWTCiWsA+RoIsihyYJUpGjqeeUfhenloL/ZkjwpV+ZJyHiwirZysGeVr
jDzytnPWirtKu0GHCT2BX4l8k0VpcFhgKZ20ZnKV+vdNAocEhceMn82LbqaVeyHc
9D6ANwo=
-----END CERTIFICATE-----
Generated at Sat May 17 19:41:15 2025 by rpki-client