Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YrcR7XcNIlW7Kc8gMvq-wZvtewg.roa
File: YrcR7XcNIlW7Kc8gMvq-wZvtewg.roa (raw, json)
Hash identifier: msXV05lv/Pqh+v1YOPRcRx8IEYDd3FOK4/At+Sa77mU=
Subject key identifier: 62:B7:11:ED:77:0D:22:55:BB:29:CF:20:32:FA:BE:C1:9B:ED:7B:08
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3501
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YrcR7XcNIlW7Kc8gMvq-wZvtewg.roa
Signing time: Sat 30 Mar 2024 06:22:08 +0000
ROA not before: Sat 30 Mar 2024 06:22:08 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13569 (0x3501)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 06:22:08 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=62B711ED770D2255BB29CF2032FABEC19BED7B08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:e3:8d:11:7e:e5:07:7e:51:24:8a:fd:ed:f3:
e7:db:fa:a0:fb:df:42:62:21:ad:aa:69:3a:c4:03:
b4:02:4d:cd:12:9d:8e:b9:be:bc:ff:47:4e:a9:51:
2e:f9:14:61:67:46:f0:a1:26:9f:59:75:4c:c0:62:
0f:86:2d:23:b9:ce:d9:57:aa:d0:16:45:39:65:62:
a4:a4:61:2c:5e:ae:b3:bf:90:f1:b1:7b:41:21:d1:
53:47:7e:9a:c6:c6:45:d5:1b:27:ac:ab:6c:26:fa:
07:4e:f9:bd:55:a5:59:89:c8:83:aa:35:eb:db:1d:
8d:54:5c:27:44:ca:a2:ac:4b:9d:99:b7:35:a9:f0:
51:99:02:50:12:8d:12:53:8d:f1:bb:a4:4c:46:a4:
d2:0f:d8:17:de:a1:b3:09:72:37:c0:ef:55:f0:6f:
b0:76:a4:a6:30:b5:b4:ca:84:2c:8a:7b:72:98:6a:
7b:9e:8a:51:e7:89:12:2b:84:55:79:9d:34:72:8b:
c4:8a:9b:ab:0e:7e:87:9a:24:35:9d:72:7e:5d:ae:
4c:92:6c:aa:cf:22:b4:13:2a:38:56:6c:d6:40:fe:
b7:2a:19:19:40:37:b3:d6:cd:42:0f:d9:e9:d5:ab:
14:4b:74:5b:3a:5c:c5:15:6e:4c:d4:71:a6:44:dd:
4c:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:B7:11:ED:77:0D:22:55:BB:29:CF:20:32:FA:BE:C1:9B:ED:7B:08
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YrcR7XcNIlW7Kc8gMvq-wZvtewg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
3b:70:3b:40:e2:44:5c:80:98:ec:51:b8:ec:60:da:02:8d:7c:
b0:11:48:bb:65:ec:51:8a:31:8b:0b:a5:ff:e8:2e:14:99:dc:
20:2b:7e:52:df:8e:3f:5e:12:f8:2c:59:a1:a1:e5:55:af:83:
40:1f:7c:f8:0d:9b:a2:98:60:02:e2:60:87:a3:2a:45:b2:ab:
17:03:34:b4:ed:f4:f7:82:a3:bf:1e:80:56:dc:c3:95:d2:b7:
2e:f1:dd:93:35:4d:4e:4f:1e:c5:76:1d:84:f4:c5:91:76:8e:
82:ce:fe:c4:c5:92:96:84:0b:6c:25:a5:e2:2c:3d:d9:ac:a0:
a5:18:c6:f7:07:75:7e:7e:7b:98:05:3a:fe:f8:35:50:24:cf:
d3:cc:e8:48:c6:fb:30:a1:86:ca:8f:18:a5:4a:5a:42:d0:3e:
64:40:f1:18:ea:fe:d8:c1:3c:b0:53:33:28:7b:ba:d3:c7:1c:
2a:b7:5f:f7:df:46:d9:ea:f6:9f:10:04:10:91:e6:9b:6c:2b:
27:6d:c6:19:4a:70:ad:9a:11:ad:b4:25:5f:c3:20:d9:90:77:
a0:4b:4f:20:79:a3:a3:41:6a:e0:17:61:87:a1:15:fe:8d:d0:
08:cd:6d:d0:ff:c1:70:0d:9b:05:fa:c8:38:69:76:67:dc:9c:
9f:c0:d2:e0
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNQEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAw
NjIyMDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYyQjcxMUVENzcwRDIy
NTVCQjI5Q0YyMDMyRkFCRUMxOUJFRDdCMDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDC440RfuUHflEkiv3t8+fb+qD730JiIa2qaTrEA7QCTc0SnY65
vrz/R06pUS75FGFnRvChJp9ZdUzAYg+GLSO5ztlXqtAWRTllYqSkYSxerrO/kPGx
e0Eh0VNHfprGxkXVGyesq2wm+gdO+b1VpVmJyIOqNevbHY1UXCdEyqKsS52ZtzWp
8FGZAlASjRJTjfG7pExGpNIP2BfeobMJcjfA71Xwb7B2pKYwtbTKhCyKe3KYanue
ilHniRIrhFV5nTRyi8SKm6sOfoeaJDWdcn5drkySbKrPIrQTKjhWbNZA/rcqGRlA
N7PWzUIP2enVqxRLdFs6XMUVbkzUcaZE3Ux3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUYrcR7XcNIlW7Kc8gMvq+wZvtewgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lyY1I3WGNOSWxXN0tj
OGdNdnEtd1p2dGV3Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADtwO0DiRFyAmOxR
uOxg2gKNfLARSLtl7FGKMYsLpf/oLhSZ3CArflLfjj9eEvgsWaGh5VWvg0AffPgN
m6KYYALiYIejKkWyqxcDNLTt9PeCo78egFbcw5XSty7x3ZM1TU5PHsV2HYT0xZF2
joLO/sTFkpaEC2wlpeIsPdmsoKUYxvcHdX5+e5gFOv74NVAkz9PM6EjG+zChhsqP
GKVKWkLQPmRA8Rjq/tjBPLBTMyh7utPHHCq3X/ffRtnq9p8QBBCR5ptsKydtxhlK
cK2aEa20JV/DINmQd6BLTyB5o6NBauAXYYehFf6N0AjNbdD/wXANmwX6yDhpdmfc
nJ/A0uA=
-----END CERTIFICATE-----
Generated at Sat May 17 22:37:21 2025 by rpki-client