Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MlGLTpWlogyIdqJC-l-RpYZO2CM.roa
File: MlGLTpWlogyIdqJC-l-RpYZO2CM.roa (raw, json)
Hash identifier: q/Y2vM5C4+YZKLvNklSmxR+FpqYPcdiJfP85UH1AN9A=
Subject key identifier: 32:51:8B:4E:95:A5:A2:0C:88:76:A2:42:FA:5F:91:A5:86:4E:D8:23
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3CE1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MlGLTpWlogyIdqJC-l-RpYZO2CM.roa
Signing time: Tue 09 Apr 2024 18:22:37 +0000
ROA not before: Tue 09 Apr 2024 18:22:37 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15585 (0x3ce1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 18:22:37 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=32518B4E95A5A20C8876A242FA5F91A5864ED823
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:ae:df:ca:cc:e5:e5:15:c9:b5:73:1f:69:cb:
db:08:cd:ec:b6:41:dc:9e:9b:5b:ae:ec:fe:57:9d:
35:fa:e3:d9:8d:d0:46:cc:de:45:6c:fe:2a:8e:95:
48:c6:00:a7:28:12:19:6c:36:f7:6e:7d:8c:20:b8:
34:6f:e5:49:ab:4c:51:f6:86:db:f4:24:7d:fc:7a:
80:7e:62:ed:e9:3c:36:32:e8:bc:6d:be:19:32:6c:
90:90:86:83:1e:a8:59:bb:95:ff:0c:6b:49:5c:67:
c3:13:17:af:02:d5:d2:a2:af:7d:00:2f:6f:a2:cb:
22:5a:1e:f4:b8:76:dd:db:51:b5:38:10:48:c3:a1:
23:82:73:f0:9b:bf:11:9f:e8:55:6d:ec:03:b9:e0:
f6:27:5a:87:bd:e3:ee:40:43:a1:19:20:4d:19:69:
f2:5d:18:b6:2b:48:ca:b2:cb:6c:f7:7c:63:eb:36:
3a:95:66:ec:f9:35:d0:94:d0:7e:0f:97:31:f3:5f:
20:a9:3e:c7:c1:79:cb:ef:64:cc:7d:0b:cc:16:cb:
46:05:1b:d0:60:48:9f:8c:8c:38:12:9a:a6:5f:0d:
08:64:6c:a4:a4:3b:e4:be:2f:32:45:03:92:ab:e9:
20:4c:50:73:b1:fb:eb:0b:ff:63:cf:b5:7a:79:dc:
23:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:51:8B:4E:95:A5:A2:0C:88:76:A2:42:FA:5F:91:A5:86:4E:D8:23
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MlGLTpWlogyIdqJC-l-RpYZO2CM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
9e:18:e7:c1:7b:94:72:72:90:6c:63:b9:6d:6d:cf:b1:ee:0b:
d8:79:a0:fc:52:da:f5:d6:27:ef:8d:ed:f2:b9:5c:d6:15:61:
0b:e9:32:e3:47:75:3f:d2:7b:23:e5:74:36:0f:d9:31:20:97:
df:22:a8:e7:1d:06:22:6d:f4:9c:4f:4b:9d:dd:38:b4:a2:ab:
3b:7a:ca:00:bd:60:b7:c4:c2:7c:f7:ae:26:0f:09:2b:03:68:
86:41:8a:c3:8a:d8:4d:f8:79:6f:31:b4:d1:c8:cb:99:42:68:
c7:51:f8:3a:16:e4:04:47:fe:ea:3f:40:1d:3b:cc:e7:70:12:
05:f9:33:d4:43:29:2e:bb:e5:63:79:1e:d4:1d:19:35:41:8b:
4a:76:80:f1:a2:c7:ee:0a:38:94:41:9f:78:04:77:e5:ff:de:
ff:a3:63:96:4c:f8:ef:c0:be:c0:54:0f:09:2e:bf:bc:08:81:
6a:e3:5a:6e:95:e4:df:76:91:0f:7b:b2:d0:23:3b:1e:d7:c6:
2a:a1:d5:33:92:30:ba:a5:47:78:03:b3:52:eb:c1:ac:1f:5c:
e1:13:37:03:02:ab:2b:11:40:41:c6:76:5c:89:a0:1e:51:1f:
07:31:70:b6:e6:7e:52:ca:09:3e:0a:13:e3:28:19:c9:3e:b4:
2c:b8:ee:15
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPOEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkx
ODIyMzdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDMyNTE4QjRFOTVBNUEy
MEM4ODc2QTI0MkZBNUY5MUE1ODY0RUQ4MjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDrt/KzOXlFcm1cx9py9sIzey2Qdyem1uu7P5XnTX649mN0EbM
3kVs/iqOlUjGAKcoEhlsNvdufYwguDRv5UmrTFH2htv0JH38eoB+Yu3pPDYy6Lxt
vhkybJCQhoMeqFm7lf8Ma0lcZ8MTF68C1dKir30AL2+iyyJaHvS4dt3bUbU4EEjD
oSOCc/CbvxGf6FVt7AO54PYnWoe94+5AQ6EZIE0ZafJdGLYrSMqyy2z3fGPrNjqV
Zuz5NdCU0H4PlzHzXyCpPsfBecvvZMx9C8wWy0YFG9BgSJ+MjDgSmqZfDQhkbKSk
O+S+LzJFA5Kr6SBMUHOx++sL/2PPtXp53CPrAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUMlGLTpWlogyIdqJC+l+RpYZO2CMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01sR0xUcFdsb2d5SWRx
SkMtbC1ScFlaTzJDTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJ4Y58F7lHJykGxj
uW1tz7HuC9h5oPxS2vXWJ++N7fK5XNYVYQvpMuNHdT/SeyPldDYP2TEgl98iqOcd
BiJt9JxPS53dOLSiqzt6ygC9YLfEwnz3riYPCSsDaIZBisOK2E34eW8xtNHIy5lC
aMdR+DoW5ARH/uo/QB07zOdwEgX5M9RDKS675WN5HtQdGTVBi0p2gPGix+4KOJRB
n3gEd+X/3v+jY5ZM+O/AvsBUDwkuv7wIgWrjWm6V5N92kQ97stAjOx7Xxiqh1TOS
MLqlR3gDs1LrwawfXOETNwMCqysRQEHGdlyJoB5RHwcxcLbmflLKCT4KE+MoGck+
tCy47hU=
-----END CERTIFICATE-----
Generated at Sun May 18 01:54:50 2025 by rpki-client