Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/T30hTehUsKZ3TuSAlMkmdCOO_ww.roa
File: T30hTehUsKZ3TuSAlMkmdCOO_ww.roa (raw, json)
Hash identifier: vtU6hZeJefsGd7Bylmg7mEVcTHAPCgBwxJ3MTEpOpe8=
Subject key identifier: 4F:7D:21:4D:E8:54:B0:A6:77:4E:E4:80:94:C9:26:74:23:8E:FF:0C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3DD5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/T30hTehUsKZ3TuSAlMkmdCOO_ww.roa
Signing time: Thu 11 Apr 2024 00:52:46 +0000
ROA not before: Thu 11 Apr 2024 00:52:46 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15829 (0x3dd5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 00:52:46 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4F7D214DE854B0A6774EE48094C92674238EFF0C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:5b:5e:41:3e:9e:e3:cd:c8:c9:cf:ea:02:ed:
37:85:f6:49:58:9d:72:c3:cf:c8:e3:dc:a1:9c:dc:
8c:52:86:9f:1a:d2:20:40:42:3a:f5:8c:01:5e:86:
8b:2a:53:09:38:b4:3a:f5:42:62:1f:13:fc:69:11:
6b:55:45:7e:97:d6:91:7b:a5:49:e9:1a:e1:1b:86:
95:f2:03:1e:07:b5:6d:d9:f6:12:a0:9b:44:cf:00:
9b:9a:c5:03:d7:4b:10:98:ff:d6:33:e7:54:6f:57:
28:f4:fe:70:6b:78:0a:56:36:b8:09:8a:15:ed:8a:
ba:73:2c:1c:dd:4a:cc:6a:02:89:1f:39:99:64:97:
de:ae:07:02:2d:cc:0a:2c:15:32:a3:c6:0f:1f:d7:
68:f8:55:5e:c5:4f:75:55:91:38:1b:b2:39:38:ab:
3c:38:71:3d:87:29:d1:08:de:28:6a:31:6c:55:ed:
fd:45:1a:35:b4:cc:78:99:ec:92:57:e5:b4:ea:a9:
f5:c3:91:03:f5:21:e7:49:4b:95:1d:e7:ba:5b:f9:
0d:fe:b0:91:e1:01:d6:3a:7c:4b:e0:7f:2c:16:45:
2f:5c:35:d1:5e:bf:87:e3:0d:f5:32:6e:3f:62:f7:
13:a4:73:b5:5d:61:a8:19:6c:77:df:0d:72:2e:b9:
65:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:7D:21:4D:E8:54:B0:A6:77:4E:E4:80:94:C9:26:74:23:8E:FF:0C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/T30hTehUsKZ3TuSAlMkmdCOO_ww.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
82:a5:7d:97:02:fd:a9:ca:c6:a8:44:07:9f:70:94:63:09:f4:
49:0e:cb:76:d1:4d:65:40:4b:10:8c:34:23:65:db:ed:24:64:
cb:fd:73:26:ea:e4:49:b2:87:36:bf:15:91:c2:32:fc:46:91:
1b:a5:dd:00:e2:44:f6:b1:98:6e:bb:27:df:8d:6c:15:83:6f:
99:ba:16:67:0c:85:20:79:e6:f6:2d:16:c9:66:96:95:71:03:
ea:f3:f0:ba:61:4e:47:2f:5b:e8:ef:ad:30:6a:3a:9b:a2:16:
50:eb:9c:d4:31:13:68:a8:49:9d:11:48:43:d8:e0:52:71:56:
50:db:fc:2a:14:a3:c4:84:2f:c3:bf:67:be:5f:23:33:1d:d5:
4f:fb:71:0b:b4:4c:d8:4d:0a:5e:39:79:bc:ca:8d:da:b3:59:
7b:ff:13:97:d4:df:b1:f3:50:e5:77:4e:4e:c7:4b:11:6e:3c:
c9:ba:74:db:04:cd:85:ba:be:7e:a6:fc:ac:92:cf:e3:e8:6d:
09:7e:c2:6e:23:82:51:f9:87:58:43:a8:81:17:54:21:8a:4d:
7d:ac:61:84:01:d8:ee:bc:b6:ac:a4:18:2a:2d:c2:6c:b4:43:
a2:11:46:20:82:b7:3c:cb:b9:c3:3b:83:45:5b:f7:7a:81:b8:
d7:6a:3b:59
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPdUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEw
MDUyNDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRGN0QyMTRERTg1NEIw
QTY3NzRFRTQ4MDk0QzkyNjc0MjM4RUZGMEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNW15BPp7jzcjJz+oC7TeF9klYnXLDz8jj3KGc3IxShp8a0iBA
Qjr1jAFehosqUwk4tDr1QmIfE/xpEWtVRX6X1pF7pUnpGuEbhpXyAx4HtW3Z9hKg
m0TPAJuaxQPXSxCY/9Yz51RvVyj0/nBreApWNrgJihXtirpzLBzdSsxqAokfOZlk
l96uBwItzAosFTKjxg8f12j4VV7FT3VVkTgbsjk4qzw4cT2HKdEI3ihqMWxV7f1F
GjW0zHiZ7JJX5bTqqfXDkQP1IedJS5Ud57pb+Q3+sJHhAdY6fEvgfywWRS9cNdFe
v4fjDfUybj9i9xOkc7VdYagZbHffDXIuuWU3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUT30hTehUsKZ3TuSAlMkmdCOO/wwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1QzMGhUZWhVc0taM1R1
U0FsTWttZENPT193dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIKlfZcC/anKxqhE
B59wlGMJ9EkOy3bRTWVASxCMNCNl2+0kZMv9cybq5Emyhza/FZHCMvxGkRul3QDi
RPaxmG67J9+NbBWDb5m6FmcMhSB55vYtFslmlpVxA+rz8LphTkcvW+jvrTBqOpui
FlDrnNQxE2ioSZ0RSEPY4FJxVlDb/CoUo8SEL8O/Z75fIzMd1U/7cQu0TNhNCl45
ebzKjdqzWXv/E5fU37HzUOV3Tk7HSxFuPMm6dNsEzYW6vn6m/KySz+PobQl+wm4j
glH5h1hDqIEXVCGKTX2sYYQB2O68tqykGCotwmy0Q6IRRiCCtzzLucM7g0Vb93qB
uNdqO1k=
-----END CERTIFICATE-----
Generated at Sun May 18 01:48:57 2025 by rpki-client