Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/S8WcMOfyXNjx0d4X1yCcneCnefg.roa
File: S8WcMOfyXNjx0d4X1yCcneCnefg.roa (raw, json)
Hash identifier: WXu3FWVzh21ueNyrIsmq7vTRi97Gxhkzg+Gc/3yWaUI=
Subject key identifier: 4B:C5:9C:30:E7:F2:5C:D8:F1:D1:DE:17:D7:20:9C:9D:E0:A7:79:F8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B0D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S8WcMOfyXNjx0d4X1yCcneCnefg.roa
Signing time: Sun 07 Apr 2024 07:52:29 +0000
ROA not before: Sun 07 Apr 2024 07:52:29 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15117 (0x3b0d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 07:52:29 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4BC59C30E7F25CD8F1D1DE17D7209C9DE0A779F8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:3c:3d:aa:fd:31:5b:2c:1a:bd:60:15:7d:b2:
7a:51:37:31:4d:d1:0d:46:b2:c7:ae:92:ff:b8:fe:
70:b5:64:19:e7:44:01:52:2c:70:fe:65:1a:74:47:
0b:29:a9:af:b4:a3:ad:c6:4a:93:72:79:72:90:f1:
91:12:a2:2b:dc:bb:43:51:02:c0:df:05:d2:83:95:
db:a1:57:18:84:22:7c:de:bd:af:d5:d4:d8:c2:4b:
7c:77:56:12:a2:f3:1f:a3:c8:b9:cd:33:35:5a:88:
cd:72:26:21:a3:ab:66:41:e6:70:df:00:2f:fe:7c:
8f:17:15:77:fd:c0:ff:fd:47:bc:8d:2b:68:12:36:
b9:15:98:07:67:db:79:ba:ca:66:db:bc:c2:7d:5b:
dd:5d:d6:70:e7:8c:97:e1:5e:df:ab:d6:2a:7a:08:
5e:4f:d6:4c:29:83:a3:93:47:16:8e:63:19:65:74:
1a:49:0c:b4:d0:b0:23:44:40:b8:4d:6d:06:f2:cb:
ed:bc:4e:06:f0:1a:3e:aa:9a:2a:74:ea:94:30:96:
20:a7:6a:6a:de:a4:45:dc:2e:1b:70:49:4d:99:a3:
8b:96:e8:93:0c:44:ba:d7:5e:fb:4f:05:04:e4:83:
e6:8f:3f:e2:30:0b:41:48:66:49:bc:b8:78:00:16:
8a:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:C5:9C:30:E7:F2:5C:D8:F1:D1:DE:17:D7:20:9C:9D:E0:A7:79:F8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S8WcMOfyXNjx0d4X1yCcneCnefg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
98:13:89:69:2a:a7:43:43:a2:24:e5:44:84:f5:a6:3e:8d:d0:
83:87:55:e7:8c:ad:ac:89:6a:cd:63:35:b9:ba:12:04:37:4b:
d3:fd:11:22:7f:8e:1d:c5:51:c5:90:c1:ef:bf:e4:bb:61:ed:
74:0e:92:d9:93:71:68:02:57:b6:d6:5e:b1:f6:68:7b:9a:03:
41:10:78:4f:41:5e:9c:f9:c0:03:8d:4d:e0:3d:87:5e:7d:39:
01:9f:2a:f3:01:18:a4:5a:60:54:04:da:f1:94:f8:9e:3a:d3:
e0:b7:54:1e:15:77:a4:44:9c:d6:2f:b3:c5:24:b0:a9:18:c0:
a8:6e:05:0c:25:9e:a3:05:21:dc:38:5f:d6:31:f6:3f:63:31:
e4:7e:ec:7f:5b:16:b1:8e:f1:45:e6:1e:19:65:68:fc:b2:be:
d6:60:20:fa:97:36:35:b2:ce:32:81:80:8a:1f:d7:04:9b:72:
20:96:48:c3:4c:a7:eb:6c:12:6c:8f:10:c0:a3:ff:74:c3:d8:
47:bf:2d:c7:12:5c:f5:c9:64:0b:17:6e:77:43:f6:ad:41:ea:
9a:a1:2d:46:53:1e:7d:18:90:a6:2b:e4:b0:c7:2b:32:65:0f:
27:e2:56:b9:a8:e8:0d:ee:da:4c:7a:20:c5:17:de:bb:02:c4:
d2:bd:69:45
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOw0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcw
NzUyMjlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRCQzU5QzMwRTdGMjVD
RDhGMUQxREUxN0Q3MjA5QzlERTBBNzc5RjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqPD2q/TFbLBq9YBV9snpRNzFN0Q1Gsseukv+4/nC1ZBnnRAFS
LHD+ZRp0Rwspqa+0o63GSpNyeXKQ8ZESoivcu0NRAsDfBdKDlduhVxiEInzeva/V
1NjCS3x3VhKi8x+jyLnNMzVaiM1yJiGjq2ZB5nDfAC/+fI8XFXf9wP/9R7yNK2gS
NrkVmAdn23m6ymbbvMJ9W91d1nDnjJfhXt+r1ip6CF5P1kwpg6OTRxaOYxlldBpJ
DLTQsCNEQLhNbQbyy+28TgbwGj6qmip06pQwliCnamrepEXcLhtwSU2Zo4uW6JMM
RLrXXvtPBQTkg+aPP+IwC0FIZkm8uHgAFoqfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUS8WcMOfyXNjx0d4X1yCcneCnefgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1M4V2NNT2Z5WE5qeDBk
NFgxeUNjbmVDbmVmZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJgTiWkqp0NDoiTl
RIT1pj6N0IOHVeeMrayJas1jNbm6EgQ3S9P9ESJ/jh3FUcWQwe+/5Lth7XQOktmT
cWgCV7bWXrH2aHuaA0EQeE9BXpz5wAONTeA9h159OQGfKvMBGKRaYFQE2vGU+J46
0+C3VB4Vd6REnNYvs8UksKkYwKhuBQwlnqMFIdw4X9Yx9j9jMeR+7H9bFrGO8UXm
HhllaPyyvtZgIPqXNjWyzjKBgIof1wSbciCWSMNMp+tsEmyPEMCj/3TD2Ee/LccS
XPXJZAsXbndD9q1B6pqhLUZTHn0YkKYr5LDHKzJlDyfiVrmo6A3u2kx6IMUX3rsC
xNK9aUU=
-----END CERTIFICATE-----
Generated at Sat May 17 23:34:06 2025 by rpki-client