Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QIDegrSiPW69YrufjIEMGZneKfI.roa
File: QIDegrSiPW69YrufjIEMGZneKfI.roa (raw, json)
Hash identifier: NuUL/vGcaUfsRIP0GphhnHgb8Zy2eTnm03Ii4y7HtGU=
Subject key identifier: 40:80:DE:82:B4:A2:3D:6E:BD:62:BB:9F:8C:81:0C:19:99:DE:29:F2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 37E9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QIDegrSiPW69YrufjIEMGZneKfI.roa
Signing time: Wed 03 Apr 2024 03:22:41 +0000
ROA not before: Wed 03 Apr 2024 03:22:41 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14313 (0x37e9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 3 03:22:41 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4080DE82B4A23D6EBD62BB9F8C810C1999DE29F2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:10:e1:c8:55:ef:f5:e2:2b:d3:6f:dd:ac:4c:
3d:09:92:2b:a1:ed:97:6e:d2:08:cf:dc:c8:f5:e5:
5b:97:0d:b8:ad:81:01:39:2b:cb:83:73:cc:7f:0c:
f3:7f:9f:92:38:15:e4:28:73:23:22:fc:ee:bb:2b:
22:c7:c5:9c:ee:ea:30:11:7b:4a:8f:67:b9:10:0b:
3b:98:88:8b:1a:10:86:b1:21:5f:95:87:e5:0c:66:
4b:79:1f:37:42:82:94:55:27:7b:94:38:cd:84:7e:
81:a2:d6:0d:46:54:71:1d:17:1a:46:65:ac:d8:6e:
1e:07:a5:3d:7a:9c:55:b5:7c:35:fd:bd:89:e8:87:
68:57:c4:68:57:ed:f4:da:ab:1c:51:70:4a:15:af:
0c:cb:30:ab:74:a8:dd:96:c4:ba:a8:6f:fa:72:47:
8f:18:71:c1:fe:77:67:e0:09:62:8b:36:69:99:ef:
5f:bf:41:f8:fa:58:33:7e:99:02:a8:bd:df:53:2c:
2b:77:7a:5c:dd:81:40:d3:f5:ab:a7:1e:a8:99:1c:
95:51:d9:88:5e:af:46:ac:ec:29:4d:45:e1:30:be:
bd:33:07:49:a2:02:05:31:ff:ba:3f:da:68:81:cd:
4b:98:f9:2e:a7:de:9b:5d:1a:17:d4:db:17:bc:f6:
c8:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:80:DE:82:B4:A2:3D:6E:BD:62:BB:9F:8C:81:0C:19:99:DE:29:F2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QIDegrSiPW69YrufjIEMGZneKfI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
9a:d1:ff:1d:4c:61:ae:af:05:ca:87:49:13:0b:a3:3a:3a:a6:
09:73:e4:b2:1e:54:8b:92:9a:35:11:e6:be:56:fb:b8:64:03:
ac:e2:14:94:9d:b6:04:8d:66:2f:9d:ff:aa:4a:b2:67:94:51:
db:13:28:74:be:64:de:48:09:c2:9d:93:7d:55:3d:c1:30:99:
5e:e4:6f:f9:06:ac:00:ad:aa:c3:ff:6b:9f:4d:2e:62:ab:1f:
dd:e9:48:02:be:a2:a7:07:1b:32:6f:c9:ad:c3:54:17:c9:ab:
9d:1a:3e:a2:a5:78:69:28:0b:1b:1c:ca:2b:2c:f5:e7:66:74:
65:76:f0:95:c5:bb:e6:34:04:9b:75:92:80:2b:da:38:42:95:
77:b9:ea:1a:df:72:33:4c:a9:b7:b8:48:78:8f:1c:74:5d:d6:
69:d9:de:08:aa:ac:14:87:dd:00:97:a6:c9:f3:f5:a5:ac:1b:
bb:59:90:3d:d1:f6:27:ec:b8:a1:11:ff:2d:7b:e7:3e:e8:39:
bf:7e:e3:97:6b:62:1f:fc:4a:32:96:90:b2:bc:40:2d:97:73:
fe:0b:77:77:ce:84:fb:7a:4c:59:00:cf:99:b0:60:3a:75:63:
0f:88:6c:96:7e:37:5b:8b:92:f1:f4:4e:dc:fb:67:47:18:60:
d1:4d:79:98
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICN+kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDMw
MzIyNDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQwODBERTgyQjRBMjNE
NkVCRDYyQkI5RjhDODEwQzE5OTlERTI5RjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMEOHIVe/14ivTb92sTD0Jkiuh7Zdu0gjP3Mj15VuXDbitgQE5
K8uDc8x/DPN/n5I4FeQocyMi/O67KyLHxZzu6jARe0qPZ7kQCzuYiIsaEIaxIV+V
h+UMZkt5HzdCgpRVJ3uUOM2EfoGi1g1GVHEdFxpGZazYbh4HpT16nFW1fDX9vYno
h2hXxGhX7fTaqxxRcEoVrwzLMKt0qN2WxLqob/pyR48YccH+d2fgCWKLNmmZ71+/
Qfj6WDN+mQKovd9TLCt3elzdgUDT9aunHqiZHJVR2Yher0as7ClNReEwvr0zB0mi
AgUx/7o/2miBzUuY+S6n3ptdGhfU2xe89siJAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUQIDegrSiPW69YrufjIEMGZneKfIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FJRGVnclNpUFc2OVly
dWZqSUVNR1puZUtmSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJrR/x1MYa6vBcqH
SRMLozo6pglz5LIeVIuSmjUR5r5W+7hkA6ziFJSdtgSNZi+d/6pKsmeUUdsTKHS+
ZN5ICcKdk31VPcEwmV7kb/kGrACtqsP/a59NLmKrH93pSAK+oqcHGzJvya3DVBfJ
q50aPqKleGkoCxscyiss9edmdGV28JXFu+Y0BJt1koAr2jhClXe56hrfcjNMqbe4
SHiPHHRd1mnZ3giqrBSH3QCXpsnz9aWsG7tZkD3R9ifsuKER/y175z7oOb9+45dr
Yh/8SjKWkLK8QC2Xc/4Ld3fOhPt6TFkAz5mwYDp1Yw+IbJZ+N1uLkvH0Ttz7Z0cY
YNFNeZg=
-----END CERTIFICATE-----
Generated at Sun May 18 13:07:24 2025 by rpki-client