Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KBRDA7Z-4BFiXBdlgLTG_AOYtZ4.roa
File: KBRDA7Z-4BFiXBdlgLTG_AOYtZ4.roa (raw, json)
Hash identifier: UGWSz09nXAVlpgDSdnzjY9NhT6qY49mC6byTLeX6T8Y=
Subject key identifier: 28:14:43:03:B6:7E:E0:11:62:5C:17:65:80:B4:C6:FC:03:98:B5:9E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3371
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KBRDA7Z-4BFiXBdlgLTG_AOYtZ4.roa
Signing time: Thu 28 Mar 2024 04:22:05 +0000
ROA not before: Thu 28 Mar 2024 04:22:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13169 (0x3371)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 04:22:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=28144303B67EE011625C176580B4C6FC0398B59E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:2f:d3:a3:04:6e:e2:52:b4:b3:82:f6:36:c2:
c3:77:a1:43:af:82:3a:33:6f:52:fa:5e:91:bf:8a:
77:2b:02:d5:ed:9d:18:c7:b3:7c:98:85:d7:01:84:
52:3d:92:3d:cc:89:58:1c:57:d7:8c:59:d5:5b:ad:
9f:4f:11:92:63:b4:17:86:6d:37:f3:d3:5b:22:e0:
e6:e8:6f:6e:77:12:c4:45:2b:16:1e:6e:4a:a6:d1:
67:cd:44:b9:8a:e2:65:3b:6d:ae:46:9c:e5:c7:4e:
04:2b:94:31:11:d0:af:9c:21:ba:b6:be:dd:a3:9a:
d1:87:0d:51:6f:62:ec:d2:84:4e:07:4b:6c:8e:fc:
e4:07:04:c5:0f:99:f7:57:69:e0:56:33:a7:48:c3:
df:10:75:1e:84:a7:3e:ff:5c:ed:56:36:b3:ac:ec:
87:92:39:80:56:03:3b:75:2d:28:42:2f:4d:08:68:
f0:38:f6:02:f8:73:fe:1d:83:4d:3f:59:bf:32:a3:
7a:cf:32:c1:06:08:8b:b8:ee:82:f3:8b:85:3a:d6:
53:b6:09:9e:2f:3f:8f:21:c6:5d:6e:29:db:c8:b7:
ba:71:d4:f2:f3:bf:ee:c4:ef:31:51:8b:02:fe:2f:
9a:bd:82:3d:9e:48:33:95:fa:0c:05:2e:16:28:8f:
47:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:14:43:03:B6:7E:E0:11:62:5C:17:65:80:B4:C6:FC:03:98:B5:9E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KBRDA7Z-4BFiXBdlgLTG_AOYtZ4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
27:da:94:9b:37:56:fa:77:91:c0:86:44:9d:c9:fa:51:3f:a8:
f7:60:c3:fb:91:3a:62:c1:82:32:b6:96:7a:7d:93:9e:3b:a4:
63:b1:86:66:e8:a8:fa:ab:f8:81:9f:94:52:f8:6c:7b:8f:4a:
63:1e:59:d5:79:b6:bd:fa:97:79:18:b7:ac:e6:e0:bc:6a:1c:
92:a0:cb:0c:b3:c0:49:53:8d:08:09:23:db:ad:3a:f8:7e:a3:
9c:77:10:1e:fc:79:c4:e6:39:d6:b4:73:b8:d3:0a:65:d4:5f:
9d:43:db:be:63:e4:fd:d2:b0:6a:17:13:10:36:e1:44:38:33:
1b:9c:72:17:b2:0a:bc:15:ca:c5:69:0a:ce:71:eb:f3:27:32:
a7:8a:bc:a6:9d:4c:06:39:cc:14:14:2f:cb:c0:0a:c6:0d:d5:
f6:26:7b:f3:a0:01:29:0f:37:38:49:a1:b5:c8:19:75:d2:46:
6b:98:bf:3f:fe:8c:b2:2e:0c:5c:76:76:a1:9b:66:e4:36:30:
50:ea:e2:cc:a8:d2:db:82:26:05:8d:67:7e:c8:72:3d:77:6e:
dd:d3:76:a2:fd:1c:34:5c:50:b1:8f:81:fe:bd:b6:67:7d:7c:
b1:34:1e:b1:88:f3:8f:a4:7c:10:52:67:a8:3d:66:a9:30:33:
3e:61:47:74
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICM3EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgw
NDIyMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI4MTQ0MzAzQjY3RUUw
MTE2MjVDMTc2NTgwQjRDNkZDMDM5OEI1OUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvL9OjBG7iUrSzgvY2wsN3oUOvgjozb1L6XpG/incrAtXtnRjH
s3yYhdcBhFI9kj3MiVgcV9eMWdVbrZ9PEZJjtBeGbTfz01si4Obob253EsRFKxYe
bkqm0WfNRLmK4mU7ba5GnOXHTgQrlDER0K+cIbq2vt2jmtGHDVFvYuzShE4HS2yO
/OQHBMUPmfdXaeBWM6dIw98QdR6Epz7/XO1WNrOs7IeSOYBWAzt1LShCL00IaPA4
9gL4c/4dg00/Wb8yo3rPMsEGCIu47oLzi4U61lO2CZ4vP48hxl1uKdvIt7px1PLz
v+7E7zFRiwL+L5q9gj2eSDOV+gwFLhYoj0c/AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUKBRDA7Z+4BFiXBdlgLTG/AOYtZ4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tCUkRBN1otNEJGaVhC
ZGxnTFRHX0FPWXRaNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACfalJs3Vvp3kcCG
RJ3J+lE/qPdgw/uROmLBgjK2lnp9k547pGOxhmboqPqr+IGflFL4bHuPSmMeWdV5
tr36l3kYt6zm4LxqHJKgywyzwElTjQgJI9utOvh+o5x3EB78ecTmOda0c7jTCmXU
X51D275j5P3SsGoXExA24UQ4MxuccheyCrwVysVpCs5x6/MnMqeKvKadTAY5zBQU
L8vACsYN1fYme/OgASkPNzhJobXIGXXSRmuYvz/+jLIuDFx2dqGbZuQ2MFDq4syo
0tuCJgWNZ37Icj13bt3TdqL9HDRcULGPgf69tmd9fLE0HrGI84+kfBBSZ6g9Zqkw
Mz5hR3Q=
-----END CERTIFICATE-----
Generated at Sat May 17 19:49:55 2025 by rpki-client