Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/VtqjDYVwcisnXVvifpMjDI8cLxM.roa
File: VtqjDYVwcisnXVvifpMjDI8cLxM.roa (raw, json)
Hash identifier: PbCSgTuSsNL5LqfJOxosQvi/L5seUKQvAfTAzuPafoU=
Subject key identifier: 56:DA:A3:0D:85:70:72:2B:27:5D:5B:E2:7E:93:23:0C:8F:1C:2F:13
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 50C9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VtqjDYVwcisnXVvifpMjDI8cLxM.roa
Signing time: Mon 06 May 2024 07:23:58 +0000
ROA not before: Mon 06 May 2024 07:23:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20681 (0x50c9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 07:23:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=56DAA30D8570722B275D5BE27E93230C8F1C2F13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:a5:3c:37:85:8b:b2:2d:6e:53:7b:a1:d5:2d:
ea:a4:5d:b9:42:a8:ff:d6:c2:f6:a8:09:b3:3a:3f:
8a:ab:64:68:f3:ac:80:f2:1b:25:45:74:e0:fe:e3:
bb:5d:c9:77:82:09:58:06:8a:a6:2b:98:47:a9:28:
d9:6c:42:d9:89:2a:5b:4d:06:aa:1b:44:77:20:38:
06:f5:79:39:9c:54:49:ee:50:43:c4:b9:e8:3f:92:
bd:90:ab:9f:d0:59:be:70:4c:a8:29:eb:f6:2b:1c:
aa:9e:f6:1b:63:a5:38:06:65:04:ed:19:95:9a:b0:
ce:6e:66:9f:d0:d5:95:74:d2:dd:49:9a:a3:4b:a5:
60:3c:c7:55:76:21:fc:d1:77:97:17:1e:97:08:e6:
44:f9:66:1b:94:e1:70:57:48:6a:cb:c0:2b:2d:1d:
c4:60:6e:89:8c:3f:7f:73:65:ab:5f:43:a4:c2:5c:
9c:15:09:be:6d:92:aa:1f:5c:ac:fb:30:68:97:58:
65:bf:95:e4:be:f3:ee:9b:b3:01:f3:a4:5b:e0:f6:
9a:57:0e:6f:c5:55:20:76:2c:aa:a7:3f:17:55:ad:
7a:ef:af:ae:ca:b5:34:70:67:df:93:2e:af:ff:34:
ba:63:cd:ac:d2:53:b0:4d:2f:0c:58:bb:13:61:6f:
7d:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:DA:A3:0D:85:70:72:2B:27:5D:5B:E2:7E:93:23:0C:8F:1C:2F:13
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VtqjDYVwcisnXVvifpMjDI8cLxM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
2e:a3:42:82:b5:bf:62:0b:ad:82:e6:bd:9b:aa:66:ac:42:c1:
1c:9e:02:db:31:9d:1e:86:b2:90:86:c7:44:81:74:58:40:d9:
89:e0:34:0c:c9:46:35:17:a8:1d:8d:5a:7a:39:c8:b0:33:ba:
1b:c9:e2:b6:da:f9:bb:8a:70:02:b6:32:60:21:13:e4:dc:f5:
13:0a:db:9a:17:e8:00:7c:57:fd:28:54:14:66:9e:21:31:7f:
13:de:c7:80:e3:a8:48:81:3c:66:01:39:81:f5:6d:53:8e:42:
7e:76:67:0e:6c:3e:d8:00:50:a3:9d:fe:13:ba:b4:f5:ea:24:
1f:4d:8c:42:9a:64:d5:7e:d4:66:a6:22:19:39:b3:4c:22:ec:
45:cc:d9:b7:41:be:17:38:d9:d6:3f:43:f8:5c:15:ad:a7:ed:
bf:f8:14:3c:bb:67:aa:bd:8c:44:48:b8:fb:5b:1c:19:27:e9:
ff:48:a5:36:02:11:58:0c:d2:13:77:5e:81:82:a8:c5:49:33:
34:6d:10:c5:e8:f9:b0:c9:3c:8a:e7:f1:1b:de:8d:59:9f:38:
dc:30:96:9c:93:aa:a9:f8:6e:fb:03:27:31:69:f1:7a:b5:e6:
5c:17:46:ad:15:e1:3f:a8:5a:5f:88:c4:bc:30:83:c5:b0:3c:
73:42:5d:dd
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUMkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYw
NzIzNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU2REFBMzBEODU3MDcy
MkIyNzVENUJFMjdFOTMyMzBDOEYxQzJGMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFpTw3hYuyLW5Te6HVLeqkXblCqP/WwvaoCbM6P4qrZGjzrIDy
GyVFdOD+47tdyXeCCVgGiqYrmEepKNlsQtmJKltNBqobRHcgOAb1eTmcVEnuUEPE
ueg/kr2Qq5/QWb5wTKgp6/YrHKqe9htjpTgGZQTtGZWasM5uZp/Q1ZV00t1JmqNL
pWA8x1V2IfzRd5cXHpcI5kT5ZhuU4XBXSGrLwCstHcRgbomMP39zZatfQ6TCXJwV
Cb5tkqofXKz7MGiXWGW/leS+8+6bswHzpFvg9ppXDm/FVSB2LKqnPxdVrXrvr67K
tTRwZ9+TLq//NLpjzazSU7BNLwxYuxNhb303AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUVtqjDYVwcisnXVvifpMjDI8cLxMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1Z0cWpEWVZ3Y2lzblhW
dmlmcE1qREk4Y0x4TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAC6jQoK1v2ILrYLm
vZuqZqxCwRyeAtsxnR6GspCGx0SBdFhA2YngNAzJRjUXqB2NWno5yLAzuhvJ4rba
+buKcAK2MmAhE+Tc9RMK25oX6AB8V/0oVBRmniExfxPex4DjqEiBPGYBOYH1bVOO
Qn52Zw5sPtgAUKOd/hO6tPXqJB9NjEKaZNV+1GamIhk5s0wi7EXM2bdBvhc42dY/
Q/hcFa2n7b/4FDy7Z6q9jERIuPtbHBkn6f9IpTYCEVgM0hN3XoGCqMVJMzRtEMXo
+bDJPIrn8RvejVmfONwwlpyTqqn4bvsDJzFp8Xq15lwXRq0V4T+oWl+IxLwwg8Ww
PHNCXd0=
-----END CERTIFICATE-----
Generated at Sat May 17 19:40:09 2025 by rpki-client