Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Zsrc1nfAJxlMjKjp5OD2El1-nqM.roa
File: Zsrc1nfAJxlMjKjp5OD2El1-nqM.roa (raw, json)
Hash identifier: lb3XWSEvlW8/X4apq4evKM6IQj5DaZjY2DTC+5IvQqk=
Subject key identifier: 66:CA:DC:D6:77:C0:27:19:4C:8C:A8:E9:E4:E0:F6:12:5D:7E:9E:A3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4F69
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Zsrc1nfAJxlMjKjp5OD2El1-nqM.roa
Signing time: Sat 04 May 2024 11:23:49 +0000
ROA not before: Sat 04 May 2024 11:23:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20329 (0x4f69)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 4 11:23:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=66CADCD677C027194C8CA8E9E4E0F6125D7E9EA3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:a6:64:26:13:36:2b:2a:2d:93:94:26:53:57:
f8:64:d0:90:84:86:29:39:8f:c4:be:86:c3:0f:aa:
ac:f5:8e:a2:21:0b:70:7b:3d:5c:23:ce:05:72:d3:
6b:88:c4:06:7f:ea:c2:d8:89:d0:e9:7b:d7:8d:7d:
a7:c9:25:4a:ae:60:df:12:e3:1e:6a:9b:ac:71:03:
dc:07:cc:8d:bd:69:d9:5e:22:d8:3b:dc:e2:9c:55:
4f:a1:66:dc:43:76:e0:9f:47:bf:0b:d6:73:af:0d:
1f:3c:25:6b:8a:69:a9:2a:a7:44:ef:83:85:4d:f0:
4d:ce:48:65:10:e5:1a:a4:18:99:e5:d3:34:67:20:
05:60:39:08:0d:1b:9c:65:b8:de:61:05:87:d8:04:
a3:30:b0:a5:08:9a:a0:12:90:2c:d1:04:f9:65:a0:
e3:8c:2e:1c:1b:e4:8f:e2:36:37:61:75:f2:ae:54:
10:a9:00:2d:e6:c8:7a:f8:24:c4:39:49:d6:b3:0f:
96:86:e4:1d:23:fb:1c:07:e6:73:b4:6f:b3:41:bd:
9a:45:0a:44:e1:97:4e:76:8a:66:ae:14:45:c9:05:
86:6b:da:9e:46:10:3b:61:f3:96:4a:b6:6b:6e:45:
be:cd:cb:4d:33:c2:9b:97:30:9e:97:c3:11:b3:db:
78:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:CA:DC:D6:77:C0:27:19:4C:8C:A8:E9:E4:E0:F6:12:5D:7E:9E:A3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Zsrc1nfAJxlMjKjp5OD2El1-nqM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
5f:72:ec:97:dc:6c:57:e9:da:6d:fe:fa:96:67:7f:29:cd:46:
95:54:f0:67:09:6d:fc:97:9b:be:74:7c:1e:99:ff:a6:94:a4:
bb:aa:8c:58:6a:50:aa:4d:b7:71:8f:63:02:b0:44:f7:57:38:
b2:16:59:6e:b1:dd:6c:22:36:7a:45:fe:69:46:08:e5:4c:fb:
0a:c1:db:bf:65:bf:ac:d0:f8:5e:c0:a1:58:27:97:58:e2:0c:
c8:be:11:bd:1a:9d:e3:ec:09:e9:ff:da:bc:e2:80:27:1f:12:
30:21:92:b9:0a:17:07:b3:2a:0c:a3:d7:77:43:42:e2:6e:6b:
ac:ce:39:28:49:c0:1f:0c:34:2d:2c:60:16:e2:6f:9f:0c:51:
54:27:d7:84:53:12:8a:3e:cc:83:86:51:a9:e5:80:b0:b7:a8:
69:7a:46:ef:39:f7:8c:79:df:7b:db:0d:1a:8e:d0:38:19:c5:
c8:c4:b0:dc:b9:b2:2b:3c:fc:07:a4:20:23:13:13:06:f1:94:
83:fe:d9:4d:06:5c:bb:7d:5a:93:09:20:1d:f2:17:cc:09:e7:
50:69:4a:55:a9:4d:69:14:19:9c:94:28:98:df:19:f1:de:f4:
64:c9:85:31:c9:34:ae:d8:b7:f2:a4:1e:d4:09:f4:22:95:95:
21:af:18:98
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICT2kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDQx
MTIzNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY2Q0FEQ0Q2NzdDMDI3
MTk0QzhDQThFOUU0RTBGNjEyNUQ3RTlFQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMpmQmEzYrKi2TlCZTV/hk0JCEhik5j8S+hsMPqqz1jqIhC3B7
PVwjzgVy02uIxAZ/6sLYidDpe9eNfafJJUquYN8S4x5qm6xxA9wHzI29adleItg7
3OKcVU+hZtxDduCfR78L1nOvDR88JWuKaakqp0Tvg4VN8E3OSGUQ5RqkGJnl0zRn
IAVgOQgNG5xluN5hBYfYBKMwsKUImqASkCzRBPlloOOMLhwb5I/iNjdhdfKuVBCp
AC3myHr4JMQ5SdazD5aG5B0j+xwH5nO0b7NBvZpFCkThl052imauFEXJBYZr2p5G
EDth85ZKtmtuRb7Ny00zwpuXMJ6XwxGz23itAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUZsrc1nfAJxlMjKjp5OD2El1+nqMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pzcmMxbmZBSnhsTWpL
anA1T0QyRWwxLW5xTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAF9y7JfcbFfp2m3+
+pZnfynNRpVU8GcJbfyXm750fB6Z/6aUpLuqjFhqUKpNt3GPYwKwRPdXOLIWWW6x
3WwiNnpF/mlGCOVM+wrB279lv6zQ+F7AoVgnl1jiDMi+Eb0anePsCen/2rzigCcf
EjAhkrkKFwezKgyj13dDQuJua6zOOShJwB8MNC0sYBbib58MUVQn14RTEoo+zIOG
UanlgLC3qGl6Ru8594x533vbDRqO0DgZxcjEsNy5sis8/AekICMTEwbxlIP+2U0G
XLt9WpMJIB3yF8wJ51BpSlWpTWkUGZyUKJjfGfHe9GTJhTHJNK7Yt/KkHtQJ9CKV
lSGvGJg=
-----END CERTIFICATE-----
Generated at Sat May 17 22:36:01 2025 by rpki-client