Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XTQtnDQB8PV_vqV5WlIG7xmpfPY.roa
File: XTQtnDQB8PV_vqV5WlIG7xmpfPY.roa (raw, json)
Hash identifier: w2RWezTTVo1/hXFM92WkD9XQ1yCgZkqW5cc8An7xwMI=
Subject key identifier: 5D:34:2D:9C:34:01:F0:F5:7F:BE:A5:79:5A:52:06:EF:19:A9:7C:F6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 40B9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XTQtnDQB8PV_vqV5WlIG7xmpfPY.roa
Signing time: Sun 14 Apr 2024 21:22:52 +0000
ROA not before: Sun 14 Apr 2024 21:22:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16569 (0x40b9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 21:22:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5D342D9C3401F0F57FBEA5795A5206EF19A97CF6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:79:f3:0e:2a:08:e2:79:2e:90:8b:a2:ca:6f:
4a:94:09:be:d0:9f:77:fb:d7:03:ae:5e:42:b1:de:
ea:fa:41:a2:bd:9c:e8:a3:74:33:6e:7f:99:2f:bc:
ac:64:b7:ce:f4:5c:79:1c:87:f8:97:7a:15:3e:e7:
e3:bf:54:41:d9:e4:cf:66:1f:78:ed:60:25:6f:3e:
aa:46:74:19:dc:fc:70:55:c6:a6:22:31:ab:24:51:
30:3e:2e:f0:29:26:0a:3d:6c:3d:f2:4f:97:9c:c1:
41:ab:d9:4d:9c:de:f7:ed:89:22:f9:31:ce:fa:9e:
72:e7:e1:68:be:a4:20:b8:25:56:99:c2:88:90:e6:
34:64:e5:bf:c1:a6:e0:51:59:e4:38:e8:40:c7:11:
a2:a1:45:f6:de:5e:fc:04:a4:6a:00:61:5e:a4:68:
98:0a:68:b0:5e:4d:6b:73:06:33:cc:bc:02:bb:af:
4a:4e:25:55:05:bb:80:1f:41:bf:ac:2e:20:f9:06:
78:79:d0:f1:2e:7a:e2:f1:27:69:a3:04:09:a3:8b:
60:72:ce:ec:0d:b6:a8:3a:ba:a3:c0:fc:e5:f0:0b:
7a:4f:76:70:fe:89:79:7a:da:ba:17:50:63:4b:4e:
6d:c1:3e:09:89:bb:76:17:57:4d:70:26:0f:77:20:
71:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:34:2D:9C:34:01:F0:F5:7F:BE:A5:79:5A:52:06:EF:19:A9:7C:F6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XTQtnDQB8PV_vqV5WlIG7xmpfPY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
94:56:29:61:f3:91:f2:ca:24:80:43:73:ee:00:af:d9:90:d0:
cf:a9:92:c5:19:51:88:e7:5c:b6:ce:48:47:4a:5d:1a:b9:87:
f0:d8:42:2c:ad:d2:2d:43:e1:df:09:0e:2f:1c:ee:81:b7:4f:
74:7f:d1:27:81:99:8a:6a:97:ab:7a:dc:90:5c:83:fe:a3:fc:
bf:42:f1:8c:b5:81:76:6d:f5:95:fd:e9:65:b7:f0:dc:2a:99:
5d:76:11:ff:54:26:2a:6b:c0:ba:55:c9:0a:14:bf:81:50:cc:
05:2b:ba:97:a1:1e:09:f9:d5:8f:ff:c3:44:e3:5d:ef:4c:43:
17:04:06:9d:33:86:84:32:13:8d:7e:a3:ed:0c:ef:68:f0:13:
7d:6c:31:ca:2c:cf:83:6c:a2:56:6e:76:53:88:14:2d:6e:e0:
34:d3:4f:ea:54:d1:73:b9:76:f1:2d:ab:e6:98:12:e0:de:dd:
f5:a9:13:56:05:8c:e6:da:2d:60:55:50:94:bb:48:e7:09:b7:
b2:eb:54:c8:7c:90:84:8c:95:5d:26:55:d2:95:5b:05:83:23:
eb:56:49:29:8b:5f:4b:7f:c3:84:e2:91:8d:1b:db:36:8b:f4:
2a:7e:b9:dd:ea:18:58:22:b1:1d:f6:b1:b1:b8:af:7c:f0:52:
e3:c8:50:74
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQLkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQy
MTIyNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVEMzQyRDlDMzQwMUYw
RjU3RkJFQTU3OTVBNTIwNkVGMTlBOTdDRjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhefMOKgjieS6Qi6LKb0qUCb7Qn3f71wOuXkKx3ur6QaK9nOij
dDNuf5kvvKxkt870XHkch/iXehU+5+O/VEHZ5M9mH3jtYCVvPqpGdBnc/HBVxqYi
MaskUTA+LvApJgo9bD3yT5ecwUGr2U2c3vftiSL5Mc76nnLn4Wi+pCC4JVaZwoiQ
5jRk5b/BpuBRWeQ46EDHEaKhRfbeXvwEpGoAYV6kaJgKaLBeTWtzBjPMvAK7r0pO
JVUFu4AfQb+sLiD5Bnh50PEueuLxJ2mjBAmji2ByzuwNtqg6uqPA/OXwC3pPdnD+
iXl62roXUGNLTm3BPgmJu3YXV01wJg93IHHHAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUXTQtnDQB8PV/vqV5WlIG7xmpfPYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hUUXRuRFFCOFBWX3Zx
VjVXbElHN3htcGZQWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJRWKWHzkfLKJIBD
c+4Ar9mQ0M+pksUZUYjnXLbOSEdKXRq5h/DYQiyt0i1D4d8JDi8c7oG3T3R/0SeB
mYpql6t63JBcg/6j/L9C8Yy1gXZt9ZX96WW38NwqmV12Ef9UJiprwLpVyQoUv4FQ
zAUrupehHgn51Y//w0TjXe9MQxcEBp0zhoQyE41+o+0M72jwE31sMcosz4NsolZu
dlOIFC1u4DTTT+pU0XO5dvEtq+aYEuDe3fWpE1YFjObaLWBVUJS7SOcJt7LrVMh8
kISMlV0mVdKVWwWDI+tWSSmLX0t/w4TikY0b2zaL9Cp+ud3qGFgisR32sbG4r3zw
UuPIUHQ=
-----END CERTIFICATE-----
Generated at Sat May 17 19:36:47 2025 by rpki-client