Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dlVnaSN0QIyEzbtjPPPwnJ-Dt7U.roa
File: dlVnaSN0QIyEzbtjPPPwnJ-Dt7U.roa (raw, json)
Hash identifier: FKYvtEGYvSrrJrAZYlq2gnIjNtZ3CAhFWl1KNZibCQE=
Subject key identifier: 76:55:67:69:23:74:40:8C:84:CD:BB:63:3C:F3:F0:9C:9F:83:B7:B5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3829
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dlVnaSN0QIyEzbtjPPPwnJ-Dt7U.roa
Signing time: Wed 03 Apr 2024 11:22:19 +0000
ROA not before: Wed 03 Apr 2024 11:22:19 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14377 (0x3829)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 3 11:22:19 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=765567692374408C84CDBB633CF3F09C9F83B7B5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:6c:84:08:97:5f:54:44:7b:d2:ca:a9:7b:cd:
fc:c1:2f:82:19:34:fc:66:af:cf:45:f5:23:a0:4e:
f8:c4:4b:c7:2a:3f:3c:66:a7:38:e0:97:34:5d:0a:
e7:1a:43:39:6d:d6:e3:a6:77:7c:1a:46:36:57:02:
a1:53:30:3d:0e:c7:b0:97:88:2b:4d:2c:0f:8e:a5:
f8:51:35:95:c4:9d:64:94:25:22:2c:97:c3:43:14:
5c:f2:08:ac:d2:e1:4a:27:50:16:0e:92:d5:a7:be:
ec:b1:8c:9b:c0:4b:ea:41:4b:7c:8b:3f:f3:af:64:
76:61:48:95:f8:b6:e7:b1:53:f2:99:77:34:57:2b:
ee:53:dc:65:23:ad:b9:bf:ee:13:b9:29:b4:d6:2c:
39:f9:c5:8c:16:2e:d5:0d:d4:79:a2:f3:79:f4:c4:
b9:73:59:f2:43:a0:f8:83:2f:dc:15:b0:9c:96:d5:
92:72:c6:9a:a3:f8:fe:0f:a1:57:c7:74:4f:38:3a:
8e:66:5b:69:05:65:b9:df:d2:60:50:72:56:b9:b0:
47:b5:02:be:23:33:4a:60:50:c5:de:2e:e7:5e:17:
50:28:8d:3c:6d:06:22:78:59:ac:de:ce:f1:c9:72:
ed:24:9d:9b:3c:45:32:04:16:f5:ba:76:4b:5c:db:
59:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:55:67:69:23:74:40:8C:84:CD:BB:63:3C:F3:F0:9C:9F:83:B7:B5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dlVnaSN0QIyEzbtjPPPwnJ-Dt7U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b6:14:e8:8d:40:de:cf:f0:0b:6b:06:ee:0c:0a:ab:1f:a9:04:
27:7f:9c:50:a7:ef:4e:c2:d1:22:f1:d2:70:7a:4a:74:5a:bc:
23:15:7b:79:cc:2c:99:26:63:24:87:f9:89:51:f1:a0:19:cf:
26:82:15:17:7d:e2:f5:c6:e2:87:b9:0d:b7:7f:2b:02:d5:e3:
27:92:2f:50:18:ef:e1:ee:46:9a:44:ab:f9:07:90:7c:7a:f0:
ec:86:ca:80:ab:d7:54:36:2f:dc:14:b0:a4:21:49:59:45:e1:
35:62:44:c3:64:6f:4f:69:01:36:7d:af:35:74:b5:e9:3f:4a:
42:06:af:60:d3:c5:76:45:88:ea:e4:6f:b6:a5:51:f1:83:f4:
06:d4:e8:56:de:88:7f:ff:8a:84:18:e1:b6:5e:b5:2e:41:5d:
07:88:0b:14:93:04:42:b0:58:3e:bd:1a:bb:7e:2b:d3:93:59:
f1:40:e1:a8:bb:c4:21:10:1b:9c:71:5d:76:19:ab:a5:a0:9e:
85:61:1e:2f:58:e7:da:f7:d6:d4:c8:1d:2c:58:4f:86:5d:ad:
3d:9a:52:47:ae:35:50:af:73:d5:a6:51:e9:53:97:88:7a:40:
6b:21:77:ee:61:46:8d:ce:f2:dc:36:51:92:bc:c6:62:8a:e4:
85:c2:ff:56
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOCkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDMx
MTIyMTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc2NTU2NzY5MjM3NDQw
OEM4NENEQkI2MzNDRjNGMDlDOUY4M0I3QjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMbIQIl19URHvSyql7zfzBL4IZNPxmr89F9SOgTvjES8cqPzxm
pzjglzRdCucaQzlt1uOmd3waRjZXAqFTMD0Ox7CXiCtNLA+OpfhRNZXEnWSUJSIs
l8NDFFzyCKzS4UonUBYOktWnvuyxjJvAS+pBS3yLP/OvZHZhSJX4tuexU/KZdzRX
K+5T3GUjrbm/7hO5KbTWLDn5xYwWLtUN1Hmi83n0xLlzWfJDoPiDL9wVsJyW1ZJy
xpqj+P4PoVfHdE84Oo5mW2kFZbnf0mBQcla5sEe1Ar4jM0pgUMXeLudeF1AojTxt
BiJ4WazezvHJcu0knZs8RTIEFvW6dktc21m3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUdlVnaSN0QIyEzbtjPPPwnJ+Dt7UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RsVm5hU04wUUl5RXpi
dGpQUFB3bkotRHQ3VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALYU6I1A3s/wC2sG
7gwKqx+pBCd/nFCn707C0SLx0nB6SnRavCMVe3nMLJkmYySH+YlR8aAZzyaCFRd9
4vXG4oe5Dbd/KwLV4yeSL1AY7+HuRppEq/kHkHx68OyGyoCr11Q2L9wUsKQhSVlF
4TViRMNkb09pATZ9rzV0tek/SkIGr2DTxXZFiOrkb7alUfGD9AbU6FbeiH//ioQY
4bZetS5BXQeICxSTBEKwWD69Grt+K9OTWfFA4ai7xCEQG5xxXXYZq6WgnoVhHi9Y
59r31tTIHSxYT4ZdrT2aUkeuNVCvc9WmUelTl4h6QGshd+5hRo3O8tw2UZK8xmKK
5IXC/1Y=
-----END CERTIFICATE-----
Generated at Sun May 18 06:37:18 2025 by rpki-client