Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/EdfTeNx2mf73B7TPtUyMz0CwK2k.roa
File: EdfTeNx2mf73B7TPtUyMz0CwK2k.roa (raw, json)
Hash identifier: PAtfBaqJQJVLm0TH16QnmCXWfQ5Zd9C5rGZiUWxig9A=
Subject key identifier: 11:D7:D3:78:DC:76:99:FE:F7:07:B4:CF:B5:4C:8C:CF:40:B0:2B:69
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3425
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/EdfTeNx2mf73B7TPtUyMz0CwK2k.roa
Signing time: Fri 29 Mar 2024 02:52:04 +0000
ROA not before: Fri 29 Mar 2024 02:52:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13349 (0x3425)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 02:52:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=11D7D378DC7699FEF707B4CFB54C8CCF40B02B69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:97:36:c0:ec:4e:1c:12:77:51:a5:77:5b:98:
16:be:a6:c4:a3:fc:a0:19:46:3e:ea:60:7f:e6:7a:
5b:be:b3:2e:30:79:f2:e6:11:d3:62:56:9d:fa:70:
73:c5:5b:cf:38:8d:83:b6:ee:a5:eb:76:12:16:9c:
03:0c:a2:48:ca:5e:fd:c8:62:a5:91:12:07:33:3b:
d7:a5:97:84:b3:a1:3e:36:3f:a1:b8:e5:22:25:77:
7e:5b:03:01:a5:63:32:57:ef:d5:ce:a4:ab:e6:3d:
96:40:f0:6b:70:5b:d9:e8:18:f1:40:8c:43:9a:7b:
e6:46:17:b2:69:3e:a1:c7:3f:45:b8:45:9f:2d:d1:
e0:82:14:a0:84:75:13:6b:1c:57:01:e3:ed:05:b0:
4f:9a:4b:99:47:f5:52:66:3f:56:15:a6:ad:88:b7:
21:a7:4a:d2:1a:b0:19:10:84:7c:59:29:5f:81:7e:
4a:00:6a:2c:29:c4:22:3e:20:e9:4e:a0:75:51:95:
e2:fe:c5:e7:eb:ce:11:1b:3e:d5:a2:65:e2:11:1d:
36:32:0e:a2:1c:84:4c:b2:26:4d:3b:c6:34:86:03:
af:b4:22:3d:0b:79:6c:73:e6:f0:39:fd:5a:0b:ad:
35:c7:26:24:90:a4:77:d8:bf:77:10:07:0c:ca:0c:
8d:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:D7:D3:78:DC:76:99:FE:F7:07:B4:CF:B5:4C:8C:CF:40:B0:2B:69
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/EdfTeNx2mf73B7TPtUyMz0CwK2k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
9b:23:01:f2:59:4f:5b:98:da:df:dc:f0:84:87:0a:98:19:27:
72:75:cb:9d:59:e3:21:5e:3d:1d:5e:8c:4e:da:da:e5:57:94:
4c:88:f6:6a:ce:d6:e5:74:3c:b6:8c:d3:98:1b:49:d3:d7:eb:
c0:cb:48:cc:82:3c:ff:2b:c6:8d:c3:f0:73:4a:c4:60:19:5b:
ac:a2:f7:3b:cb:0b:9b:fe:77:01:3a:24:3f:30:a4:b5:89:76:
a0:99:e1:10:4f:b2:88:87:6e:bf:04:1a:2d:8c:29:c4:29:9e:
b6:72:ff:a6:d8:8e:bd:b6:27:6e:1e:19:79:b9:8f:fc:21:b1:
be:c7:f2:1e:d6:fb:24:a4:a0:11:f3:7b:0f:5c:a3:be:24:52:
9a:64:10:dc:8d:70:ad:e9:b3:3e:1c:f8:74:17:62:07:3d:64:
44:73:4c:3d:22:bc:71:6a:95:8c:82:64:37:ab:75:21:22:b3:
1d:f8:bd:ba:ee:df:71:b3:ba:1c:35:88:87:6b:73:65:63:27:
24:05:cb:fb:bb:10:c5:d9:a0:b9:1b:f0:19:19:60:94:aa:3f:
a0:9d:02:4f:89:83:1e:e9:ca:06:ae:70:af:c7:eb:b5:23:0b:
d4:d8:8c:83:56:b5:91:31:9d:85:23:06:c1:3e:c6:d9:50:01:
bd:3e:dc:8e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNCUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkw
MjUyMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDExRDdEMzc4REM3Njk5
RkVGNzA3QjRDRkI1NEM4Q0NGNDBCMDJCNjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDmlzbA7E4cEndRpXdbmBa+psSj/KAZRj7qYH/melu+sy4wefLm
EdNiVp36cHPFW884jYO27qXrdhIWnAMMokjKXv3IYqWREgczO9ell4SzoT42P6G4
5SIld35bAwGlYzJX79XOpKvmPZZA8GtwW9noGPFAjEOae+ZGF7JpPqHHP0W4RZ8t
0eCCFKCEdRNrHFcB4+0FsE+aS5lH9VJmP1YVpq2ItyGnStIasBkQhHxZKV+BfkoA
aiwpxCI+IOlOoHVRleL+xefrzhEbPtWiZeIRHTYyDqIchEyyJk07xjSGA6+0Ij0L
eWxz5vA5/VoLrTXHJiSQpHfYv3cQBwzKDI0XAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUEdfTeNx2mf73B7TPtUyMz0CwK2kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0VkZlRlTngybWY3M0I3
VFB0VXlNejBDd0syay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJsjAfJZT1uY2t/c
8ISHCpgZJ3J1y51Z4yFePR1ejE7a2uVXlEyI9mrO1uV0PLaM05gbSdPX68DLSMyC
PP8rxo3D8HNKxGAZW6yi9zvLC5v+dwE6JD8wpLWJdqCZ4RBPsoiHbr8EGi2MKcQp
nrZy/6bYjr22J24eGXm5j/whsb7H8h7W+ySkoBHzew9co74kUppkENyNcK3psz4c
+HQXYgc9ZERzTD0ivHFqlYyCZDerdSEisx34vbru33Gzuhw1iIdrc2VjJyQFy/u7
EMXZoLkb8BkZYJSqP6CdAk+Jgx7pygaucK/H67UjC9TYjINWtZExnYUjBsE+xtlQ
Ab0+3I4=
-----END CERTIFICATE-----
Generated at Sat May 17 19:35:27 2025 by rpki-client