Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QqUrnSNE-764VMg8mTBm3HP7U4I.roa
File: QqUrnSNE-764VMg8mTBm3HP7U4I.roa (raw, json)
Hash identifier: XvPWbAxtYt5n0r02nsy4Xbe8d71B+pxnxtS+X2dAYVE=
Subject key identifier: 42:A5:2B:9D:23:44:FB:BE:B8:54:C8:3C:99:30:66:DC:73:FB:53:82
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4365
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QqUrnSNE-764VMg8mTBm3HP7U4I.roa
Signing time: Thu 18 Apr 2024 10:52:59 +0000
ROA not before: Thu 18 Apr 2024 10:52:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17253 (0x4365)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 10:52:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=42A52B9D2344FBBEB854C83C993066DC73FB5382
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:96:7a:86:4a:df:14:8e:e0:2c:e4:94:75:7f:
ea:f5:2b:d8:5e:8e:9c:81:dd:59:fb:4b:4b:55:47:
7d:e9:12:35:9c:8e:50:6b:10:cc:86:27:02:f0:a6:
50:ce:f8:ba:b3:41:e5:3e:78:52:18:89:a9:23:3a:
8d:66:ac:50:e9:70:f1:95:88:b4:f9:41:7b:e6:37:
bf:8f:86:db:a7:61:ea:39:2c:55:ad:90:35:9c:e4:
7b:a7:80:76:6f:b6:58:3e:5b:fd:63:6d:b1:cd:ba:
8e:dc:ed:0f:19:1e:88:14:21:1b:df:3d:c2:cd:e5:
5f:b8:8c:b2:17:4a:d6:75:ea:04:c7:f9:23:21:00:
7c:2a:0c:23:57:27:62:3b:dd:b8:3d:1b:f6:7a:35:
ab:82:db:07:a2:20:a2:96:c6:71:2c:b7:1c:91:0a:
0a:27:67:dd:85:ab:79:7b:cf:01:2b:1a:31:26:94:
f4:ab:15:d6:6e:c9:ca:08:4d:5a:19:24:86:9b:2f:
31:fe:b5:4b:14:b3:0e:b6:90:7f:2e:44:5b:1f:fa:
ea:36:8a:39:58:2d:f8:7f:47:b3:34:4f:fa:cd:54:
bc:8f:5a:13:c9:e9:57:17:2c:ab:f5:19:1f:58:f2:
db:d3:b9:6f:13:c6:14:0d:02:77:01:16:a9:6b:f4:
f0:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:A5:2B:9D:23:44:FB:BE:B8:54:C8:3C:99:30:66:DC:73:FB:53:82
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QqUrnSNE-764VMg8mTBm3HP7U4I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
8e:30:c3:9d:87:9b:93:68:fa:3d:9e:20:98:17:ba:f5:c3:30:
c6:17:33:99:e4:68:a4:21:7f:66:9d:6e:74:43:e6:1b:ca:2d:
1b:a6:38:d6:27:c6:01:97:43:86:82:14:6a:3d:c3:eb:c8:a5:
cb:8d:c9:a7:b9:59:d7:f6:af:ba:e5:a4:ba:98:81:25:6d:2d:
7a:02:91:c5:be:c8:b9:7c:21:50:8b:06:f8:2b:61:66:7c:4a:
f1:64:f0:ed:7e:62:29:10:33:fb:f7:b8:21:1e:33:b5:49:92:
4f:de:ed:b2:8a:b2:5b:a1:e2:14:1d:2f:2a:02:d9:01:19:57:
18:e5:40:93:ef:2b:23:ae:b4:3d:b3:83:4a:e8:53:bb:d1:bb:
67:d5:94:e7:d3:ab:9b:55:5d:a7:97:ea:0b:14:05:15:75:ca:
d2:2a:df:b8:dc:f9:d9:2a:a5:a6:a2:13:c8:69:0c:a8:8a:e0:
32:24:ae:4c:cd:22:9c:cc:b5:59:db:a8:a1:89:70:8a:51:29:
3e:da:d7:b3:b6:73:08:d9:d3:68:6b:40:2f:a7:31:e4:b4:af:
65:e8:af:af:81:06:08:ce:4c:8c:6e:12:04:b8:34:f5:74:ef:
c9:71:34:5d:57:b6:ec:7b:17:3c:f5:33:8f:e7:c0:c7:49:e2:
ff:9c:7b:17
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQ2UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgx
MDUyNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQyQTUyQjlEMjM0NEZC
QkVCODU0QzgzQzk5MzA2NkRDNzNGQjUzODIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzlnqGSt8UjuAs5JR1f+r1K9hejpyB3Vn7S0tVR33pEjWcjlBr
EMyGJwLwplDO+LqzQeU+eFIYiakjOo1mrFDpcPGViLT5QXvmN7+PhtunYeo5LFWt
kDWc5HungHZvtlg+W/1jbbHNuo7c7Q8ZHogUIRvfPcLN5V+4jLIXStZ16gTH+SMh
AHwqDCNXJ2I73bg9G/Z6NauC2weiIKKWxnEstxyRCgonZ92Fq3l7zwErGjEmlPSr
FdZuycoITVoZJIabLzH+tUsUsw62kH8uRFsf+uo2ijlYLfh/R7M0T/rNVLyPWhPJ
6VcXLKv1GR9Y8tvTuW8TxhQNAncBFqlr9PA1AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUQqUrnSNE+764VMg8mTBm3HP7U4IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FxVXJuU05FLTc2NFZN
ZzhtVEJtM0hQN1U0SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAI4ww52Hm5No+j2e
IJgXuvXDMMYXM5nkaKQhf2adbnRD5hvKLRumONYnxgGXQ4aCFGo9w+vIpcuNyae5
Wdf2r7rlpLqYgSVtLXoCkcW+yLl8IVCLBvgrYWZ8SvFk8O1+YikQM/v3uCEeM7VJ
kk/e7bKKsluh4hQdLyoC2QEZVxjlQJPvKyOutD2zg0roU7vRu2fVlOfTq5tVXaeX
6gsUBRV1ytIq37jc+dkqpaaiE8hpDKiK4DIkrkzNIpzMtVnbqKGJcIpRKT7a17O2
cwjZ02hrQC+nMeS0r2Xor6+BBgjOTIxuEgS4NPV078lxNF1Xtux7Fzz1M4/nwMdJ
4v+cexc=
-----END CERTIFICATE-----
Generated at Sat May 17 21:29:28 2025 by rpki-client