Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KaxJOOXhtrnGJTa3nlbrdcayztA.roa
File: KaxJOOXhtrnGJTa3nlbrdcayztA.roa (raw, json)
Hash identifier: KKs4++bE8ybh7Xp74fws5w2+WpAeoygwzvASN2CdqbU=
Subject key identifier: 29:AC:49:38:E5:E1:B6:B9:C6:25:36:B7:9E:56:EB:75:C6:B2:CE:D0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4FB9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KaxJOOXhtrnGJTa3nlbrdcayztA.roa
Signing time: Sat 04 May 2024 21:23:48 +0000
ROA not before: Sat 04 May 2024 21:23:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20409 (0x4fb9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 4 21:23:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=29AC4938E5E1B6B9C62536B79E56EB75C6B2CED0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:ef:85:50:cc:1b:b9:29:35:5a:be:9a:29:1d:
ad:39:64:e7:a3:62:b5:dc:4b:81:6f:d0:29:18:61:
3f:97:b7:8a:7a:c7:a9:52:a8:3a:c3:e1:ac:3d:da:
b6:6f:f0:ca:e3:3d:68:ea:24:87:f9:01:ac:7f:4f:
0f:96:44:4f:4a:f7:3a:0f:73:dd:f7:72:c0:7d:b8:
1a:0f:e6:59:96:d1:7e:fd:f0:1d:b6:cd:96:6a:a2:
b1:10:1f:00:d3:76:d5:fb:3b:14:19:40:1b:2c:63:
9e:8c:1c:e3:c1:4a:5f:1d:4f:8c:f5:aa:07:f6:c5:
30:46:34:1f:cf:4f:7a:c7:d2:6d:64:e2:5a:11:13:
11:e7:f4:e5:e5:61:70:12:53:f6:8e:09:c0:b1:86:
4c:f1:7a:65:ce:3b:b8:50:5b:6f:6c:96:ee:af:66:
3d:81:9d:d6:a8:6a:52:85:c8:23:52:2d:a9:44:95:
24:37:b4:ee:73:98:a9:8f:31:4d:af:ec:8e:9b:7b:
06:59:c2:68:db:1b:ce:8c:f5:5d:10:31:37:44:ea:
d7:16:ce:7a:1b:e3:5c:4a:40:d2:32:ec:9b:ca:4c:
c8:f7:c7:0d:48:98:e4:c0:3f:c5:06:fd:76:d4:0c:
5b:ac:41:f8:3d:64:f7:33:ed:84:21:b3:3c:1f:d4:
3b:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:AC:49:38:E5:E1:B6:B9:C6:25:36:B7:9E:56:EB:75:C6:B2:CE:D0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KaxJOOXhtrnGJTa3nlbrdcayztA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
55:63:89:46:1b:53:eb:49:a6:1b:c2:9e:f0:d5:b1:b0:08:9e:
2c:62:c6:e4:fd:2d:fe:3d:f5:aa:1b:6a:f4:6e:82:05:10:53:
e6:46:e7:8e:b0:4d:47:6f:51:58:96:bd:a9:c1:70:a9:97:f8:
d9:9d:74:58:8b:1c:01:fa:1e:b6:91:23:78:ab:cc:bf:fe:75:
5d:ea:a5:c9:9d:f4:69:c1:8b:6c:ec:e4:45:3b:6d:de:e5:7a:
0b:d4:69:5e:94:f6:e9:f6:e4:b7:0c:f1:e7:45:32:87:45:12:
90:12:8a:45:1a:8b:6f:8c:1d:d6:4c:f3:9a:74:9b:f6:45:e8:
05:3a:9b:de:b4:8d:fb:a9:39:e3:a1:6e:f8:46:17:6e:2d:5a:
41:6c:55:5b:35:d4:7b:ae:f2:da:ac:f6:06:07:a6:45:e3:d8:
15:08:84:35:41:f8:ec:21:65:b7:bf:c7:5e:93:d5:a4:51:90:
ea:3a:c9:04:b5:d2:24:1a:8f:37:94:a9:9a:fe:09:f4:be:ad:
c3:4c:35:b8:e5:f2:03:fc:81:12:ab:3c:34:36:3e:de:2a:e4:
57:8e:b5:39:be:0d:04:d4:8a:9d:fb:43:77:87:ee:84:43:e4:
a1:cd:1a:c9:dd:3e:72:bd:d2:a7:1f:07:f9:0f:c9:51:2a:e3:
f3:83:41:02
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICT7kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDQy
MTIzNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI5QUM0OTM4RTVFMUI2
QjlDNjI1MzZCNzlFNTZFQjc1QzZCMkNFRDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDK74VQzBu5KTVavpopHa05ZOejYrXcS4Fv0CkYYT+Xt4p6x6lS
qDrD4aw92rZv8MrjPWjqJIf5Aax/Tw+WRE9K9zoPc933csB9uBoP5lmW0X798B22
zZZqorEQHwDTdtX7OxQZQBssY56MHOPBSl8dT4z1qgf2xTBGNB/PT3rH0m1k4loR
ExHn9OXlYXASU/aOCcCxhkzxemXOO7hQW29slu6vZj2BndaoalKFyCNSLalElSQ3
tO5zmKmPMU2v7I6bewZZwmjbG86M9V0QMTdE6tcWznob41xKQNIy7JvKTMj3xw1I
mOTAP8UG/XbUDFusQfg9ZPcz7YQhszwf1DtXAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUKaxJOOXhtrnGJTa3nlbrdcayztAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0theEpPT1hodHJuR0pU
YTNubGJyZGNheXp0QS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFVjiUYbU+tJphvC
nvDVsbAInixixuT9Lf499aobavRuggUQU+ZG546wTUdvUViWvanBcKmX+NmddFiL
HAH6HraRI3irzL/+dV3qpcmd9GnBi2zs5EU7bd7legvUaV6U9un25LcM8edFModF
EpASikUai2+MHdZM85p0m/ZF6AU6m960jfupOeOhbvhGF24tWkFsVVs11Huu8tqs
9gYHpkXj2BUIhDVB+OwhZbe/x16T1aRRkOo6yQS10iQajzeUqZr+CfS+rcNMNbjl
8gP8gRKrPDQ2Pt4q5FeOtTm+DQTUip37Q3eH7oRD5KHNGsndPnK90qcfB/kPyVEq
4/ODQQI=
-----END CERTIFICATE-----
Generated at Sun May 18 13:36:22 2025 by rpki-client