Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YBWfw5PBTmyOCcTAB0q4cusMd7g.roa
File: YBWfw5PBTmyOCcTAB0q4cusMd7g.roa (raw, json)
Hash identifier: hVT4NUGdddhdHKaDWOtH2pa4THpjZ00058KSY7pRCFk=
Subject key identifier: 60:15:9F:C3:93:C1:4E:6C:8E:09:C4:C0:07:4A:B8:72:EB:0C:77:B8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A55
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YBWfw5PBTmyOCcTAB0q4cusMd7g.roa
Signing time: Sat 27 Apr 2024 16:53:22 +0000
ROA not before: Sat 27 Apr 2024 16:53:22 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19029 (0x4a55)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 16:53:22 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=60159FC393C14E6C8E09C4C0074AB872EB0C77B8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:a8:d6:a8:b0:d8:0c:2f:15:4f:26:40:a0:57:
a5:48:0e:23:c8:f9:16:dd:46:b3:9e:bc:85:77:f6:
50:8c:a2:46:b4:47:02:26:aa:d6:03:89:33:8f:ee:
2a:84:52:ef:d9:84:57:36:1a:89:42:a2:f5:63:de:
fd:dc:56:2b:e8:2f:4d:51:00:7e:c6:e3:99:f7:95:
4c:92:97:c5:be:9a:5c:12:1c:4b:03:64:5c:79:65:
a6:b5:9c:78:53:60:43:5a:f2:98:34:09:e0:6a:98:
aa:54:7f:f3:2d:40:38:aa:fc:3d:67:63:39:ef:16:
55:53:58:d6:64:7b:be:01:dd:95:66:5d:9d:e6:73:
8e:12:95:ea:f0:ae:33:98:17:26:05:d1:43:d0:bf:
64:ca:37:05:c9:6e:b0:38:20:c0:cc:40:cc:5b:ab:
d3:36:c1:f1:02:52:14:49:fe:61:98:57:5d:e2:9b:
66:48:45:82:25:cb:f8:f7:1b:be:3b:3f:93:ea:ac:
23:40:ff:60:e4:39:c9:1e:2b:da:2d:16:65:b1:f1:
11:68:8b:85:7a:5a:0e:d6:80:1d:a2:98:07:2c:05:
29:28:c6:c5:63:37:6f:ff:78:07:14:85:76:90:b5:
35:b8:7b:33:15:e8:dc:5a:ec:e2:ad:0a:d1:b0:e6:
d3:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:15:9F:C3:93:C1:4E:6C:8E:09:C4:C0:07:4A:B8:72:EB:0C:77:B8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YBWfw5PBTmyOCcTAB0q4cusMd7g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
37:a8:d8:af:6d:01:f0:8a:39:dc:e7:30:ab:9e:90:23:77:3c:
5f:cb:ed:03:40:ef:79:2b:3c:f1:02:8b:3a:79:0e:85:0b:be:
5d:60:9c:3a:b6:42:35:91:73:b3:dd:36:58:fe:8e:de:2b:f1:
69:6b:63:4a:2d:b2:be:6d:a2:ae:46:d8:63:2b:ce:d6:0b:fd:
62:c2:b2:e2:5b:e4:92:38:da:b1:8f:dd:76:5c:77:dc:f5:2d:
e6:48:d1:d2:33:db:77:f5:11:0e:c1:fa:04:bf:45:d4:41:a4:
ce:f5:31:00:c4:a4:68:6d:22:22:3a:6a:36:7f:7e:74:c5:57:
3c:03:c6:0e:f1:bd:fe:8b:a2:bf:1e:34:24:f3:e7:b9:8b:0c:
eb:13:14:eb:0f:d7:2f:9f:48:41:b5:06:ab:de:2d:f3:95:d0:
97:1c:23:8d:3c:c7:85:de:ee:38:b2:52:f0:15:69:24:fc:4d:
68:84:1e:de:66:1f:64:8b:53:d2:48:f3:77:94:6f:9a:d7:40:
75:d2:3c:6c:6a:6b:b8:87:3f:6f:ef:09:cb:94:df:2b:52:f4:
9f:87:8c:af:cb:84:97:91:2f:4b:15:22:12:08:ab:d0:fe:4c:
ea:99:1c:5a:8e:79:e8:59:d9:ae:d4:64:3d:3e:81:2c:b0:f4:
b8:ce:ca:dc
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSlUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcx
NjUzMjJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYwMTU5RkMzOTNDMTRF
NkM4RTA5QzRDMDA3NEFCODcyRUIwQzc3QjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJqNaosNgMLxVPJkCgV6VIDiPI+RbdRrOevIV39lCMoka0RwIm
qtYDiTOP7iqEUu/ZhFc2GolCovVj3v3cVivoL01RAH7G45n3lUySl8W+mlwSHEsD
ZFx5Zaa1nHhTYENa8pg0CeBqmKpUf/MtQDiq/D1nYznvFlVTWNZke74B3ZVmXZ3m
c44SlerwrjOYFyYF0UPQv2TKNwXJbrA4IMDMQMxbq9M2wfECUhRJ/mGYV13im2ZI
RYIly/j3G747P5PqrCNA/2DkOckeK9otFmWx8RFoi4V6Wg7WgB2imAcsBSkoxsVj
N2//eAcUhXaQtTW4ezMV6Nxa7OKtCtGw5tOHAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUYBWfw5PBTmyOCcTAB0q4cusMd7gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lCV2Z3NVBCVG15T0Nj
VEFCMHE0Y3VzTWQ3Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADeo2K9tAfCKOdzn
MKuekCN3PF/L7QNA73krPPECizp5DoULvl1gnDq2QjWRc7PdNlj+jt4r8WlrY0ot
sr5toq5G2GMrztYL/WLCsuJb5JI42rGP3XZcd9z1LeZI0dIz23f1EQ7B+gS/RdRB
pM71MQDEpGhtIiI6ajZ/fnTFVzwDxg7xvf6Lor8eNCTz57mLDOsTFOsP1y+fSEG1
BqveLfOV0JccI408x4Xe7jiyUvAVaST8TWiEHt5mH2SLU9JI83eUb5rXQHXSPGxq
a7iHP2/vCcuU3ytS9J+HjK/LhJeRL0sVIhIIq9D+TOqZHFqOeehZ2a7UZD0+gSyw
9LjOytw=
-----END CERTIFICATE-----
Generated at Sun May 18 01:49:02 2025 by rpki-client