Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Y2OWU9KLxwAu5P66qODFoLVyl-A.roa
File: Y2OWU9KLxwAu5P66qODFoLVyl-A.roa (raw, json)
Hash identifier: M/hxXm2oyZXs03PLIKou0WducZ2Y/y8tR4TMAmcTdG8=
Subject key identifier: 63:63:96:53:D2:8B:C7:00:2E:E4:FE:BA:A8:E0:C5:A0:B5:72:97:E0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5339
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Y2OWU9KLxwAu5P66qODFoLVyl-A.roa
Signing time: Thu 09 May 2024 13:23:58 +0000
ROA not before: Thu 09 May 2024 13:23:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21305 (0x5339)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 13:23:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=63639653D28BC7002EE4FEBAA8E0C5A0B57297E0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:56:7b:ea:e3:c3:e5:f2:e6:57:3f:d9:42:6e:
18:30:30:e1:a1:25:38:f3:47:ff:1a:32:b7:ed:ed:
c3:d6:cf:c9:d2:7a:88:66:05:99:7d:53:c1:16:3a:
8c:6e:90:7b:a7:84:29:2a:f1:42:f6:a0:ab:8c:b7:
9c:01:4f:db:85:f0:91:a3:2f:52:07:0f:02:54:60:
21:ae:f9:c4:64:ce:36:59:28:50:fa:12:ad:27:53:
01:5b:a4:f5:4a:3e:67:44:f1:a4:a1:72:3a:e0:2f:
36:76:9d:7d:68:73:69:20:e5:28:1c:b8:92:90:47:
66:e8:56:00:c4:f2:0a:6e:d7:3c:d6:a5:48:aa:aa:
85:4c:e0:42:62:e6:79:09:5f:79:cb:dd:06:ed:c1:
b2:97:ad:c1:28:cd:93:51:80:41:1e:57:96:20:19:
f2:bf:2d:cf:34:7a:f2:94:96:fd:38:e9:cd:0a:f2:
3a:a4:06:8c:e6:76:d6:ae:7d:57:57:49:5c:be:61:
a7:c0:57:1b:0a:af:a5:24:f6:52:0c:cf:da:e6:8c:
e4:55:2f:3d:4f:b5:f5:64:81:26:88:21:93:9d:df:
c9:dc:50:0b:b1:20:bd:fe:a4:74:fb:eb:5e:ff:0a:
c6:a2:fc:38:b3:25:a9:28:ff:2f:58:70:2e:8f:35:
8b:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:63:96:53:D2:8B:C7:00:2E:E4:FE:BA:A8:E0:C5:A0:B5:72:97:E0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Y2OWU9KLxwAu5P66qODFoLVyl-A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
7e:3d:75:b3:1e:3b:04:9a:6c:fb:6b:25:35:82:4b:0f:b9:00:
29:97:6d:fc:d1:59:41:28:24:e0:ca:48:c5:27:f9:cf:0d:60:
ef:f6:b0:62:15:4b:f8:52:ca:7a:a1:30:a1:7c:a1:02:b3:bf:
f3:aa:e8:24:e7:e5:f5:55:aa:73:4b:a2:ea:55:5e:9f:ed:5e:
10:87:81:b7:f9:a1:ec:76:5a:25:27:7c:f5:76:c2:68:89:95:
d5:5e:5e:0e:dd:cb:c6:b3:9d:f2:e8:17:b6:8c:2c:b5:7d:80:
5f:51:f8:11:53:29:81:29:c2:4b:cb:0c:44:6d:a8:68:5f:51:
31:3a:79:94:75:91:51:3d:d7:b2:cd:bf:8f:81:f6:f6:85:04:
d1:62:41:e4:92:37:55:1a:74:02:2f:c2:72:25:52:92:9a:fd:
c4:15:2e:6e:d9:23:98:61:2d:05:1c:86:da:f9:d3:b6:16:d7:
23:1f:49:0e:ba:8b:be:d4:01:00:d7:1b:59:46:0f:09:d3:c1:
f5:9c:9b:d9:f8:c4:5d:95:fd:9b:db:ca:3b:ef:d7:3c:08:fc:
57:69:61:2f:7c:7c:0d:65:62:21:05:4f:9e:a2:d3:dc:a1:4a:
d2:51:a9:23:86:e0:29:72:ba:a9:78:8f:68:51:f9:cf:e0:86:
f4:1c:63:8c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUzkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDkx
MzIzNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYzNjM5NjUzRDI4QkM3
MDAyRUU0RkVCQUE4RTBDNUEwQjU3Mjk3RTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHVnvq48Pl8uZXP9lCbhgwMOGhJTjzR/8aMrft7cPWz8nSeohm
BZl9U8EWOoxukHunhCkq8UL2oKuMt5wBT9uF8JGjL1IHDwJUYCGu+cRkzjZZKFD6
Eq0nUwFbpPVKPmdE8aShcjrgLzZ2nX1oc2kg5SgcuJKQR2boVgDE8gpu1zzWpUiq
qoVM4EJi5nkJX3nL3QbtwbKXrcEozZNRgEEeV5YgGfK/Lc80evKUlv046c0K8jqk
BozmdtaufVdXSVy+YafAVxsKr6Uk9lIMz9rmjORVLz1PtfVkgSaIIZOd38ncUAux
IL3+pHT7617/Csai/DizJako/y9YcC6PNYvtAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUY2OWU9KLxwAu5P66qODFoLVyl+AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1kyT1dVOUtMeHdBdTVQ
NjZxT0RGb0xWeWwtQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAH49dbMeOwSabPtr
JTWCSw+5ACmXbfzRWUEoJODKSMUn+c8NYO/2sGIVS/hSynqhMKF8oQKzv/Oq6CTn
5fVVqnNLoupVXp/tXhCHgbf5oex2WiUnfPV2wmiJldVeXg7dy8aznfLoF7aMLLV9
gF9R+BFTKYEpwkvLDERtqGhfUTE6eZR1kVE917LNv4+B9vaFBNFiQeSSN1UadAIv
wnIlUpKa/cQVLm7ZI5hhLQUchtr507YW1yMfSQ66i77UAQDXG1lGDwnTwfWcm9n4
xF2V/Zvbyjvv1zwI/FdpYS98fA1lYiEFT56i09yhStJRqSOG4Clyuql4j2hR+c/g
hvQcY4w=
-----END CERTIFICATE-----
Generated at Sun May 18 16:46:05 2025 by rpki-client