Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/FgG10b-Af8pwCLsSq1ey1cPXhqc.roa
File: FgG10b-Af8pwCLsSq1ey1cPXhqc.roa (raw, json)
Hash identifier: B/WSUAerH3lFLChooP1LAdhCAhgG2N9I+d5paMbqWB4=
Subject key identifier: 16:01:B5:D1:BF:80:7F:CA:70:08:BB:12:AB:57:B2:D5:C3:D7:86:A7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3BFD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FgG10b-Af8pwCLsSq1ey1cPXhqc.roa
Signing time: Mon 08 Apr 2024 13:52:34 +0000
ROA not before: Mon 08 Apr 2024 13:52:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15357 (0x3bfd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 13:52:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1601B5D1BF807FCA7008BB12AB57B2D5C3D786A7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:f5:f1:f7:70:14:c2:fb:8a:4f:46:e6:d9:98:
1f:4f:ac:87:a8:8c:89:f2:87:4d:8b:e4:49:2c:02:
1f:8d:d0:73:23:e8:63:b0:e8:45:03:83:96:f4:84:
6c:35:f3:c1:bb:35:06:43:69:b8:d5:4d:e1:0a:de:
9c:15:35:ca:80:a9:92:62:bc:58:4b:cb:50:d1:88:
69:42:99:69:7c:1f:5f:c6:ff:62:d6:c6:ca:e4:c5:
ef:75:87:e0:79:ff:92:32:03:06:56:09:09:a2:30:
76:7a:db:1a:b7:d8:ca:ea:8c:13:e3:5e:ff:87:e6:
21:9a:ab:b5:76:00:5e:03:db:cc:62:a5:3b:4f:da:
ea:e1:fb:c7:34:2c:96:b1:ae:89:39:07:5a:74:a8:
37:db:fc:aa:d5:86:c6:2d:c4:23:d2:4b:52:ea:05:
ab:e2:3b:06:d5:6b:6f:7d:b8:73:46:c5:b0:ed:20:
a3:2c:1b:da:88:b5:9a:7e:d6:cd:67:8b:a1:68:da:
50:4d:0d:2c:33:c5:76:40:cb:d0:75:5b:9b:ad:b7:
0e:fe:57:f0:5e:06:61:21:ee:c7:75:ed:fb:ef:42:
f9:04:d2:80:85:54:92:1e:06:1a:cc:a5:aa:e4:bf:
cb:a9:5b:c1:fb:87:ee:aa:f1:02:00:b7:90:53:11:
af:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:01:B5:D1:BF:80:7F:CA:70:08:BB:12:AB:57:B2:D5:C3:D7:86:A7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FgG10b-Af8pwCLsSq1ey1cPXhqc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
95:69:17:8f:59:10:ee:e2:2b:46:78:21:81:3b:dc:55:c0:40:
09:66:ff:58:dd:c0:a3:10:f0:b9:82:cd:ab:fd:6c:ce:3d:82:
ce:bc:aa:ee:52:bf:ae:f7:d0:59:2d:8d:65:93:35:aa:fb:31:
e3:26:ce:e7:62:41:33:d5:09:b6:97:4c:35:63:53:bb:da:f9:
62:fc:4f:d0:4f:93:6a:c2:14:7c:45:4d:97:78:42:5e:2a:8b:
12:92:5b:be:d2:d6:6d:ae:5e:20:2b:88:14:96:ce:50:11:39:
8a:c3:75:b6:7e:76:d4:7f:54:4e:66:72:90:e2:bf:72:cc:a9:
34:a6:cc:99:7b:3d:97:a8:5a:c9:f2:71:e4:53:7d:41:7b:12:
b8:f6:86:c3:d5:08:ee:49:21:e9:16:4a:bc:0c:d4:7b:26:52:
e8:86:58:88:9a:44:87:7b:bb:fb:03:66:5e:50:0c:e2:7c:b2:
96:c4:cb:f6:92:3b:40:cc:af:6b:9a:16:13:4a:54:5b:00:b9:
7b:e7:d5:8f:b5:aa:27:a6:5e:0a:e8:52:16:1c:91:d5:c6:89:
9c:3d:e8:ad:8b:37:08:c8:80:e3:f6:f3:72:6c:1e:6a:e6:41:
48:be:f9:74:d2:a1:e1:ba:51:17:fc:74:56:89:41:e3:90:1e:
c8:cd:17:6d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICO/0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgx
MzUyMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE2MDFCNUQxQkY4MDdG
Q0E3MDA4QkIxMkFCNTdCMkQ1QzNENzg2QTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDR9fH3cBTC+4pPRubZmB9PrIeojInyh02L5EksAh+N0HMj6GOw
6EUDg5b0hGw188G7NQZDabjVTeEK3pwVNcqAqZJivFhLy1DRiGlCmWl8H1/G/2LW
xsrkxe91h+B5/5IyAwZWCQmiMHZ62xq32MrqjBPjXv+H5iGaq7V2AF4D28xipTtP
2urh+8c0LJaxrok5B1p0qDfb/KrVhsYtxCPSS1LqBaviOwbVa299uHNGxbDtIKMs
G9qItZp+1s1ni6Fo2lBNDSwzxXZAy9B1W5uttw7+V/BeBmEh7sd17fvvQvkE0oCF
VJIeBhrMparkv8upW8H7h+6q8QIAt5BTEa+vAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUFgG10b+Af8pwCLsSq1ey1cPXhqcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ZnRzEwYi1BZjhwd0NM
c1NxMWV5MWNQWGhxYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJVpF49ZEO7iK0Z4
IYE73FXAQAlm/1jdwKMQ8LmCzav9bM49gs68qu5Sv6730FktjWWTNar7MeMmzudi
QTPVCbaXTDVjU7va+WL8T9BPk2rCFHxFTZd4Ql4qixKSW77S1m2uXiAriBSWzlAR
OYrDdbZ+dtR/VE5mcpDiv3LMqTSmzJl7PZeoWsnyceRTfUF7Erj2hsPVCO5JIekW
SrwM1HsmUuiGWIiaRId7u/sDZl5QDOJ8spbEy/aSO0DMr2uaFhNKVFsAuXvn1Y+1
qiemXgroUhYckdXGiZw96K2LNwjIgOP283JsHmrmQUi++XTSoeG6URf8dFaJQeOQ
HsjNF20=
-----END CERTIFICATE-----
Generated at Sat May 17 22:38:19 2025 by rpki-client