Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MrmgqydJVc1MFiRQh7SrNcAEbdU.roa
File: MrmgqydJVc1MFiRQh7SrNcAEbdU.roa (raw, json)
Hash identifier: 2VX5eJYtMRZfMpAtEAPIGxhZisA8stfK17iq26c0FJQ=
Subject key identifier: 32:B9:A0:AB:27:49:55:CD:4C:16:24:50:87:B4:AB:35:C0:04:6D:D5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5379
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MrmgqydJVc1MFiRQh7SrNcAEbdU.roa
Signing time: Thu 09 May 2024 21:23:59 +0000
ROA not before: Thu 09 May 2024 21:23:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21369 (0x5379)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 21:23:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=32B9A0AB274955CD4C16245087B4AB35C0046DD5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:91:77:b8:11:2e:ea:da:b2:35:de:40:9b:56:
ca:0c:a1:fe:d5:b7:de:43:9e:5e:2e:73:a9:ab:dc:
ce:41:55:2d:a9:f8:73:53:5c:b9:c3:61:10:53:3a:
83:33:b8:08:b4:d3:65:d1:4c:53:c5:c5:d5:83:35:
aa:e7:0b:79:5a:fb:f0:3c:4c:a7:48:46:e0:a9:9c:
2d:c7:72:f9:b2:eb:43:9b:f4:da:d8:b5:3b:f6:59:
23:22:b8:8e:ed:82:ca:48:80:98:bb:41:8a:ce:e6:
b8:07:eb:14:7c:03:9e:da:2d:47:89:1d:3e:c2:88:
4a:a0:e4:f9:62:b6:e3:7e:49:2b:ce:41:13:e4:97:
6a:63:44:f3:aa:7c:85:47:39:86:71:20:f8:92:90:
46:95:8b:4c:bd:25:e1:c2:ee:c7:1c:6e:54:e4:8e:
25:33:a8:d4:11:47:4d:31:b5:cd:6a:5d:07:86:0a:
92:5d:5b:48:5d:6a:b6:ab:64:f7:4a:53:16:c7:8e:
99:ae:0b:ef:67:b7:ee:1a:89:b0:10:9a:da:74:03:
76:1e:60:25:df:96:3d:27:e1:ba:db:62:22:93:36:
ce:84:be:9d:21:39:87:5f:30:9e:d4:ad:11:50:48:
b0:45:52:50:93:af:00:a5:6f:b8:94:a8:93:d7:47:
9a:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:B9:A0:AB:27:49:55:CD:4C:16:24:50:87:B4:AB:35:C0:04:6D:D5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MrmgqydJVc1MFiRQh7SrNcAEbdU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
bc:bb:40:af:28:06:a3:06:6b:f5:4f:c4:99:0e:8f:00:49:90:
c9:b5:91:a9:c4:fb:92:fd:3f:a3:26:7b:20:25:89:ae:74:a8:
00:c1:22:f8:86:6d:3d:03:9e:d4:51:3e:03:42:85:c2:65:ec:
ab:19:41:22:ec:09:87:1c:19:c1:76:6c:4a:2b:3b:29:b0:55:
03:91:c9:c5:cb:80:dd:01:f4:88:e5:7c:60:72:71:06:af:5f:
4d:e5:f6:b6:da:cc:16:78:9f:4b:00:bc:96:e4:21:4f:32:2d:
0f:88:a4:07:bf:1b:b8:2a:63:51:2b:9a:e7:cd:17:fb:4b:2f:
ca:d2:5c:91:77:2c:06:ca:70:cb:27:78:ef:31:ab:1d:a9:20:
f9:66:5e:40:0b:63:c5:f1:d2:29:f2:79:05:fd:b3:4e:a6:1e:
51:5f:de:3a:bb:f5:c0:39:44:e0:98:ee:41:78:36:2a:7a:a5:
29:da:85:b9:e0:18:4c:f1:ba:e7:a1:c7:e3:35:29:2a:de:62:
f7:dd:1f:05:a6:30:fd:3d:16:e3:bf:06:d9:0c:9d:29:8a:57:
f6:75:36:b0:c1:a3:58:04:a7:b0:b4:da:b7:73:63:34:d7:bc:
26:f4:70:49:ec:62:0d:22:ad:61:71:0b:9b:e6:d3:0f:4f:c7:
49:35:f0:fd
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICU3kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDky
MTIzNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDMyQjlBMEFCMjc0OTU1
Q0Q0QzE2MjQ1MDg3QjRBQjM1QzAwNDZERDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUkXe4ES7q2rI13kCbVsoMof7Vt95Dnl4uc6mr3M5BVS2p+HNT
XLnDYRBTOoMzuAi002XRTFPFxdWDNarnC3la+/A8TKdIRuCpnC3Hcvmy60Ob9NrY
tTv2WSMiuI7tgspIgJi7QYrO5rgH6xR8A57aLUeJHT7CiEqg5PlituN+SSvOQRPk
l2pjRPOqfIVHOYZxIPiSkEaVi0y9JeHC7sccblTkjiUzqNQRR00xtc1qXQeGCpJd
W0hdararZPdKUxbHjpmuC+9nt+4aibAQmtp0A3YeYCXflj0n4brbYiKTNs6Evp0h
OYdfMJ7UrRFQSLBFUlCTrwClb7iUqJPXR5oTAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUMrmgqydJVc1MFiRQh7SrNcAEbdUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01ybWdxeWRKVmMxTUZp
UlFoN1NyTmNBRWJkVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALy7QK8oBqMGa/VP
xJkOjwBJkMm1kanE+5L9P6MmeyAlia50qADBIviGbT0DntRRPgNChcJl7KsZQSLs
CYccGcF2bEorOymwVQORycXLgN0B9IjlfGBycQavX03l9rbazBZ4n0sAvJbkIU8y
LQ+IpAe/G7gqY1ErmufNF/tLL8rSXJF3LAbKcMsneO8xqx2pIPlmXkALY8Xx0iny
eQX9s06mHlFf3jq79cA5ROCY7kF4Nip6pSnahbngGEzxuuehx+M1KSreYvfdHwWm
MP09FuO/BtkMnSmKV/Z1NrDBo1gEp7C02rdzYzTXvCb0cEnsYg0irWFxC5vm0w9P
x0k18P0=
-----END CERTIFICATE-----
Generated at Sun May 18 07:32:53 2025 by rpki-client