Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Kd0n7x5XLSAfxdcL1bb6b-iHFmk.roa
File: Kd0n7x5XLSAfxdcL1bb6b-iHFmk.roa (raw, json)
Hash identifier: s/3IR71ArHSY8XlH02u31bKdC5nbgJ8cjaNtlmEneeg=
Subject key identifier: 29:DD:27:EF:1E:57:2D:20:1F:C5:D7:0B:D5:B6:FA:6F:E8:87:16:69
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 55A1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Kd0n7x5XLSAfxdcL1bb6b-iHFmk.roa
Signing time: Sun 12 May 2024 18:24:24 +0000
ROA not before: Sun 12 May 2024 18:24:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21921 (0x55a1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 18:24:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=29DD27EF1E572D201FC5D70BD5B6FA6FE8871669
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:d6:08:b1:b4:23:1b:c3:99:de:8e:ae:67:f1:
a9:3c:e6:5a:c3:f1:03:27:55:ba:d2:b0:31:e0:24:
8c:12:70:c8:dd:45:f7:77:bd:01:2b:b8:85:52:b4:
38:b5:fd:63:e7:9c:c6:10:19:2e:e3:1b:5d:67:2a:
21:5d:ca:ab:ab:b2:d9:5c:6d:f8:94:b6:8e:42:25:
84:05:27:07:a3:ff:48:9e:4a:08:f0:5e:59:05:e0:
90:0f:99:7e:5f:52:20:70:e3:0e:af:c1:2f:ac:e7:
76:12:64:3e:b5:e4:1c:2e:a8:98:96:02:e4:ad:17:
24:8e:0f:97:5d:91:da:95:34:39:c3:70:34:2a:7a:
3f:c8:1c:eb:67:82:1d:39:72:68:9f:55:0e:b1:96:
29:95:e6:88:e3:a5:45:29:82:d4:c0:8c:b1:58:a3:
6b:03:8f:81:7e:d6:b6:6e:4d:0b:f9:c6:fe:bc:66:
8a:63:82:85:4c:f0:ea:2d:c3:bc:15:35:86:ac:29:
4c:55:90:a7:ed:d8:da:2d:c4:ac:ab:d6:b6:d8:4f:
27:09:58:24:33:d4:b4:fc:4c:c3:b8:c9:5d:98:b3:
a4:a7:ca:29:10:61:ac:36:07:64:b4:da:51:34:ff:
a0:d8:88:c0:18:57:1d:36:61:31:7b:09:d1:9a:eb:
b4:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:DD:27:EF:1E:57:2D:20:1F:C5:D7:0B:D5:B6:FA:6F:E8:87:16:69
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Kd0n7x5XLSAfxdcL1bb6b-iHFmk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
74:78:55:c9:22:ab:fa:43:08:d8:1a:12:69:9f:20:da:69:c9:
15:b6:a3:b7:bd:02:80:90:e6:07:b0:6d:8a:5b:ae:34:b5:f3:
83:b2:88:c7:c9:60:bc:27:ea:14:86:a3:27:d0:2d:87:b1:ea:
5d:9b:36:bf:e4:65:6e:ef:8e:54:73:ec:87:5e:56:45:fd:cd:
50:da:9b:a7:86:f8:3d:8e:63:94:ca:2d:5d:d0:90:1f:ca:f0:
4a:c7:68:05:71:9c:0f:11:8d:06:95:09:40:3e:93:94:43:4e:
c7:13:72:60:19:a3:d3:87:27:f1:3b:e8:f3:31:ba:0e:44:3f:
27:7d:e5:fd:97:49:b6:dd:5c:28:9f:fd:af:07:b5:16:6b:03:
d7:70:13:e1:9d:58:cd:8a:7c:d7:66:31:3c:31:ec:f6:c2:8d:
34:89:bf:ec:dd:f4:91:6c:bc:5a:e0:42:41:47:ed:9f:ab:af:
54:95:91:8a:85:4b:d5:c9:77:05:01:16:c2:b5:ce:42:b5:d4:
5c:fb:e6:91:36:43:f8:be:4c:f1:4e:7d:2f:c9:7e:79:c6:18:
f9:9e:8a:55:b1:db:65:9e:2f:44:85:5e:8d:a9:54:00:b1:3e:
e4:7a:fe:34:fe:c8:e4:d7:7e:a0:6a:7e:24:c3:41:5c:ee:02:
40:05:bd:04
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVaEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIx
ODI0MjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI5REQyN0VGMUU1NzJE
MjAxRkM1RDcwQkQ1QjZGQTZGRTg4NzE2NjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDB1gixtCMbw5nejq5n8ak85lrD8QMnVbrSsDHgJIwScMjdRfd3
vQEruIVStDi1/WPnnMYQGS7jG11nKiFdyqurstlcbfiUto5CJYQFJwej/0ieSgjw
XlkF4JAPmX5fUiBw4w6vwS+s53YSZD615BwuqJiWAuStFySOD5ddkdqVNDnDcDQq
ej/IHOtngh05cmifVQ6xlimV5ojjpUUpgtTAjLFYo2sDj4F+1rZuTQv5xv68Zopj
goVM8Ootw7wVNYasKUxVkKft2NotxKyr1rbYTycJWCQz1LT8TMO4yV2Ys6SnyikQ
Yaw2B2S02lE0/6DYiMAYVx02YTF7CdGa67TBAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUKd0n7x5XLSAfxdcL1bb6b+iHFmkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tkMG43eDVYTFNBZnhk
Y0wxYmI2Yi1pSEZtay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHR4Vckiq/pDCNga
EmmfINppyRW2o7e9AoCQ5gewbYpbrjS184OyiMfJYLwn6hSGoyfQLYex6l2bNr/k
ZW7vjlRz7IdeVkX9zVDam6eG+D2OY5TKLV3QkB/K8ErHaAVxnA8RjQaVCUA+k5RD
TscTcmAZo9OHJ/E76PMxug5EPyd95f2XSbbdXCif/a8HtRZrA9dwE+GdWM2KfNdm
MTwx7PbCjTSJv+zd9JFsvFrgQkFH7Z+rr1SVkYqFS9XJdwUBFsK1zkK11Fz75pE2
Q/i+TPFOfS/JfnnGGPmeilWx22WeL0SFXo2pVACxPuR6/jT+yOTXfqBqfiTDQVzu
AkAFvQQ=
-----END CERTIFICATE-----
Generated at Sat May 17 19:35:31 2025 by rpki-client