Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dvBWR-iVazf41CBPembakXFwrco.roa
File: dvBWR-iVazf41CBPembakXFwrco.roa (raw, json)
Hash identifier: BBPl7wt4K9qSK8Ic137aCELKM5z1P+kN+R6hcREaPoQ=
Subject key identifier: 76:F0:56:47:E8:95:6B:37:F8:D4:20:4F:7A:66:DA:91:71:70:AD:CA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4AC9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dvBWR-iVazf41CBPembakXFwrco.roa
Signing time: Sun 28 Apr 2024 07:23:31 +0000
ROA not before: Sun 28 Apr 2024 07:23:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19145 (0x4ac9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 07:23:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=76F05647E8956B37F8D4204F7A66DA917170ADCA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:23:cd:ef:53:44:cd:5c:77:f1:55:c3:10:1f:
ed:bf:2e:00:d9:fa:86:a5:0c:fb:94:4e:85:c8:ff:
dc:4b:70:26:39:28:3d:90:d8:45:b4:9f:57:5b:a8:
e1:fa:0a:d5:de:a6:d6:4d:5f:06:22:25:b2:64:1a:
15:5c:f0:a3:e7:86:0d:bb:f0:29:12:36:ab:d2:8e:
f2:3d:de:1f:42:10:8e:f3:80:b4:ca:c2:41:d0:dc:
05:7d:da:d1:c1:02:4a:2d:59:1d:a9:c4:30:42:ff:
a3:aa:d4:79:4d:28:ca:63:71:e3:f5:65:d9:ca:00:
11:da:ea:7b:28:9c:3d:f2:2b:22:7c:f5:95:ca:fc:
e7:c8:7f:32:49:13:65:12:a1:f1:43:07:31:8d:71:
eb:c3:f2:b6:54:24:7f:e4:76:06:56:7a:6a:9c:b1:
66:c8:c7:bf:0b:b5:21:fd:c2:83:bb:ea:85:7c:ff:
46:f9:86:04:2a:cf:88:4c:1e:fb:4f:f6:45:52:f5:
64:c7:80:c6:75:57:d8:ba:58:12:d8:4a:af:90:ef:
50:72:1e:d3:ea:c8:8d:fa:79:b3:dc:a5:10:5a:88:
4b:39:f9:82:d3:8f:18:d3:35:f4:3e:94:b2:f7:12:
a1:76:93:99:0f:f2:83:21:02:1e:ba:f2:f9:ce:62:
ec:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:F0:56:47:E8:95:6B:37:F8:D4:20:4F:7A:66:DA:91:71:70:AD:CA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dvBWR-iVazf41CBPembakXFwrco.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
37:0d:80:69:69:bf:7c:e3:a0:8b:8e:77:9e:0f:27:b0:02:b2:
5d:4a:b3:2f:0d:19:e8:c1:be:7a:a7:aa:8f:75:1d:b2:10:63:
bc:5b:b3:b1:82:95:9f:39:c9:f9:5d:ec:9d:45:4d:a4:fd:88:
2a:fe:e1:3c:b5:51:d2:3b:9f:9c:7f:21:b5:c5:4a:9f:78:1d:
f9:c0:b5:35:4d:9e:96:ce:f7:17:a7:12:10:f9:41:75:00:ba:
37:75:97:0c:3a:ec:8f:d9:34:88:26:15:50:32:5b:0c:86:11:
71:cb:c9:e5:76:5d:43:59:48:33:93:b7:8d:6d:6c:bd:9c:01:
69:17:a1:6a:5b:5e:31:d0:c1:59:97:ac:09:cb:e8:3b:52:5a:
26:ec:e1:7d:16:e9:31:42:1f:25:55:da:84:45:8a:f3:ed:81:
47:3d:65:b2:d5:d8:ca:93:2e:29:46:a3:d7:76:51:3a:19:cd:
50:b8:a9:e6:69:3d:b2:ba:ff:bd:ad:ea:43:87:aa:c4:0f:d7:
38:5e:23:52:c1:1a:5e:98:5c:ef:fc:2d:6c:da:ea:57:80:30:
ae:88:6a:62:a4:08:d0:fc:c2:00:67:cf:6f:14:73:91:86:8c:
a8:44:b1:fe:94:4a:7d:5a:6c:c5:e2:0d:ca:c8:a9:44:7f:2f:
b6:28:db:f5
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSskwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgw
NzIzMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc2RjA1NjQ3RTg5NTZC
MzdGOEQ0MjA0RjdBNjZEQTkxNzE3MEFEQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzI83vU0TNXHfxVcMQH+2/LgDZ+oalDPuUToXI/9xLcCY5KD2Q
2EW0n1dbqOH6CtXeptZNXwYiJbJkGhVc8KPnhg278CkSNqvSjvI93h9CEI7zgLTK
wkHQ3AV92tHBAkotWR2pxDBC/6Oq1HlNKMpjceP1ZdnKABHa6nsonD3yKyJ89ZXK
/OfIfzJJE2USofFDBzGNcevD8rZUJH/kdgZWemqcsWbIx78LtSH9woO76oV8/0b5
hgQqz4hMHvtP9kVS9WTHgMZ1V9i6WBLYSq+Q71ByHtPqyI36ebPcpRBaiEs5+YLT
jxjTNfQ+lLL3EqF2k5kP8oMhAh668vnOYuy1AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUdvBWR+iVazf41CBPembakXFwrcowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2R2QldSLWlWYXpmNDFD
QlBlbWJha1hGd3Jjby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADcNgGlpv3zjoIuO
d54PJ7ACsl1Ksy8NGejBvnqnqo91HbIQY7xbs7GClZ85yfld7J1FTaT9iCr+4Ty1
UdI7n5x/IbXFSp94HfnAtTVNnpbO9xenEhD5QXUAujd1lww67I/ZNIgmFVAyWwyG
EXHLyeV2XUNZSDOTt41tbL2cAWkXoWpbXjHQwVmXrAnL6DtSWibs4X0W6TFCHyVV
2oRFivPtgUc9ZbLV2MqTLilGo9d2UToZzVC4qeZpPbK6/72t6kOHqsQP1zheI1LB
Gl6YXO/8LWza6leAMK6IamKkCND8wgBnz28Uc5GGjKhEsf6USn1abMXiDcrIqUR/
L7Yo2/U=
-----END CERTIFICATE-----
Generated at Sat May 17 19:39:00 2025 by rpki-client