Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZTRThYcartj1i-JloJR8r4KHVSg.roa
File: ZTRThYcartj1i-JloJR8r4KHVSg.roa (raw, json)
Hash identifier: mes6u6GdEaotLO+u01UZZ/vn7yUoalyJtAI25umXtsE=
Subject key identifier: 65:34:53:85:87:1A:AE:D8:F5:8B:E2:65:A0:94:7C:AF:82:87:55:28
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E3D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZTRThYcartj1i-JloJR8r4KHVSg.roa
Signing time: Thu 02 May 2024 21:53:43 +0000
ROA not before: Thu 02 May 2024 21:53:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20029 (0x4e3d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 21:53:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=65345385871AAED8F58BE265A0947CAF82875528
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:93:4e:ea:24:9d:f9:90:a1:f9:c7:ef:ac:da:
19:e4:2e:10:c8:eb:c1:6a:6c:74:a0:be:f6:80:e9:
73:b5:6a:eb:46:f3:47:cf:e4:8a:1f:0f:da:29:76:
ca:46:9e:1e:c2:2d:df:13:93:32:1e:98:86:e0:4a:
64:da:2f:6c:62:65:52:3b:d5:4b:96:a8:cc:90:69:
3a:62:9f:c6:c4:1d:34:4a:22:7c:9c:9b:c1:15:68:
b6:3a:b8:ef:e8:d7:c0:71:f1:bb:9c:de:a6:85:38:
e7:3a:a2:3a:29:0c:00:8a:98:b2:0b:0c:63:fe:6c:
2a:36:7b:d9:ce:13:5d:06:36:04:53:9f:63:08:16:
50:f9:68:4c:30:c3:6f:bf:f1:e3:c0:5a:0a:d5:72:
ef:82:f6:31:48:44:59:18:81:9c:61:58:f7:19:ff:
c1:67:54:6b:c1:86:0a:2f:ac:93:21:3a:f7:92:81:
cb:41:71:92:4b:c2:c4:a2:96:c7:c8:ce:51:95:c1:
91:e9:8b:03:0a:ad:80:21:37:b0:8c:cb:83:84:b0:
11:a9:6e:4b:c4:72:1d:d9:5d:3c:98:18:69:8d:19:
c0:e3:1b:1f:d4:04:35:1b:08:0b:fd:2b:d9:a1:1b:
e6:0f:a3:c8:e4:cb:b1:d1:cc:27:25:e1:d1:54:22:
62:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:34:53:85:87:1A:AE:D8:F5:8B:E2:65:A0:94:7C:AF:82:87:55:28
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZTRThYcartj1i-JloJR8r4KHVSg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
32:77:a8:b7:eb:4e:1e:5e:2f:cb:b8:84:64:6f:c8:3d:4f:85:
28:9e:09:0f:0e:5b:78:72:26:b1:5c:2e:bc:d3:49:0e:dd:a2:
74:b7:2e:ca:50:fa:77:3c:16:ca:a3:c5:f3:ea:c0:58:69:15:
89:0d:f1:38:43:fd:26:36:eb:1f:e2:91:89:15:3c:27:9a:17:
d0:41:1b:47:88:d1:94:20:7c:d2:52:d5:3d:12:44:3f:d5:01:
3b:5f:31:19:96:0d:cb:d1:47:81:6d:78:08:5d:1f:0d:84:95:
1b:8a:ea:ef:2f:44:65:1f:73:af:58:2a:c7:f1:76:28:eb:3b:
0d:06:02:8e:55:29:5d:80:d2:4b:58:10:4b:f4:a7:5e:34:24:
73:53:0e:90:ed:3b:0a:96:76:93:9b:a5:74:37:57:5a:c3:a5:
f2:fb:1b:48:a3:5f:7c:4e:aa:d4:50:91:0c:44:c5:40:56:c6:
e1:36:5e:3d:89:bd:dc:10:6f:88:78:76:2d:30:cb:53:9f:7c:
5b:29:67:04:5d:c6:58:2b:92:67:ed:bd:c9:f4:09:8a:f0:1b:
8b:f3:a2:60:30:4d:84:05:eb:0d:6d:9e:aa:a4:73:4a:0e:1a:
34:54:13:b0:b7:82:37:42:b6:7c:da:a7:c9:8f:b2:81:1b:40:
bb:2c:00:07
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTj0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIy
MTUzNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY1MzQ1Mzg1ODcxQUFF
RDhGNThCRTI2NUEwOTQ3Q0FGODI4NzU1MjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+k07qJJ35kKH5x++s2hnkLhDI68FqbHSgvvaA6XO1autG80fP
5IofD9opdspGnh7CLd8TkzIemIbgSmTaL2xiZVI71UuWqMyQaTpin8bEHTRKInyc
m8EVaLY6uO/o18Bx8buc3qaFOOc6ojopDACKmLILDGP+bCo2e9nOE10GNgRTn2MI
FlD5aEwww2+/8ePAWgrVcu+C9jFIRFkYgZxhWPcZ/8FnVGvBhgovrJMhOveSgctB
cZJLwsSilsfIzlGVwZHpiwMKrYAhN7CMy4OEsBGpbkvEch3ZXTyYGGmNGcDjGx/U
BDUbCAv9K9mhG+YPo8jky7HRzCcl4dFUImIDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUZTRThYcartj1i+JloJR8r4KHVSgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pUUlRoWWNhcnRqMWkt
SmxvSlI4cjRLSFZTZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADJ3qLfrTh5eL8u4
hGRvyD1PhSieCQ8OW3hyJrFcLrzTSQ7donS3LspQ+nc8FsqjxfPqwFhpFYkN8ThD
/SY26x/ikYkVPCeaF9BBG0eI0ZQgfNJS1T0SRD/VATtfMRmWDcvRR4FteAhdHw2E
lRuK6u8vRGUfc69YKsfxdijrOw0GAo5VKV2A0ktYEEv0p140JHNTDpDtOwqWdpOb
pXQ3V1rDpfL7G0ijX3xOqtRQkQxExUBWxuE2Xj2JvdwQb4h4di0wy1OffFspZwRd
xlgrkmftvcn0CYrwG4vzomAwTYQF6w1tnqqkc0oOGjRUE7C3gjdCtnzap8mPsoEb
QLssAAc=
-----END CERTIFICATE-----
Generated at Sun May 18 03:05:22 2025 by rpki-client