Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/P3aqy060wHUksaiRjI1AvKYYGqE.roa
File: P3aqy060wHUksaiRjI1AvKYYGqE.roa (raw, json)
Hash identifier: lf1LNofXDTDuXBLntSwfISMWc2sWYik86kAYcKt5ATY=
Subject key identifier: 3F:76:AA:CB:4E:B4:C0:75:24:B1:A8:91:8C:8D:40:BC:A6:18:1A:A1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5421
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P3aqy060wHUksaiRjI1AvKYYGqE.roa
Signing time: Fri 10 May 2024 18:24:02 +0000
ROA not before: Fri 10 May 2024 18:24:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21537 (0x5421)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 18:24:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3F76AACB4EB4C07524B1A8918C8D40BCA6181AA1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:b3:1a:84:be:5f:66:52:7d:57:da:e9:ca:b6:
3e:a9:11:8f:45:25:e5:9e:b8:91:df:30:69:55:3a:
c5:7e:46:b3:68:74:02:80:dc:81:69:6d:97:f5:a3:
95:68:68:71:44:ff:b0:e4:c6:cb:59:01:3c:a3:da:
7d:a1:e6:71:1c:e2:71:c8:83:b9:22:67:c7:f7:f6:
88:a0:be:6c:48:20:6b:33:3c:30:24:b4:f4:63:68:
6f:f0:c6:9c:9b:95:c5:1e:6c:ea:26:fb:a0:f5:32:
e0:65:38:4d:b2:b8:ce:9b:15:36:d0:1e:a9:09:c8:
f9:46:7b:01:e7:7c:9e:3b:1c:9c:ba:19:a9:a9:05:
84:37:cf:24:ad:74:1a:d2:a0:97:59:10:f9:69:ee:
ad:86:02:d7:74:20:85:24:96:93:d9:d8:e4:57:49:
4d:9a:af:fe:8f:b6:ad:c7:49:0e:c9:93:78:fd:15:
30:7c:99:41:95:d0:16:f8:64:72:8e:6e:cc:bc:c7:
25:1d:90:4f:08:5f:73:d6:64:4a:99:81:cf:17:8f:
76:17:1d:4b:10:2d:06:5e:d2:1d:c9:e0:53:d0:f8:
5c:b0:d2:86:86:a9:ce:0c:02:9e:30:23:dd:67:3e:
22:53:03:e7:42:1f:37:56:78:c6:18:85:e2:9a:94:
63:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:76:AA:CB:4E:B4:C0:75:24:B1:A8:91:8C:8D:40:BC:A6:18:1A:A1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P3aqy060wHUksaiRjI1AvKYYGqE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
9a:76:39:13:df:8f:98:94:59:a6:07:89:e0:59:c3:b6:f9:18:
8d:18:31:54:2d:61:d5:bc:62:4e:63:c0:91:26:57:a9:81:da:
dc:71:3e:0a:d6:29:dc:0b:50:b6:f3:4f:9f:fe:6e:2c:86:9f:
46:e3:5b:cf:dc:4a:91:55:bf:96:0c:0b:7a:05:6a:3e:0e:ad:
58:88:fd:d0:3f:00:bb:f6:a6:b4:80:ce:ab:6d:f7:f1:5c:b2:
8e:2e:e0:78:ae:a1:48:93:52:09:39:2b:8e:b7:53:a6:94:4b:
de:98:50:f4:de:32:e6:46:ec:27:d6:d8:5a:e0:6b:a8:7a:2e:
d0:74:e8:f7:22:14:3d:9e:05:5a:30:ee:51:60:2b:b7:48:59:
0b:06:83:cd:0d:f7:81:02:b2:d2:c7:35:be:4a:53:a5:37:4f:
d8:c9:14:d6:fc:f3:d7:4d:9e:d3:62:aa:5e:25:19:49:13:b5:
d1:34:5a:6d:93:07:a9:9d:ec:b4:d2:6a:41:c3:ee:f2:15:5a:
91:61:e9:bf:96:43:ba:8e:91:b7:02:9e:43:2b:6d:27:7f:2f:
35:c3:ed:56:47:4d:ec:48:82:05:de:35:5d:02:2c:51:0e:4d:
ab:09:a0:f5:df:b5:f1:7f:32:62:9b:a0:ad:fd:4f:fe:11:90:
0d:a1:50:2e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVCEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAx
ODI0MDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNGNzZBQUNCNEVCNEMw
NzUyNEIxQTg5MThDOEQ0MEJDQTYxODFBQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCisxqEvl9mUn1X2unKtj6pEY9FJeWeuJHfMGlVOsV+RrNodAKA
3IFpbZf1o5VoaHFE/7DkxstZATyj2n2h5nEc4nHIg7kiZ8f39oigvmxIIGszPDAk
tPRjaG/wxpyblcUebOom+6D1MuBlOE2yuM6bFTbQHqkJyPlGewHnfJ47HJy6Gamp
BYQ3zyStdBrSoJdZEPlp7q2GAtd0IIUklpPZ2ORXSU2ar/6Ptq3HSQ7Jk3j9FTB8
mUGV0Bb4ZHKObsy8xyUdkE8IX3PWZEqZgc8Xj3YXHUsQLQZe0h3J4FPQ+Fyw0oaG
qc4MAp4wI91nPiJTA+dCHzdWeMYYheKalGN1AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUP3aqy060wHUksaiRjI1AvKYYGqEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1AzYXF5MDYwd0hVa3Nh
aVJqSTFBdktZWUdxRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJp2ORPfj5iUWaYH
ieBZw7b5GI0YMVQtYdW8Yk5jwJEmV6mB2txxPgrWKdwLULbzT5/+biyGn0bjW8/c
SpFVv5YMC3oFaj4OrViI/dA/ALv2prSAzqtt9/Fcso4u4HiuoUiTUgk5K463U6aU
S96YUPTeMuZG7CfW2Frga6h6LtB06PciFD2eBVow7lFgK7dIWQsGg80N94ECstLH
Nb5KU6U3T9jJFNb889dNntNiql4lGUkTtdE0Wm2TB6md7LTSakHD7vIVWpFh6b+W
Q7qOkbcCnkMrbSd/LzXD7VZHTexIggXeNV0CLFEOTasJoPXftfF/MmKboK39T/4R
kA2hUC4=
-----END CERTIFICATE-----
Generated at Sun May 18 12:24:12 2025 by rpki-client