Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ImbzlyjpwUZ6iy8hmPbbSqjuyqM.roa
File: ImbzlyjpwUZ6iy8hmPbbSqjuyqM.roa (raw, json)
Hash identifier: hpjr/McnA0YEJcQwZcNNwRa2aOgku6lrd27ZwU9mmik=
Subject key identifier: 22:66:F3:97:28:E9:C1:46:7A:8B:2F:21:98:F6:DB:4A:A8:EE:CA:A3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DB9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ImbzlyjpwUZ6iy8hmPbbSqjuyqM.roa
Signing time: Thu 02 May 2024 05:23:42 +0000
ROA not before: Thu 02 May 2024 05:23:42 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19897 (0x4db9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 05:23:42 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2266F39728E9C1467A8B2F2198F6DB4AA8EECAA3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:e0:ae:c8:88:b6:2a:f3:0d:f1:de:6b:4e:9a:
10:92:f8:a0:97:0e:f6:e0:3d:0d:8e:d7:d1:af:25:
b1:32:3e:44:d5:ab:1c:a5:88:c3:88:39:31:0e:52:
ce:38:30:75:46:85:f3:65:a2:38:63:fc:6e:2e:a1:
f2:76:37:95:f4:4b:a7:fd:52:94:ad:7d:02:35:a7:
8e:47:ae:15:56:b5:ad:81:e1:2d:cb:fd:b8:93:fb:
be:c4:a6:54:c2:62:26:a2:b9:1e:2a:c1:b3:7a:5f:
07:18:96:23:5f:33:19:42:57:24:d7:96:6a:b9:cd:
db:b0:36:ed:4a:0e:b3:ff:75:3c:b7:b6:1d:52:6c:
c0:1c:cb:3f:45:24:94:21:c8:bd:6c:a7:97:98:b3:
c6:27:de:0a:c3:e3:a6:27:5d:3e:98:e2:67:17:6f:
f3:8b:fa:98:fa:bc:77:61:eb:94:1e:8b:97:a8:8c:
a5:74:4e:c5:96:17:d4:41:49:a9:0c:09:b8:ab:f6:
36:4d:e6:c5:16:30:98:bf:8f:eb:e9:d0:b7:65:12:
cb:22:ac:2e:53:07:dd:6a:68:3c:7e:ea:96:7f:84:
00:d5:90:47:31:cc:60:40:6d:61:e1:9b:23:09:97:
13:b6:b8:43:50:fb:67:eb:75:70:36:00:d1:81:ff:
e9:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:66:F3:97:28:E9:C1:46:7A:8B:2F:21:98:F6:DB:4A:A8:EE:CA:A3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ImbzlyjpwUZ6iy8hmPbbSqjuyqM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
20:fb:c9:29:96:31:31:20:dd:cb:07:9b:ed:3a:75:ff:70:60:
d2:a0:9f:9e:45:3a:e0:ee:0d:3c:1e:90:77:c4:de:a5:69:c7:
f8:c7:78:b7:3c:fd:06:28:70:b4:c2:6b:d0:ac:26:3b:c3:ae:
12:70:12:22:a5:51:24:54:cd:6e:74:a3:8d:25:19:ac:e8:a3:
0d:ce:b0:18:c0:9d:5d:cd:ec:d2:02:85:0f:c5:0d:95:57:eb:
95:5b:6f:68:24:d3:ce:c0:bb:57:03:b2:df:82:41:fd:67:a7:
5a:d7:58:39:45:6c:76:50:43:e7:32:c0:f4:cc:4e:c0:2e:19:
c8:1b:2c:cc:e8:33:89:2e:aa:60:07:65:d9:b3:08:6e:2b:ac:
46:07:0a:10:aa:28:7d:c6:cd:4f:4b:b3:50:a5:9c:d4:57:75:
58:64:41:09:53:ce:26:17:7f:26:5b:8c:9a:b1:71:38:75:60:
90:dd:28:bf:5f:fb:b1:aa:0a:b6:4f:2e:44:a4:c6:a8:de:6c:
97:c0:f6:a6:3e:56:7c:c8:4f:84:1b:fa:98:0b:9a:63:60:3b:
fd:8a:85:ed:71:ff:65:7a:50:79:b0:70:01:46:42:6b:37:4b:
62:33:7f:38:72:ce:47:57:13:61:72:33:58:24:09:9c:5b:14:
c3:96:cc:65
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTbkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
NTIzNDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIyNjZGMzk3MjhFOUMx
NDY3QThCMkYyMTk4RjZEQjRBQThFRUNBQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZ4K7IiLYq8w3x3mtOmhCS+KCXDvbgPQ2O19GvJbEyPkTVqxyl
iMOIOTEOUs44MHVGhfNlojhj/G4uofJ2N5X0S6f9UpStfQI1p45HrhVWta2B4S3L
/biT+77EplTCYiaiuR4qwbN6XwcYliNfMxlCVyTXlmq5zduwNu1KDrP/dTy3th1S
bMAcyz9FJJQhyL1sp5eYs8Yn3grD46YnXT6Y4mcXb/OL+pj6vHdh65Qei5eojKV0
TsWWF9RBSakMCbir9jZN5sUWMJi/j+vp0LdlEssirC5TB91qaDx+6pZ/hADVkEcx
zGBAbWHhmyMJlxO2uENQ+2frdXA2ANGB/+lTAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUImbzlyjpwUZ6iy8hmPbbSqjuyqMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ltYnpseWpwd1VaNml5
OGhtUGJiU3FqdXlxTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACD7ySmWMTEg3csH
m+06df9wYNKgn55FOuDuDTwekHfE3qVpx/jHeLc8/QYocLTCa9CsJjvDrhJwEiKl
USRUzW50o40lGazoow3OsBjAnV3N7NIChQ/FDZVX65Vbb2gk087Au1cDst+CQf1n
p1rXWDlFbHZQQ+cywPTMTsAuGcgbLMzoM4kuqmAHZdmzCG4rrEYHChCqKH3GzU9L
s1ClnNRXdVhkQQlTziYXfyZbjJqxcTh1YJDdKL9f+7GqCrZPLkSkxqjebJfA9qY+
VnzIT4Qb+pgLmmNgO/2Khe1x/2V6UHmwcAFGQms3S2IzfzhyzkdXE2FyM1gkCZxb
FMOWzGU=
-----END CERTIFICATE-----
Generated at Sat May 17 21:30:10 2025 by rpki-client