Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_Zv-0AkFRrUOspfhwAjvqW4vDE4.roa
File: _Zv-0AkFRrUOspfhwAjvqW4vDE4.roa (raw, json)
Hash identifier: z4DRkSsx0WE5dszZqve0AXfoonD+3t5+03Lz14kGRlI=
Subject key identifier: FD:9B:FE:D0:09:05:46:B5:0E:B2:97:E1:C0:08:EF:A9:6E:2F:0C:4E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 43AD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_Zv-0AkFRrUOspfhwAjvqW4vDE4.roa
Signing time: Thu 18 Apr 2024 19:52:59 +0000
ROA not before: Thu 18 Apr 2024 19:52:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17325 (0x43ad)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 19:52:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FD9BFED0090546B50EB297E1C008EFA96E2F0C4E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:bf:ea:64:9f:1e:e9:0d:97:a3:a2:ee:bd:93:
c7:b3:c1:97:3b:c8:fd:8e:a9:cc:14:5d:28:57:0e:
42:37:84:5a:8a:3d:76:9f:ca:09:8f:4a:4d:15:b3:
94:2c:53:63:1c:5b:4e:41:03:62:46:12:6a:18:a5:
31:19:05:a6:02:5f:45:2a:93:f3:35:87:cc:12:0a:
09:9d:8f:22:83:63:4f:97:81:11:c5:d0:23:0c:e7:
e7:6c:47:00:38:bb:d7:ae:ee:bd:41:d9:72:3f:e3:
5e:49:59:88:5b:82:7e:23:b2:10:8e:92:24:5f:04:
40:9b:a3:6d:e9:74:23:1f:6f:b6:7b:bd:d0:c1:e6:
b6:72:e7:6d:0e:4c:e3:0d:0d:a0:40:88:6a:a1:33:
12:56:c3:83:e4:c9:14:d3:9a:ed:33:00:5b:dd:e0:
cd:e4:03:e5:32:8d:cd:b0:7e:9c:17:7e:49:4b:91:
ac:71:7d:6b:88:9d:37:38:5f:ce:8f:b8:8f:0b:75:
c2:fb:2b:56:3f:29:a6:01:1c:e9:97:1e:e9:70:51:
44:09:04:b7:b8:f2:7b:30:ab:26:85:87:2a:dc:7b:
0a:e5:f2:c9:cf:6e:a9:c1:be:d9:d6:ba:8c:0f:f7:
12:cf:9e:ef:d0:4c:58:c1:97:4b:67:b5:f5:e9:7f:
21:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:9B:FE:D0:09:05:46:B5:0E:B2:97:E1:C0:08:EF:A9:6E:2F:0C:4E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_Zv-0AkFRrUOspfhwAjvqW4vDE4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
98:5b:be:2f:c3:4a:02:ba:1c:ad:75:40:08:e1:cf:ff:df:77:
74:27:44:bf:56:29:13:32:0f:27:2a:18:21:6e:d5:dd:e8:c4:
98:20:49:aa:6a:d5:1d:f5:f0:43:ad:91:b7:a7:d8:2b:fd:ad:
a4:01:35:c9:46:b3:d9:57:40:7a:f5:3d:11:17:87:5a:11:68:
31:37:07:c7:c9:27:f7:d7:26:2e:29:db:c5:0a:1f:98:0b:b2:
27:6a:56:fe:b2:92:73:54:dc:37:1d:11:7a:17:26:68:c4:57:
b1:17:cc:3f:a7:99:d8:64:c5:8e:91:2b:2e:ed:a0:1d:20:95:
dc:fe:0c:2d:36:8c:cd:ca:5e:6f:a8:d0:93:f0:f5:14:f0:a9:
ce:c4:c3:bf:c8:f3:13:c1:5a:53:7e:68:8a:42:4e:69:81:3c:
c7:91:78:5b:ec:17:d1:37:fa:cb:69:ac:97:f2:80:fd:3b:71:
96:72:a7:98:0c:d4:ce:f6:99:17:6d:0a:55:1e:f5:f1:9e:3e:
b8:9d:db:e0:c0:9f:cd:8f:23:30:81:d9:04:a8:0c:b9:c8:ec:
54:b8:6e:d3:86:63:ee:57:c7:53:87:67:ae:70:6e:23:d7:3a:
05:9a:eb:3e:9c:2a:d5:f4:9a:be:8f:f2:cc:70:d4:32:bf:04:
32:06:b2:61
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQ60wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgx
OTUyNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZEOUJGRUQwMDkwNTQ2
QjUwRUIyOTdFMUMwMDhFRkE5NkUyRjBDNEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYv+pknx7pDZejou69k8ezwZc7yP2OqcwUXShXDkI3hFqKPXaf
ygmPSk0Vs5QsU2McW05BA2JGEmoYpTEZBaYCX0Uqk/M1h8wSCgmdjyKDY0+XgRHF
0CMM5+dsRwA4u9eu7r1B2XI/415JWYhbgn4jshCOkiRfBECbo23pdCMfb7Z7vdDB
5rZy520OTOMNDaBAiGqhMxJWw4PkyRTTmu0zAFvd4M3kA+Uyjc2wfpwXfklLkaxx
fWuInTc4X86PuI8LdcL7K1Y/KaYBHOmXHulwUUQJBLe48nswqyaFhyrcewrl8snP
bqnBvtnWuowP9xLPnu/QTFjBl0tntfXpfyHVAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU/Zv+0AkFRrUOspfhwAjvqW4vDE4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19adi0wQWtGUnJVT3Nw
Zmh3QWp2cVc0dkRFNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJhbvi/DSgK6HK11
QAjhz//fd3QnRL9WKRMyDycqGCFu1d3oxJggSapq1R318EOtkben2Cv9raQBNclG
s9lXQHr1PREXh1oRaDE3B8fJJ/fXJi4p28UKH5gLsidqVv6yknNU3DcdEXoXJmjE
V7EXzD+nmdhkxY6RKy7toB0gldz+DC02jM3KXm+o0JPw9RTwqc7Ew7/I8xPBWlN+
aIpCTmmBPMeReFvsF9E3+stprJfygP07cZZyp5gM1M72mRdtClUe9fGePrid2+DA
n82PIzCB2QSoDLnI7FS4btOGY+5Xx1OHZ65wbiPXOgWa6z6cKtX0mr6P8sxw1DK/
BDIGsmE=
-----END CERTIFICATE-----
Generated at Sat May 17 19:42:25 2025 by rpki-client