Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PIe86qhDHeFMRSPGgT0PCBO2MP8.roa
File: PIe86qhDHeFMRSPGgT0PCBO2MP8.roa (raw, json)
Hash identifier: 7A8H6KXHPcUwiYf+yGfaKF2CTBPJkH2sN8WF9xZp9o0=
Subject key identifier: 3C:87:BC:EA:A8:43:1D:E1:4C:45:23:C6:81:3D:0F:08:13:B6:30:FF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4FFD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PIe86qhDHeFMRSPGgT0PCBO2MP8.roa
Signing time: Sun 05 May 2024 05:53:48 +0000
ROA not before: Sun 05 May 2024 05:53:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20477 (0x4ffd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 05:53:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3C87BCEAA8431DE14C4523C6813D0F0813B630FF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:5e:89:5a:d4:79:0e:e0:20:5c:e1:8e:3c:b4:
dc:65:57:aa:d5:d7:cc:a3:88:af:7d:b7:a4:97:37:
a2:31:2e:e9:db:29:36:17:e0:05:39:65:7e:ec:38:
21:24:7c:ad:54:78:b1:2d:e0:36:18:48:77:c9:89:
1e:d6:14:3f:9b:71:f9:27:b5:b3:fe:fb:d7:53:7f:
7d:da:33:df:08:18:e4:b9:e0:3d:28:a2:c4:5f:af:
f6:0e:41:0a:30:66:8e:63:47:23:e3:13:69:5b:8f:
da:7e:2f:9c:24:b4:7d:74:ea:ce:74:0d:dc:eb:db:
41:e8:8f:28:f8:ba:bb:b8:2a:19:ac:bb:8f:17:a7:
84:5f:7d:00:5b:1e:2a:26:fc:b0:a9:cc:d7:61:6f:
34:c0:79:81:84:01:75:27:3d:9c:16:49:5b:0c:9b:
f7:e6:7b:df:d9:65:dc:93:4c:44:4b:92:7b:be:13:
2a:0e:4c:88:5d:bc:63:bd:e3:9d:43:5b:6a:97:c9:
b9:f3:b8:fb:32:fa:66:a0:db:b0:ee:86:d8:d5:eb:
5e:31:1e:a8:13:ec:ae:4c:ca:ca:10:5e:90:b8:e5:
cc:b1:a8:3a:78:0b:4f:f8:17:cd:98:83:a1:1e:08:
78:0f:57:d5:b2:c0:1a:74:c2:24:17:37:ef:2f:3a:
90:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:87:BC:EA:A8:43:1D:E1:4C:45:23:C6:81:3D:0F:08:13:B6:30:FF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PIe86qhDHeFMRSPGgT0PCBO2MP8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
20:fc:1a:56:95:04:54:73:df:40:4a:b4:4f:67:eb:b9:db:b4:
c8:e2:9d:79:5e:f6:24:b8:93:7d:8b:9e:2b:51:47:cf:18:d8:
e9:7e:9b:41:4d:3d:b1:08:29:55:a6:49:e4:49:f5:5a:f9:bb:
f9:52:7f:82:5f:4f:ca:71:d5:30:62:92:29:9a:9e:22:97:10:
8b:0d:9d:37:65:91:1b:c5:80:a7:11:75:78:05:bb:0b:0f:e8:
3c:ed:8b:c4:fa:e0:21:8e:70:53:21:c7:f7:8e:05:11:ab:0d:
37:9f:7c:ca:2a:36:a9:c4:d2:d6:2e:68:33:f1:2e:a2:2c:f9:
bd:e2:98:d7:8f:64:71:17:d7:66:51:1a:a8:4c:8c:83:38:91:
53:84:50:f9:37:a3:0a:e8:d5:d7:3a:a7:93:f7:2d:c6:88:d5:
1e:e9:99:dd:26:92:4a:7f:be:94:03:51:75:73:21:46:67:7c:
a1:a9:b8:78:f7:0d:b3:59:38:0a:00:7a:13:81:e5:f8:14:0f:
44:7f:29:42:e2:ed:72:12:a9:73:7d:e6:29:24:3a:4f:d0:90:
71:70:8b:b0:10:08:3a:af:d8:d4:2f:93:b9:2d:64:46:69:06:
85:f4:33:1c:5e:04:f0:c2:27:f3:4e:35:ea:d4:ec:7f:8c:08:
86:0c:d3:b4
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICT/0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUw
NTUzNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNDODdCQ0VBQTg0MzFE
RTE0QzQ1MjNDNjgxM0QwRjA4MTNCNjMwRkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYXola1HkO4CBc4Y48tNxlV6rV18yjiK99t6SXN6IxLunbKTYX
4AU5ZX7sOCEkfK1UeLEt4DYYSHfJiR7WFD+bcfkntbP++9dTf33aM98IGOS54D0o
osRfr/YOQQowZo5jRyPjE2lbj9p+L5wktH106s50Ddzr20Hojyj4uru4Khmsu48X
p4RffQBbHiom/LCpzNdhbzTAeYGEAXUnPZwWSVsMm/fme9/ZZdyTTERLknu+EyoO
TIhdvGO9451DW2qXybnzuPsy+mag27DuhtjV614xHqgT7K5MysoQXpC45cyxqDp4
C0/4F82Yg6EeCHgPV9WywBp0wiQXN+8vOpAhAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUPIe86qhDHeFMRSPGgT0PCBO2MP8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BJZTg2cWhESGVGTVJT
UEdnVDBQQ0JPMk1QOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACD8GlaVBFRz30BK
tE9n67nbtMjinXle9iS4k32LnitRR88Y2Ol+m0FNPbEIKVWmSeRJ9Vr5u/lSf4Jf
T8px1TBikimaniKXEIsNnTdlkRvFgKcRdXgFuwsP6Dzti8T64CGOcFMhx/eOBRGr
DTeffMoqNqnE0tYuaDPxLqIs+b3imNePZHEX12ZRGqhMjIM4kVOEUPk3owro1dc6
p5P3LcaI1R7pmd0mkkp/vpQDUXVzIUZnfKGpuHj3DbNZOAoAehOB5fgUD0R/KULi
7XISqXN95ikkOk/QkHFwi7AQCDqv2NQvk7ktZEZpBoX0MxxeBPDCJ/NONerU7H+M
CIYM07Q=
-----END CERTIFICATE-----
Generated at Sat May 17 19:34:11 2025 by rpki-client