Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Gprr1A4UlsMuAQAF2ekzi1AwvCE.roa
File: Gprr1A4UlsMuAQAF2ekzi1AwvCE.roa (raw, json)
Hash identifier: 0XEaM4C77oUPHnhOVO7JzmE97jnZpzBRQhgA08Sj+fI=
Subject key identifier: 1A:9A:EB:D4:0E:14:96:C3:2E:01:00:05:D9:E9:33:8B:50:30:BC:21
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 507D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Gprr1A4UlsMuAQAF2ekzi1AwvCE.roa
Signing time: Sun 05 May 2024 21:53:50 +0000
ROA not before: Sun 05 May 2024 21:53:50 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20605 (0x507d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 21:53:50 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1A9AEBD40E1496C32E010005D9E9338B5030BC21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:40:71:63:05:d3:cd:2a:a1:98:f9:37:94:f0:
31:18:90:63:7c:24:d4:72:fe:2c:d7:7b:8d:84:1e:
a5:b0:7a:fd:4a:b0:fb:1c:a8:21:24:a8:cd:84:46:
06:f7:66:74:7e:79:0a:fb:ee:b3:b3:5b:97:f1:4e:
19:8c:d2:c0:b5:f0:f8:b1:d7:79:22:fc:b0:72:03:
d9:e4:a3:55:61:25:d0:6a:0b:98:ce:17:9a:e7:6d:
7a:80:de:61:d9:ae:df:22:26:32:6f:98:9f:b8:a9:
18:c7:cd:29:f8:be:65:b7:68:45:ae:1b:d7:ec:32:
c3:e8:27:bd:cc:ee:72:40:01:4c:34:4d:56:0e:2b:
8c:a0:8b:3f:f0:76:e7:9f:76:1d:d5:6f:96:32:af:
24:61:e2:71:c3:36:6e:0a:1d:99:eb:71:75:e3:0c:
4a:e4:e5:39:3f:d8:68:5e:ef:e0:22:a0:11:8e:20:
03:af:0f:13:26:88:83:b8:db:34:09:62:04:b7:10:
01:47:85:60:3a:11:fb:32:56:23:a7:3e:c6:86:21:
53:ef:c0:25:52:bc:d0:ff:83:fb:4c:48:9d:3f:93:
79:6d:30:08:99:e9:2e:bd:85:f2:f8:56:f1:1d:86:
7f:35:d2:ec:b0:b2:1c:cf:46:d1:ca:46:3b:bd:a7:
6e:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:9A:EB:D4:0E:14:96:C3:2E:01:00:05:D9:E9:33:8B:50:30:BC:21
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Gprr1A4UlsMuAQAF2ekzi1AwvCE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
83:dc:df:4f:fc:7f:ed:9e:5e:2f:2c:7f:bd:69:aa:c6:21:62:
9e:c0:84:0d:48:89:03:72:26:bf:fe:b5:e8:dd:50:02:74:42:
18:f6:b5:7f:62:95:34:ed:fb:3a:c7:d9:ca:dc:c7:3d:91:87:
91:68:08:c7:30:5f:e8:96:2d:eb:41:a1:e7:e4:1c:ee:0b:a0:
6b:28:99:8b:07:15:8f:97:7b:82:48:09:d3:87:ff:a6:0d:33:
a5:38:5b:f8:2e:3f:a7:1d:01:2b:3e:9b:ef:b3:68:75:fe:90:
b2:7d:dd:99:75:8f:71:e5:34:c0:1d:76:a7:5e:30:fd:b5:54:
a6:26:d1:98:8e:e6:59:a9:fe:10:0f:3f:0b:21:5b:96:84:ec:
3a:8f:ea:ae:2e:fb:0a:2d:14:e0:b6:ca:f7:6a:3a:5b:73:8d:
45:fb:88:68:08:57:c6:74:4d:19:d9:0c:1a:0c:21:72:71:51:
3f:82:7b:6f:1b:96:72:d0:0a:ce:7a:72:0b:a4:0a:1b:e7:d4:
25:8b:66:cb:8c:4b:ca:49:13:71:6e:a7:6e:ca:b9:81:e4:87:
e6:43:a4:cd:b8:49:c5:8c:ac:71:6d:60:f1:b7:55:33:b0:35:
36:e2:2f:bc:9d:86:5f:03:46:26:67:72:09:83:1f:12:52:2f:
a1:99:28:6d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUH0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUy
MTUzNTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFBOUFFQkQ0MEUxNDk2
QzMyRTAxMDAwNUQ5RTkzMzhCNTAzMEJDMjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpQHFjBdPNKqGY+TeU8DEYkGN8JNRy/izXe42EHqWwev1KsPsc
qCEkqM2ERgb3ZnR+eQr77rOzW5fxThmM0sC18Pix13ki/LByA9nko1VhJdBqC5jO
F5rnbXqA3mHZrt8iJjJvmJ+4qRjHzSn4vmW3aEWuG9fsMsPoJ73M7nJAAUw0TVYO
K4ygiz/wduefdh3Vb5YyryRh4nHDNm4KHZnrcXXjDErk5Tk/2Ghe7+AioBGOIAOv
DxMmiIO42zQJYgS3EAFHhWA6EfsyViOnPsaGIVPvwCVSvND/g/tMSJ0/k3ltMAiZ
6S69hfL4VvEdhn810uywshzPRtHKRju9p25JAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUGprr1A4UlsMuAQAF2ekzi1AwvCEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dwcnIxQTRVbHNNdUFR
QUYyZWt6aTFBd3ZDRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIPc30/8f+2eXi8s
f71pqsYhYp7AhA1IiQNyJr/+tejdUAJ0Qhj2tX9ilTTt+zrH2crcxz2Rh5FoCMcw
X+iWLetBoefkHO4LoGsomYsHFY+Xe4JICdOH/6YNM6U4W/guP6cdASs+m++zaHX+
kLJ93Zl1j3HlNMAddqdeMP21VKYm0ZiO5lmp/hAPPwshW5aE7DqP6q4u+wotFOC2
yvdqOltzjUX7iGgIV8Z0TRnZDBoMIXJxUT+Ce28blnLQCs56cgukChvn1CWLZsuM
S8pJE3Fup27KuYHkh+ZDpM24ScWMrHFtYPG3VTOwNTbiL7ydhl8DRiZncgmDHxJS
L6GZKG0=
-----END CERTIFICATE-----
Generated at Sun May 18 01:48:40 2025 by rpki-client