Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XPcCbsB6av3dCck0Zv6fAEWGQMw.roa
File: XPcCbsB6av3dCck0Zv6fAEWGQMw.roa (raw, json)
Hash identifier: nHzZm7lfjRVmlqEddwsL7g/1JtBvXukGh4VG9gV0OiE=
Subject key identifier: 5C:F7:02:6E:C0:7A:6A:FD:DD:09:C9:34:66:FE:9F:00:45:86:40:CC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4F19
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XPcCbsB6av3dCck0Zv6fAEWGQMw.roa
Signing time: Sat 04 May 2024 01:23:54 +0000
ROA not before: Sat 04 May 2024 01:23:54 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20249 (0x4f19)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 4 01:23:54 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5CF7026EC07A6AFDDD09C93466FE9F00458640CC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:06:27:2d:1b:fc:84:ee:d6:16:66:b1:fa:cd:
f9:a0:86:22:ff:cb:2e:71:ba:0e:bc:56:52:f4:70:
af:7d:81:30:c8:54:8e:40:8c:37:b8:f3:2c:ce:6b:
94:11:98:4b:11:80:f3:6d:bd:b4:a8:e8:bb:d1:81:
4a:c8:61:c1:2b:4e:5b:ec:84:5b:b4:52:e5:13:51:
85:fc:52:4a:e5:c5:d9:a2:46:8d:5d:bd:f7:99:4b:
66:b2:04:b1:35:a6:94:9e:09:01:51:28:d3:b3:7b:
ff:bd:72:84:ca:6f:26:d7:e8:ed:3b:4e:f7:d6:21:
64:3a:47:c9:4f:94:ac:26:fb:09:90:08:bc:a3:73:
83:2b:08:3e:38:4b:03:df:85:12:fc:ea:87:f7:95:
98:30:01:79:c4:28:aa:25:f8:ef:09:3a:74:54:7d:
8f:0f:d1:78:53:61:18:fc:8d:52:6c:de:87:ce:46:
0e:33:df:df:a8:d3:8f:fb:80:bc:c5:30:91:2b:77:
13:8c:be:ba:a0:c8:e0:a0:a0:3f:cb:6a:68:76:3b:
e7:53:58:e0:ba:94:9d:99:b8:bb:1e:5d:d6:99:eb:
0a:15:fc:a8:02:05:57:1c:e1:f5:40:5a:13:51:d7:
b8:ed:1b:0f:78:45:2f:88:3e:17:11:8c:a8:97:b6:
f1:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:F7:02:6E:C0:7A:6A:FD:DD:09:C9:34:66:FE:9F:00:45:86:40:CC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XPcCbsB6av3dCck0Zv6fAEWGQMw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
9c:5c:d4:dd:56:c6:a3:5b:cb:90:48:77:5a:ad:1b:ef:87:da:
e5:44:e2:3e:8f:0c:94:ba:57:0a:4c:07:77:6d:86:7d:6b:b7:
fb:86:42:0b:69:a1:96:1a:22:2d:08:e5:0b:aa:da:de:dc:d5:
44:9d:c6:72:f4:57:4b:0d:02:45:2f:77:86:ba:51:9f:94:3d:
03:d3:1c:6a:00:10:dc:f4:cb:d2:c5:73:8b:92:fd:57:84:a7:
db:23:a3:6c:f5:cc:81:3b:3d:23:66:7d:0c:20:31:3c:61:71:
58:ee:7b:06:b6:4a:bc:02:fd:15:ee:22:22:37:aa:e4:81:18:
9a:25:5a:6a:b7:9b:b5:51:84:e3:54:09:c3:ca:a8:ca:45:30:
63:73:51:6a:5c:3e:3d:27:8b:81:2b:3c:e9:38:a4:86:09:c8:
7d:04:cc:a0:55:c9:cd:19:39:c3:d8:b3:b0:ba:18:7a:8e:96:
a3:74:10:1c:e6:a9:1b:aa:d1:ce:a6:71:c1:ed:e8:60:3c:2f:
6e:b4:3c:95:90:83:75:de:8a:00:79:cd:d0:d6:f4:1a:64:d5:
d0:fe:96:b1:62:33:0f:66:e1:20:08:66:e9:48:ea:b3:8c:f2:
24:cc:ef:4b:40:0d:27:98:33:a0:5d:94:aa:4b:a0:19:5a:b8:
4a:b7:01:75
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTxkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDQw
MTIzNTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVDRjcwMjZFQzA3QTZB
RkRERDA5QzkzNDY2RkU5RjAwNDU4NjQwQ0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKBictG/yE7tYWZrH6zfmghiL/yy5xug68VlL0cK99gTDIVI5A
jDe48yzOa5QRmEsRgPNtvbSo6LvRgUrIYcErTlvshFu0UuUTUYX8UkrlxdmiRo1d
vfeZS2ayBLE1ppSeCQFRKNOze/+9coTKbybX6O07TvfWIWQ6R8lPlKwm+wmQCLyj
c4MrCD44SwPfhRL86of3lZgwAXnEKKol+O8JOnRUfY8P0XhTYRj8jVJs3ofORg4z
39+o04/7gLzFMJErdxOMvrqgyOCgoD/Lamh2O+dTWOC6lJ2ZuLseXdaZ6woV/KgC
BVcc4fVAWhNR17jtGw94RS+IPhcRjKiXtvEjAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUXPcCbsB6av3dCck0Zv6fAEWGQMwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hQY0Nic0I2YXYzZENj
azBadjZmQUVXR1FNdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJxc1N1WxqNby5BI
d1qtG++H2uVE4j6PDJS6VwpMB3dthn1rt/uGQgtpoZYaIi0I5Quq2t7c1USdxnL0
V0sNAkUvd4a6UZ+UPQPTHGoAENz0y9LFc4uS/VeEp9sjo2z1zIE7PSNmfQwgMTxh
cVjuewa2SrwC/RXuIiI3quSBGJolWmq3m7VRhONUCcPKqMpFMGNzUWpcPj0ni4Er
POk4pIYJyH0EzKBVyc0ZOcPYs7C6GHqOlqN0EBzmqRuq0c6mccHt6GA8L260PJWQ
g3XeigB5zdDW9Bpk1dD+lrFiMw9m4SAIZulI6rOM8iTM70tADSeYM6BdlKpLoBla
uEq3AXU=
-----END CERTIFICATE-----
Generated at Sun May 18 04:49:45 2025 by rpki-client