Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XWhnlGe-DaK15-x8EfIeyuEMMJw.roa
File: XWhnlGe-DaK15-x8EfIeyuEMMJw.roa (raw, json)
Hash identifier: jjw3/QpNZ0wrVMPaImR703zFieW4EUsQO0TsmSHz8Yo=
Subject key identifier: 5D:68:67:94:67:BE:0D:A2:B5:E7:EC:7C:11:F2:1E:CA:E1:0C:30:9C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A89
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XWhnlGe-DaK15-x8EfIeyuEMMJw.roa
Signing time: Sat 27 Apr 2024 23:23:26 +0000
ROA not before: Sat 27 Apr 2024 23:23:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19081 (0x4a89)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 23:23:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5D68679467BE0DA2B5E7EC7C11F21ECAE10C309C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:6d:8a:8c:21:a6:1e:7c:f0:e2:e4:b0:dd:dd:
86:f3:a5:28:11:eb:84:e7:77:22:c8:ef:a0:0d:4e:
f3:00:02:31:05:c4:b0:db:29:98:5a:d3:08:09:f7:
d9:d5:d1:be:ee:73:1b:16:a2:24:6d:e1:dc:4c:69:
57:f2:d8:ba:9b:a5:28:b5:04:dc:06:e4:94:0a:fe:
d1:2f:b5:06:18:63:eb:92:c5:00:d4:f0:92:09:13:
f3:49:e5:1a:c0:f2:0a:2d:1b:94:f6:87:94:50:b4:
58:23:1e:36:12:57:c3:d2:d7:fd:f8:39:a0:22:14:
d2:36:48:a8:dd:6f:d4:93:a4:69:46:b3:a9:bf:85:
ca:8f:31:a9:fc:c0:28:38:d7:e1:fd:8f:e8:50:bc:
71:c6:ab:3f:54:9e:37:90:47:e7:60:75:a6:d0:d1:
d5:53:30:a3:29:9c:f2:79:bb:1e:f7:a2:a8:ef:33:
ed:e3:4d:0f:76:b3:7a:11:6d:5a:23:36:6b:e3:fb:
1e:72:68:91:b2:1a:ca:55:4b:2d:7e:ca:59:45:85:
1e:09:84:c2:a5:49:c4:6d:d0:64:ee:2f:59:7a:e3:
78:be:6e:1d:cd:05:d0:96:36:ca:82:61:94:a8:b2:
61:02:19:00:bb:cd:9f:10:96:c9:75:85:be:56:d7:
ea:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:68:67:94:67:BE:0D:A2:B5:E7:EC:7C:11:F2:1E:CA:E1:0C:30:9C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XWhnlGe-DaK15-x8EfIeyuEMMJw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
3f:34:9a:fc:95:bb:dc:d1:63:76:9d:d2:95:b7:c1:ea:98:ae:
a8:ff:9d:ec:81:f6:af:ed:05:f2:70:f5:7b:e7:5f:eb:b4:91:
ea:22:23:25:f0:67:7e:b5:f0:17:3d:f6:91:8b:1a:50:f1:c3:
91:97:1a:2b:54:03:96:5c:1a:6e:d6:42:fe:54:b0:4b:80:76:
e8:ef:b8:10:73:ea:26:78:8a:64:fe:db:af:55:ee:94:fc:4c:
c8:cc:44:3b:04:1d:50:5b:87:04:7d:42:7f:e9:03:19:89:d5:
ed:60:c3:42:96:8f:98:e6:aa:5d:6d:dd:8a:fd:2e:43:ac:0a:
79:a1:d3:48:b2:59:85:2a:89:fd:e8:3f:a5:b3:35:fd:36:0d:
13:a3:bf:b8:4d:00:b6:4e:da:43:7c:2a:80:ff:fc:d9:0c:60:
84:a1:cd:67:a4:16:7a:27:d3:9e:a4:7e:26:e6:c7:cf:9e:4c:
84:87:b4:a6:09:31:22:00:58:a4:71:cb:b2:b4:17:0a:48:62:
03:d8:77:16:c4:ed:2a:d5:03:05:9c:c4:26:75:ab:b0:02:9e:
9a:61:89:3a:1a:d2:c7:6a:e4:09:63:ca:cc:09:ff:85:92:cb:
7f:22:51:b0:de:c4:65:a1:d5:52:19:ca:5c:a8:5a:e4:7a:22:
75:2a:60:13
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSokwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcy
MzIzMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVENjg2Nzk0NjdCRTBE
QTJCNUU3RUM3QzExRjIxRUNBRTEwQzMwOUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3bYqMIaYefPDi5LDd3YbzpSgR64TndyLI76ANTvMAAjEFxLDb
KZha0wgJ99nV0b7ucxsWoiRt4dxMaVfy2LqbpSi1BNwG5JQK/tEvtQYYY+uSxQDU
8JIJE/NJ5RrA8gotG5T2h5RQtFgjHjYSV8PS1/34OaAiFNI2SKjdb9STpGlGs6m/
hcqPMan8wCg41+H9j+hQvHHGqz9UnjeQR+dgdabQ0dVTMKMpnPJ5ux73oqjvM+3j
TQ92s3oRbVojNmvj+x5yaJGyGspVSy1+yllFhR4JhMKlScRt0GTuL1l643i+bh3N
BdCWNsqCYZSosmECGQC7zZ8Qlsl1hb5W1+qrAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUXWhnlGe+DaK15+x8EfIeyuEMMJwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hXaG5sR2UtRGFLMTUt
eDhFZklleXVFTU1Kdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAD80mvyVu9zRY3ad
0pW3weqYrqj/neyB9q/tBfJw9XvnX+u0keoiIyXwZ3618Bc99pGLGlDxw5GXGitU
A5ZcGm7WQv5UsEuAdujvuBBz6iZ4imT+269V7pT8TMjMRDsEHVBbhwR9Qn/pAxmJ
1e1gw0KWj5jmql1t3Yr9LkOsCnmh00iyWYUqif3oP6WzNf02DROjv7hNALZO2kN8
KoD//NkMYIShzWekFnon056kfibmx8+eTISHtKYJMSIAWKRxy7K0FwpIYgPYdxbE
7SrVAwWcxCZ1q7ACnpphiToa0sdq5AljyswJ/4WSy38iUbDexGWh1VIZylyoWuR6
InUqYBM=
-----END CERTIFICATE-----
Generated at Sat May 17 21:25:43 2025 by rpki-client