Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_OamOZwqRE32aOPgF9RIMIUYmeg.roa
File: _OamOZwqRE32aOPgF9RIMIUYmeg.roa (raw, json)
Hash identifier: 0Y08/dJ8z4Qo3ru6ydQzAn5kiACvhrRM7HU13PMKy7A=
Subject key identifier: FC:E6:A6:39:9C:2A:44:4D:F6:68:E3:E0:17:D4:48:30:85:18:99:E8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 51CD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_OamOZwqRE32aOPgF9RIMIUYmeg.roa
Signing time: Tue 07 May 2024 15:54:10 +0000
ROA not before: Tue 07 May 2024 15:54:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20941 (0x51cd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 15:54:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FCE6A6399C2A444DF668E3E017D44830851899E8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:9e:76:df:6f:cf:9d:69:da:25:78:9a:f7:63:
06:76:1d:dc:2b:3b:86:59:c9:54:cb:94:21:50:eb:
63:34:03:e8:9e:ed:75:8a:76:c6:75:dc:91:4c:ec:
8d:94:8e:1b:0d:56:1d:39:06:91:69:f5:38:8d:42:
e3:8b:c6:fe:c1:bc:c6:c4:17:fe:7c:e7:31:0c:f7:
e5:68:e1:f6:41:d0:94:e6:b8:fd:05:1c:82:80:f8:
38:87:e6:8e:5a:9f:28:5c:0e:9b:5b:33:29:c2:92:
47:d1:64:f0:52:9a:8c:12:31:3d:a0:14:cc:55:18:
7c:47:20:bb:bc:ce:e9:95:0d:2c:c0:fd:d3:8f:de:
ea:c1:29:67:4d:c4:08:39:41:cd:4a:e5:3e:89:5d:
9e:b2:4f:da:52:73:65:70:18:9a:d7:f0:1b:97:a2:
d9:54:07:ec:ae:07:4f:e3:02:0f:8f:b9:13:d5:3d:
ea:ee:9d:f2:a0:bd:36:1a:db:3e:67:5d:fe:c8:91:
18:84:2b:53:9a:12:4d:0f:9a:c1:fe:c6:d3:76:29:
0b:67:35:03:e9:3c:b6:4f:71:7b:9a:10:89:43:da:
d6:f1:44:a6:33:70:03:51:1f:91:ee:75:d4:71:30:
df:6c:43:9f:af:fe:be:c7:20:04:7f:72:bd:20:9a:
de:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:E6:A6:39:9C:2A:44:4D:F6:68:E3:E0:17:D4:48:30:85:18:99:E8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_OamOZwqRE32aOPgF9RIMIUYmeg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
8a:1e:69:5b:85:29:8a:b7:58:fa:78:9c:9b:d1:46:ec:98:20:
27:89:9d:e6:06:36:3a:f7:c4:2b:18:66:9f:69:1d:69:10:e9:
d6:0f:30:82:5a:50:97:6c:7e:6a:cc:0e:5f:c0:df:e4:3c:bb:
18:02:ac:52:b6:10:cb:0f:63:6f:be:44:01:a3:40:cd:5b:86:
77:b4:c0:ff:e6:f9:7c:71:2a:54:63:10:38:9c:23:d6:cf:94:
38:ea:0e:5b:34:30:c1:af:4f:82:04:0b:f0:73:98:6e:ce:f0:
77:7e:88:d8:45:69:d2:8f:e3:7d:a7:72:a8:88:21:6e:d6:9d:
ac:3a:75:33:7d:1a:f1:b0:e0:f0:e8:be:e2:51:78:87:fe:16:
1f:69:bd:73:66:dc:4a:06:2f:79:e2:e2:d2:a9:fe:0f:a4:27:
c6:75:d2:f4:bb:b2:7a:63:db:2f:3c:c3:ae:1c:aa:be:49:91:
6d:e1:22:46:05:31:ab:67:e2:56:53:8a:e3:18:8a:0e:ec:8f:
f7:c4:f3:47:17:a7:e6:82:b0:49:b9:ba:2e:01:c4:a5:ce:37:
5f:97:32:7d:62:4f:ab:ca:7e:82:e9:b7:1f:d8:8e:9b:45:08:
86:58:39:84:80:de:e3:54:2d:43:76:c9:72:5b:de:81:52:1c:
8c:52:2e:9c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUc0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcx
NTU0MTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZDRTZBNjM5OUMyQTQ0
NERGNjY4RTNFMDE3RDQ0ODMwODUxODk5RTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhnnbfb8+dadoleJr3YwZ2HdwrO4ZZyVTLlCFQ62M0A+ie7XWK
dsZ13JFM7I2UjhsNVh05BpFp9TiNQuOLxv7BvMbEF/585zEM9+Vo4fZB0JTmuP0F
HIKA+DiH5o5anyhcDptbMynCkkfRZPBSmowSMT2gFMxVGHxHILu8zumVDSzA/dOP
3urBKWdNxAg5Qc1K5T6JXZ6yT9pSc2VwGJrX8BuXotlUB+yuB0/jAg+PuRPVPeru
nfKgvTYa2z5nXf7IkRiEK1OaEk0PmsH+xtN2KQtnNQPpPLZPcXuaEIlD2tbxRKYz
cANRH5HuddRxMN9sQ5+v/r7HIAR/cr0gmt5bAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU/OamOZwqRE32aOPgF9RIMIUYmegwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19PYW1PWndxUkUzMmFP
UGdGOVJJTUlVWW1lZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIoeaVuFKYq3WPp4
nJvRRuyYICeJneYGNjr3xCsYZp9pHWkQ6dYPMIJaUJdsfmrMDl/A3+Q8uxgCrFK2
EMsPY2++RAGjQM1bhne0wP/m+XxxKlRjEDicI9bPlDjqDls0MMGvT4IEC/BzmG7O
8Hd+iNhFadKP432ncqiIIW7Wnaw6dTN9GvGw4PDovuJReIf+Fh9pvXNm3EoGL3ni
4tKp/g+kJ8Z10vS7snpj2y88w64cqr5JkW3hIkYFMatn4lZTiuMYig7sj/fE80cX
p+aCsEm5ui4BxKXON1+XMn1iT6vKfoLptx/YjptFCIZYOYSA3uNULUN2yXJb3oFS
HIxSLpw=
-----END CERTIFICATE-----
Generated at Sat May 17 19:44:32 2025 by rpki-client