Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KOV-HlfQMo-rOG8S6NwNxnKv8yA.roa
File: KOV-HlfQMo-rOG8S6NwNxnKv8yA.roa (raw, json)
Hash identifier: ijZ1rXMPreZrijEWo6Z1/+RFLa9YbZpRPml0A/6v2t4=
Subject key identifier: 28:E5:7E:1E:57:D0:32:8F:AB:38:6F:12:E8:DC:0D:C6:72:AF:F3:20
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5709
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KOV-HlfQMo-rOG8S6NwNxnKv8yA.roa
Signing time: Tue 14 May 2024 15:24:09 +0000
ROA not before: Tue 14 May 2024 15:24:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22281 (0x5709)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 15:24:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=28E57E1E57D0328FAB386F12E8DC0DC672AFF320
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:c3:39:9d:65:a8:3d:8c:a6:24:4a:a1:6f:20:
a3:5f:f8:f7:36:41:a4:1f:b1:34:0f:7e:ea:74:2b:
a2:d5:d8:69:ad:bb:f0:92:7b:8e:a4:e4:24:9b:24:
e1:c8:4b:4c:ba:93:55:0a:b8:ea:19:ca:87:97:d7:
c8:0a:ca:a1:9a:ee:d6:e0:12:54:b6:dc:12:cb:03:
ec:50:4e:25:16:13:6b:09:b9:9a:9c:1e:ef:1a:32:
09:aa:f0:2a:83:ed:e0:e2:5a:10:3b:f9:15:99:60:
04:76:19:26:3d:94:16:45:0a:0a:33:af:f7:f5:61:
54:83:af:d5:f0:b3:4e:82:50:3c:73:aa:b7:f3:bb:
bf:2c:0b:80:63:38:ed:2c:a4:65:bc:02:a7:cb:60:
b1:b7:8c:ed:c2:ab:9d:83:44:d4:5a:38:e4:da:c2:
45:42:a5:3a:96:62:c4:e9:20:11:36:d7:66:94:c9:
fa:93:86:1a:ed:d7:d2:48:06:17:59:c1:28:f3:19:
d1:c8:1a:69:04:c2:2b:f4:28:3a:59:ca:e2:92:51:
67:43:5a:20:04:73:a3:42:fb:8a:d9:fc:cb:ef:e2:
05:5a:10:52:39:01:8a:6a:76:13:f0:bf:11:55:b2:
91:0e:81:86:ba:24:0e:89:08:1e:ae:9e:57:65:e7:
68:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:E5:7E:1E:57:D0:32:8F:AB:38:6F:12:E8:DC:0D:C6:72:AF:F3:20
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KOV-HlfQMo-rOG8S6NwNxnKv8yA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
3d:41:84:32:b7:87:d3:8f:f1:fb:3b:41:57:77:4f:1e:c3:07:
f0:a6:78:80:b8:d9:bb:2f:92:35:a2:b5:86:46:01:b4:49:b8:
09:7c:17:04:91:58:80:8f:65:2f:41:6c:9f:25:98:13:cd:8c:
f7:95:4c:57:97:cc:74:3f:07:ef:f9:07:d1:59:aa:b4:2f:0f:
17:72:92:eb:c6:ba:5b:c2:30:db:65:ac:ec:a7:69:ed:bb:6e:
e4:85:0a:43:1d:5a:11:f7:c9:59:e6:f0:aa:fa:61:a6:fe:6b:
27:12:82:88:cf:93:2e:46:c2:13:e8:d5:da:94:df:43:23:7b:
1f:a5:8d:48:46:b5:3b:d5:9f:43:ba:85:f0:0c:9f:46:4e:7b:
af:81:93:99:64:fa:5b:21:77:f6:b9:a4:0f:fe:c7:30:c3:4c:
cf:de:05:71:a4:a0:d4:9f:5e:c0:9e:e6:26:bd:e5:22:64:a3:
17:49:f6:90:bf:10:10:3b:86:a2:9b:58:7f:98:27:99:0e:58:
5d:83:c1:05:9f:c8:a3:72:70:7b:31:db:6c:ca:45:cd:ad:8d:
0d:58:28:44:e8:a2:a1:75:ac:97:c7:04:72:06:5c:84:1f:45:
c6:b4:1d:7e:e2:1f:12:c7:73:9b:ea:4a:e9:70:61:76:7e:37:
6e:18:d2:8a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVwkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQx
NTI0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI4RTU3RTFFNTdEMDMy
OEZBQjM4NkYxMkU4REMwREM2NzJBRkYzMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEwzmdZag9jKYkSqFvIKNf+Pc2QaQfsTQPfup0K6LV2Gmtu/CS
e46k5CSbJOHIS0y6k1UKuOoZyoeX18gKyqGa7tbgElS23BLLA+xQTiUWE2sJuZqc
Hu8aMgmq8CqD7eDiWhA7+RWZYAR2GSY9lBZFCgozr/f1YVSDr9Xws06CUDxzqrfz
u78sC4BjOO0spGW8AqfLYLG3jO3Cq52DRNRaOOTawkVCpTqWYsTpIBE212aUyfqT
hhrt19JIBhdZwSjzGdHIGmkEwiv0KDpZyuKSUWdDWiAEc6NC+4rZ/Mvv4gVaEFI5
AYpqdhPwvxFVspEOgYa6JA6JCB6unldl52hBAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUKOV+HlfQMo+rOG8S6NwNxnKv8yAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tPVi1IbGZRTW8tck9H
OFM2TndOeG5Ldjh5QS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAD1BhDK3h9OP8fs7
QVd3Tx7DB/CmeIC42bsvkjWitYZGAbRJuAl8FwSRWICPZS9BbJ8lmBPNjPeVTFeX
zHQ/B+/5B9FZqrQvDxdykuvGulvCMNtlrOynae27buSFCkMdWhH3yVnm8Kr6Yab+
aycSgojPky5GwhPo1dqU30Mjex+ljUhGtTvVn0O6hfAMn0ZOe6+Bk5lk+lshd/a5
pA/+xzDDTM/eBXGkoNSfXsCe5ia95SJkoxdJ9pC/EBA7hqKbWH+YJ5kOWF2DwQWf
yKNycHsx22zKRc2tjQ1YKETooqF1rJfHBHIGXIQfRca0HX7iHxLHc5vqSulwYXZ+
N24Y0oo=
-----END CERTIFICATE-----
Generated at Sat May 17 22:40:22 2025 by rpki-client