Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OUk5j4GotD_TUvffPvaHH5zfQTQ.roa
File: OUk5j4GotD_TUvffPvaHH5zfQTQ.roa (raw, json)
Hash identifier: xqzVMwoX3waRkCDNpbaZeBc+9+5mpga6dN1gDarIDD8=
Subject key identifier: 39:49:39:8F:81:A8:B4:3F:D3:52:F7:DF:3E:F6:87:1F:9C:DF:41:34
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 51A5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OUk5j4GotD_TUvffPvaHH5zfQTQ.roa
Signing time: Tue 07 May 2024 10:53:53 +0000
ROA not before: Tue 07 May 2024 10:53:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20901 (0x51a5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 10:53:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3949398F81A8B43FD352F7DF3EF6871F9CDF4134
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:d3:8d:28:16:cb:7d:ae:4b:7e:36:94:14:fa:
cb:17:81:43:97:ab:3c:b8:0a:cf:ca:8b:b1:34:ce:
0d:48:88:b9:5f:77:ca:3d:4a:15:38:0a:9f:c2:e3:
4d:e3:6f:57:4b:84:e5:95:8c:dc:29:79:dc:59:90:
a2:bb:1e:57:a6:0f:c4:fa:ec:12:85:91:01:23:19:
c7:d2:84:70:e9:c5:b5:98:68:70:d4:36:be:23:64:
5b:fc:7e:48:75:99:9e:90:6c:7f:a3:15:ad:b9:6c:
5d:c4:61:05:cc:8b:db:c6:66:40:d6:27:38:88:70:
be:34:ec:01:c7:36:12:b3:56:4c:85:ae:95:2b:d2:
cb:e3:38:72:71:af:5d:ad:58:4b:a5:00:ff:56:03:
f0:a6:3e:16:5b:df:4a:f5:77:66:ae:27:62:f2:94:
49:87:3e:4f:64:63:6c:9b:2c:e4:51:41:e7:84:2b:
c2:d9:e9:97:0f:4c:d3:0d:f6:51:36:1a:15:3f:4a:
e2:65:88:1a:3f:ab:d0:37:8a:4b:1f:71:fc:51:d0:
89:96:56:f5:06:c1:5a:99:17:83:c1:e1:c6:bc:fd:
c1:8a:7a:4b:eb:7b:fd:2b:a1:ff:19:40:ab:8b:47:
5c:23:23:b4:a7:e2:ed:50:ac:2c:e6:d4:58:b6:25:
29:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:49:39:8F:81:A8:B4:3F:D3:52:F7:DF:3E:F6:87:1F:9C:DF:41:34
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OUk5j4GotD_TUvffPvaHH5zfQTQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
05:c4:7d:3d:9a:8f:ed:7f:28:cc:29:28:e7:cc:c9:b5:18:43:
a2:e4:49:90:bd:a7:07:ca:9b:55:b6:7e:c9:6c:05:e5:3f:0b:
fe:56:66:2b:64:d0:47:97:79:7b:e5:0b:53:7a:a7:6d:dc:85:
fa:b2:a6:38:70:b2:b1:58:25:2d:d2:8f:76:9e:73:a7:59:4c:
8e:86:ec:90:37:f0:6f:d9:26:9a:09:40:ba:f8:26:4b:00:4d:
29:89:e4:6f:d8:20:5a:45:a2:9d:35:61:22:41:de:66:19:be:
41:88:44:4a:25:92:24:9c:fc:9c:fb:2c:69:c0:af:53:a6:59:
ee:dc:c8:3a:18:74:a9:4b:9a:a6:b0:4b:a4:00:f2:20:e9:8b:
80:0a:08:f7:cf:8a:a6:62:5f:a7:0b:aa:b1:88:5d:19:66:3f:
64:4f:31:af:9e:5d:18:4d:56:86:4d:a4:15:f8:f8:42:8e:c4:
b1:c2:d4:d4:00:60:c1:7c:11:a2:a8:50:42:b3:1f:3e:dc:4c:
d9:ea:c2:88:14:d3:b6:f3:1b:3b:38:73:1e:0c:16:9b:ad:98:
d0:85:1c:cd:c9:ab:56:87:8b:d2:57:9b:d3:72:3d:91:78:53:
64:d3:20:2b:50:d2:5a:f6:ae:7c:38:73:8f:05:b8:f5:9d:aa:
9b:fb:29:13
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUaUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcx
MDUzNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM5NDkzOThGODFBOEI0
M0ZEMzUyRjdERjNFRjY4NzFGOUNERjQxMzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCl040oFst9rkt+NpQU+ssXgUOXqzy4Cs/Ki7E0zg1IiLlfd8o9
ShU4Cp/C403jb1dLhOWVjNwpedxZkKK7HlemD8T67BKFkQEjGcfShHDpxbWYaHDU
Nr4jZFv8fkh1mZ6QbH+jFa25bF3EYQXMi9vGZkDWJziIcL407AHHNhKzVkyFrpUr
0svjOHJxr12tWEulAP9WA/CmPhZb30r1d2auJ2LylEmHPk9kY2ybLORRQeeEK8LZ
6ZcPTNMN9lE2GhU/SuJliBo/q9A3iksfcfxR0ImWVvUGwVqZF4PB4ca8/cGKekvr
e/0rof8ZQKuLR1wjI7Sn4u1QrCzm1Fi2JSkDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUOUk5j4GotD/TUvffPvaHH5zfQTQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09VazVqNEdvdERfVFV2
ZmZQdmFISDV6ZlFUUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAXEfT2aj+1/KMwp
KOfMybUYQ6LkSZC9pwfKm1W2fslsBeU/C/5WZitk0EeXeXvlC1N6p23chfqypjhw
srFYJS3Sj3aec6dZTI6G7JA38G/ZJpoJQLr4JksATSmJ5G/YIFpFop01YSJB3mYZ
vkGIREolkiSc/Jz7LGnAr1OmWe7cyDoYdKlLmqawS6QA8iDpi4AKCPfPiqZiX6cL
qrGIXRlmP2RPMa+eXRhNVoZNpBX4+EKOxLHC1NQAYMF8EaKoUEKzHz7cTNnqwogU
07bzGzs4cx4MFputmNCFHM3Jq1aHi9JXm9NyPZF4U2TTICtQ0lr2rnw4c48FuPWd
qpv7KRM=
-----END CERTIFICATE-----
Generated at Sat May 17 22:38:14 2025 by rpki-client