Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/TYxyTdSF8q1-HfHc-J_IJhQO8Ro.roa
File: TYxyTdSF8q1-HfHc-J_IJhQO8Ro.roa (raw, json)
Hash identifier: dTUHRbJLa/jeLWtq+Dzt82U8RLXr1o9ClepDOBQBcDY=
Subject key identifier: 4D:8C:72:4D:D4:85:F2:AD:7E:1D:F1:DC:F8:9F:C8:26:14:0E:F1:1A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3EF1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TYxyTdSF8q1-HfHc-J_IJhQO8Ro.roa
Signing time: Fri 12 Apr 2024 12:22:49 +0000
ROA not before: Fri 12 Apr 2024 12:22:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16113 (0x3ef1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 12:22:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4D8C724DD485F2AD7E1DF1DCF89FC826140EF11A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:40:cf:f7:f9:2b:a8:da:2b:03:f6:ad:8e:21:
87:84:15:ef:9b:ee:b4:cd:92:ee:80:9a:c5:6a:40:
f9:30:37:a9:b0:84:ab:68:47:f9:a2:f7:7c:d5:06:
13:ad:c9:82:5b:84:74:99:09:e0:00:ab:83:73:cb:
66:80:38:0d:4d:b6:81:11:5d:6e:0b:86:6e:1b:9a:
dc:14:eb:c9:f8:03:d0:24:14:c2:b0:9e:58:55:ac:
fe:ec:8d:0a:8e:00:3e:99:0d:f0:85:10:42:12:7b:
85:12:07:77:10:36:39:80:3e:2d:1c:e7:b8:49:10:
1b:b9:f2:ed:67:c9:43:96:0c:9e:ef:b1:37:15:b2:
b9:44:04:78:8f:ca:11:8d:95:92:45:6a:94:4a:b4:
9c:c3:34:1a:24:78:78:7d:12:e5:c0:c7:8f:98:39:
28:6d:d4:7d:8b:89:a5:67:b6:8a:36:21:14:70:b5:
15:ea:cf:a1:fe:fe:84:5d:47:06:03:46:8e:c5:37:
a4:d0:e3:04:d8:60:c9:63:6c:c9:4e:e3:05:b4:6e:
f5:2a:69:4d:48:d4:d5:53:41:ce:ad:0c:0d:89:44:
b9:cb:e3:1f:82:02:12:ba:ea:81:27:2a:83:85:40:
2b:ce:32:1b:95:12:50:aa:d3:5f:98:98:f6:2e:77:
2b:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:8C:72:4D:D4:85:F2:AD:7E:1D:F1:DC:F8:9F:C8:26:14:0E:F1:1A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TYxyTdSF8q1-HfHc-J_IJhQO8Ro.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
32:75:7e:ec:8a:67:d7:dd:a9:e9:26:5f:34:bc:75:cf:ec:3d:
aa:b7:bc:f3:ff:37:31:f6:63:26:41:0d:a6:25:dc:a2:e9:17:
82:e0:70:60:40:ae:ed:f0:59:49:41:c3:00:2a:63:17:56:3a:
bc:91:d7:27:43:ee:6b:b3:df:7a:6e:61:12:ef:a1:27:48:b4:
44:85:6d:f8:8f:ca:b8:a3:89:a5:ff:c0:b7:40:b8:a8:e5:c6:
12:10:67:a5:a5:41:da:47:04:4b:e2:2c:db:86:d1:84:21:f8:
8d:a4:5e:ea:6b:c8:42:eb:d2:1a:bd:d6:fc:29:8f:ae:4c:89:
e2:92:ef:d9:dd:b0:26:82:61:54:35:d8:49:a3:76:e0:be:b7:
a6:86:d2:57:6d:62:e1:a0:de:34:23:f0:23:a0:05:0d:42:0a:
24:59:ec:4e:3f:76:03:73:b4:c1:25:7e:22:4e:20:26:f4:6d:
a3:9f:da:0d:96:11:16:f7:d8:44:17:ef:9c:46:6b:7d:32:84:
eb:56:61:ca:fa:ee:8b:c6:af:51:8c:3a:15:16:45:4b:92:bb:
c9:31:16:6f:71:d5:43:17:f8:2c:e1:4c:3e:06:32:e3:e1:43:
f3:72:b8:cd:39:35:d7:1d:d2:10:90:9b:43:b4:99:c7:7e:0b:
8f:6a:96:2d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPvEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIx
MjIyNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDREOEM3MjRERDQ4NUYy
QUQ3RTFERjFEQ0Y4OUZDODI2MTQwRUYxMUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDkQM/3+Suo2isD9q2OIYeEFe+b7rTNku6AmsVqQPkwN6mwhKto
R/mi93zVBhOtyYJbhHSZCeAAq4Nzy2aAOA1NtoERXW4Lhm4bmtwU68n4A9AkFMKw
nlhVrP7sjQqOAD6ZDfCFEEISe4USB3cQNjmAPi0c57hJEBu58u1nyUOWDJ7vsTcV
srlEBHiPyhGNlZJFapRKtJzDNBokeHh9EuXAx4+YOSht1H2LiaVntoo2IRRwtRXq
z6H+/oRdRwYDRo7FN6TQ4wTYYMljbMlO4wW0bvUqaU1I1NVTQc6tDA2JRLnL4x+C
AhK66oEnKoOFQCvOMhuVElCq01+YmPYudytTAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUTYxyTdSF8q1+HfHc+J/IJhQO8RowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1RZeHlUZFNGOHExLUhm
SGMtSl9JSmhRTzhSby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADJ1fuyKZ9fdqekm
XzS8dc/sPaq3vPP/NzH2YyZBDaYl3KLpF4LgcGBAru3wWUlBwwAqYxdWOryR1ydD
7muz33puYRLvoSdItESFbfiPyrijiaX/wLdAuKjlxhIQZ6WlQdpHBEviLNuG0YQh
+I2kXupryELr0hq91vwpj65MieKS79ndsCaCYVQ12EmjduC+t6aG0ldtYuGg3jQj
8COgBQ1CCiRZ7E4/dgNztMElfiJOICb0baOf2g2WERb32EQX75xGa30yhOtWYcr6
7ovGr1GMOhUWRUuSu8kxFm9x1UMX+CzhTD4GMuPhQ/NyuM05Ndcd0hCQm0O0mcd+
C49qli0=
-----END CERTIFICATE-----
Generated at Sun May 18 04:47:52 2025 by rpki-client