Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/bzgC3L--3IdXnP0VPf3bcQLY87U.roa
File: bzgC3L--3IdXnP0VPf3bcQLY87U.roa (raw, json)
Hash identifier: Riw8am+YlQOX5/re3m9JEbJ1CHZOIMZu0diF6OIAG3g=
Subject key identifier: 6F:38:02:DC:BF:BE:DC:87:57:9C:FD:15:3D:FD:DB:71:02:D8:F3:B5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4405
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bzgC3L--3IdXnP0VPf3bcQLY87U.roa
Signing time: Fri 19 Apr 2024 06:53:10 +0000
ROA not before: Fri 19 Apr 2024 06:53:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17413 (0x4405)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 06:53:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6F3802DCBFBEDC87579CFD153DFDDB7102D8F3B5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:d0:99:74:30:e0:59:c8:e6:74:69:2c:8d:29:
e6:7f:3f:52:31:da:9c:8d:1d:dc:82:96:e1:37:c3:
b8:bf:3c:2a:9f:6b:3b:ac:85:1f:81:6f:ac:4c:e8:
37:5b:45:fb:43:6e:88:2a:ed:c5:ed:da:a6:4d:94:
5f:97:44:91:14:5b:1b:92:a7:e4:26:2c:76:78:49:
91:e7:10:21:01:04:8d:af:51:2a:09:7c:a1:aa:8b:
08:b6:8c:81:56:5d:ee:a5:0e:93:79:23:cc:66:22:
b0:bc:e3:98:ac:53:fe:d8:e9:46:62:61:8c:e1:f6:
2b:53:3a:b1:1c:77:70:e3:b6:1d:e1:2f:e9:2b:4e:
35:4d:ac:19:46:f5:8f:4b:fe:ff:c3:93:40:53:1a:
3d:2e:ea:a7:fd:91:da:0b:7d:2c:e5:51:82:f4:1c:
85:ee:e7:13:4c:6c:e3:6b:81:a5:11:7a:66:83:ff:
5b:48:d5:d9:81:2f:e7:07:56:43:8b:ae:0b:ee:ea:
2f:b3:a2:1d:e1:ad:43:a4:d1:4c:83:e5:0f:e4:41:
fa:08:b3:66:c7:a9:e5:9e:b3:99:11:93:1f:89:3d:
ce:10:61:44:62:72:f4:b0:93:c4:68:bd:d8:93:6c:
79:ef:e6:ef:48:3e:df:f8:3b:1a:3d:77:2c:2e:65:
ba:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:38:02:DC:BF:BE:DC:87:57:9C:FD:15:3D:FD:DB:71:02:D8:F3:B5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bzgC3L--3IdXnP0VPf3bcQLY87U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
71:59:99:e6:d9:2e:09:69:93:da:8b:5b:31:b9:80:b7:5e:4f:
a9:2b:a9:49:70:9b:6c:c7:fc:de:03:cc:a7:a2:ce:e4:bf:51:
17:19:2c:18:4f:46:90:42:45:6b:46:73:50:2c:99:b4:17:f9:
d9:c2:89:6f:b3:3a:0d:ba:d6:9f:96:e3:7a:a0:06:f1:dc:01:
d3:ae:06:a8:65:2d:b3:6f:70:bf:4b:4e:10:f6:a5:26:39:66:
a9:9e:30:7a:fd:e2:b2:93:5b:6c:4e:80:04:3f:71:1c:45:5f:
74:27:aa:46:bb:f3:7f:3d:a2:2d:e6:28:f0:54:46:d6:43:3b:
72:a9:d8:09:5b:65:13:2d:e7:cd:1a:bc:0b:53:33:98:79:8b:
8d:5a:a2:4e:1a:3c:d9:c8:66:7f:1e:dd:87:67:a8:d9:fb:30:
f4:29:86:61:64:99:7f:38:06:4a:18:97:ba:17:8f:6c:09:51:
c1:9e:56:98:7a:8f:c2:eb:3a:c5:7f:e4:1e:9c:91:51:63:30:
31:1a:4a:c1:6f:0c:51:24:3f:e9:37:b4:ca:5d:46:c4:9f:e6:
de:ce:c2:44:25:63:66:0a:ff:9c:50:61:e3:f2:6b:61:1b:88:
9b:d0:6c:13:9e:76:be:45:38:e6:88:e0:b4:6d:ac:27:29:33:
c4:43:fb:ef
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRAUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkw
NjUzMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZGMzgwMkRDQkZCRURD
ODc1NzlDRkQxNTNERkREQjcxMDJEOEYzQjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC60Jl0MOBZyOZ0aSyNKeZ/P1Ix2pyNHdyCluE3w7i/PCqfazus
hR+Bb6xM6DdbRftDbogq7cXt2qZNlF+XRJEUWxuSp+QmLHZ4SZHnECEBBI2vUSoJ
fKGqiwi2jIFWXe6lDpN5I8xmIrC845isU/7Y6UZiYYzh9itTOrEcd3Djth3hL+kr
TjVNrBlG9Y9L/v/Dk0BTGj0u6qf9kdoLfSzlUYL0HIXu5xNMbONrgaURemaD/1tI
1dmBL+cHVkOLrgvu6i+zoh3hrUOk0UyD5Q/kQfoIs2bHqeWes5kRkx+JPc4QYURi
cvSwk8RovdiTbHnv5u9IPt/4Oxo9dywuZbr/AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUbzgC3L++3IdXnP0VPf3bcQLY87UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2J6Z0MzTC0tM0lkWG5Q
MFZQZjNiY1FMWTg3VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHFZmebZLglpk9qL
WzG5gLdeT6krqUlwm2zH/N4DzKeizuS/URcZLBhPRpBCRWtGc1AsmbQX+dnCiW+z
Og261p+W43qgBvHcAdOuBqhlLbNvcL9LThD2pSY5ZqmeMHr94rKTW2xOgAQ/cRxF
X3Qnqka78389oi3mKPBURtZDO3Kp2AlbZRMt580avAtTM5h5i41aok4aPNnIZn8e
3YdnqNn7MPQphmFkmX84BkoYl7oXj2wJUcGeVph6j8LrOsV/5B6ckVFjMDEaSsFv
DFEkP+k3tMpdRsSf5t7OwkQlY2YK/5xQYePya2EbiJvQbBOedr5FOOaI4LRtrCcp
M8RD++8=
-----END CERTIFICATE-----
Generated at Sun May 18 04:55:32 2025 by rpki-client