Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/FnkssaE2LZQGlienI3G80wEbGds.roa
File: FnkssaE2LZQGlienI3G80wEbGds.roa (raw, json)
Hash identifier: p8UnltpamIdJK9hlYvsqWwvz/2EFmsvYG43B3zcdOXU=
Subject key identifier: 16:79:2C:B1:A1:36:2D:94:06:96:27:A7:23:71:BC:D3:01:1B:19:DB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5015
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FnkssaE2LZQGlienI3G80wEbGds.roa
Signing time: Sun 05 May 2024 08:53:59 +0000
ROA not before: Sun 05 May 2024 08:53:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20501 (0x5015)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 08:53:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=16792CB1A1362D94069627A72371BCD3011B19DB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:74:74:88:f3:75:9c:78:d8:4b:1a:80:a4:a9:
c3:6f:75:13:a7:22:1e:15:93:e6:50:76:af:24:78:
91:8b:eb:33:d7:ca:80:65:ee:6f:46:e9:37:ef:49:
c6:72:22:39:ae:7f:f4:df:e3:f7:db:b0:f2:e7:2e:
0c:1e:9c:7f:2b:cd:75:17:26:a6:8b:7f:20:39:6f:
9c:01:28:6b:17:6b:81:8d:59:52:2c:a2:bc:04:a5:
00:20:54:1c:a6:f2:17:33:90:dc:45:65:0a:64:be:
08:ea:f5:db:e2:a6:63:f2:c8:38:ab:7c:13:53:26:
06:3e:71:5f:13:c8:78:eb:f7:6a:48:87:1b:42:61:
09:c6:ef:04:9e:25:35:1a:65:cd:41:98:9c:c7:60:
2b:86:1e:c4:7f:58:39:5c:ae:80:0d:cf:ea:ff:d5:
c8:33:9c:6e:06:a7:6b:8f:f4:d1:c6:b1:19:d7:cf:
e2:9e:df:6e:f6:f9:4b:f4:f4:1a:cc:56:cb:b5:31:
e6:b3:31:fb:3c:aa:8d:ae:5a:d2:ab:af:20:39:86:
17:67:37:71:aa:64:a6:a8:bc:8b:8d:b1:d4:00:12:
4c:6d:26:93:b0:f7:6c:91:b9:11:57:e7:d4:78:15:
5f:ea:24:c2:22:40:29:37:00:70:21:ca:c5:3a:ea:
cd:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:79:2C:B1:A1:36:2D:94:06:96:27:A7:23:71:BC:D3:01:1B:19:DB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FnkssaE2LZQGlienI3G80wEbGds.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
81:a0:72:e0:75:4f:8f:74:eb:74:d0:d0:6a:a6:8e:db:8e:f6:
b0:c8:74:eb:ba:4d:3f:0b:c3:df:2d:81:d4:29:db:ff:be:01:
fe:93:35:23:5e:bd:21:f8:02:f6:fc:fa:ba:52:4a:c6:a5:a8:
23:37:53:04:60:e4:fd:3b:24:79:ff:64:5f:f3:4c:8c:d7:ce:
4f:fb:14:b7:d4:3a:d4:fb:91:45:ee:2d:70:9d:bd:72:c2:e1:
0a:a0:fc:4c:60:ae:8a:f3:d4:f3:42:00:54:2a:f1:01:c2:1e:
39:cd:bc:ca:9c:8c:64:fc:d7:be:68:0b:4b:61:c2:7e:14:f5:
cf:60:7c:76:2a:aa:c0:0b:85:cb:91:ca:49:88:87:bc:36:5c:
03:d8:63:5c:21:02:cd:7c:8f:c8:57:d3:fc:49:bb:0e:9e:82:
4c:d0:b7:6e:d9:74:ef:19:04:79:b0:41:b7:51:ec:42:87:2c:
36:06:9c:4c:79:98:9c:0f:52:dc:27:e0:84:da:82:8d:67:ab:
85:f8:d7:d5:d6:35:cb:1f:24:9b:62:aa:97:8f:41:5b:d4:2f:
56:35:94:a4:8d:55:59:fa:bc:b5:aa:59:73:eb:e7:48:14:2d:
95:b4:22:d8:86:a1:b7:58:d4:4e:a1:37:90:6e:98:5b:5c:11:
3a:22:80:38
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUBUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUw
ODUzNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE2NzkyQ0IxQTEzNjJE
OTQwNjk2MjdBNzIzNzFCQ0QzMDExQjE5REIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSdHSI83WceNhLGoCkqcNvdROnIh4Vk+ZQdq8keJGL6zPXyoBl
7m9G6TfvScZyIjmuf/Tf4/fbsPLnLgwenH8rzXUXJqaLfyA5b5wBKGsXa4GNWVIs
orwEpQAgVBym8hczkNxFZQpkvgjq9dvipmPyyDirfBNTJgY+cV8TyHjr92pIhxtC
YQnG7wSeJTUaZc1BmJzHYCuGHsR/WDlcroANz+r/1cgznG4Gp2uP9NHGsRnXz+Ke
3272+Uv09BrMVsu1MeazMfs8qo2uWtKrryA5hhdnN3GqZKaovIuNsdQAEkxtJpOw
92yRuRFX59R4FV/qJMIiQCk3AHAhysU66s1FAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUFnkssaE2LZQGlienI3G80wEbGdswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0Zua3NzYUUyTFpRR2xp
ZW5JM0c4MHdFYkdkcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIGgcuB1T49063TQ
0GqmjtuO9rDIdOu6TT8Lw98tgdQp2/++Af6TNSNevSH4Avb8+rpSSsalqCM3UwRg
5P07JHn/ZF/zTIzXzk/7FLfUOtT7kUXuLXCdvXLC4Qqg/Exgrorz1PNCAFQq8QHC
HjnNvMqcjGT8175oC0thwn4U9c9gfHYqqsALhcuRykmIh7w2XAPYY1whAs18j8hX
0/xJuw6egkzQt27ZdO8ZBHmwQbdR7EKHLDYGnEx5mJwPUtwn4ITago1nq4X419XW
NcsfJJtiqpePQVvUL1Y1lKSNVVn6vLWqWXPr50gULZW0ItiGobdY1E6hN5BumFtc
EToigDg=
-----END CERTIFICATE-----
Generated at Sun May 18 09:13:31 2025 by rpki-client