Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ekrfzf4y_EzM-TikJpxtvZB2OuE.roa
File: ekrfzf4y_EzM-TikJpxtvZB2OuE.roa (raw, json)
Hash identifier: 3z0UFE00BbGGoWzMHFzSFh/iWgySkaQsfhV4ID2/KLk=
Subject key identifier: 7A:4A:DF:CD:FE:32:FC:4C:CC:F9:38:A4:26:9C:6D:BD:90:76:3A:E1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3EAD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ekrfzf4y_EzM-TikJpxtvZB2OuE.roa
Signing time: Fri 12 Apr 2024 03:52:48 +0000
ROA not before: Fri 12 Apr 2024 03:52:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16045 (0x3ead)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 03:52:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7A4ADFCDFE32FC4CCCF938A4269C6DBD90763AE1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:fc:0c:fd:ee:2e:c5:73:47:4c:9a:4c:6f:f6:
1f:ec:53:ae:4c:4e:28:46:f5:2f:71:1f:f6:f8:b3:
ee:f9:90:14:cf:74:2e:11:b6:b6:6a:8d:23:d5:a6:
60:14:a7:1f:69:70:70:55:a0:65:67:a1:09:db:ea:
f2:98:e3:28:2f:85:c0:44:53:5c:0d:1d:2d:d5:be:
81:97:60:9d:5f:e9:05:d5:bc:34:ba:86:58:42:35:
64:0a:24:e2:c8:c8:44:c9:06:51:3a:c9:3a:5c:e5:
1e:0d:e1:99:a9:99:f2:4a:4d:81:7b:00:d7:af:1f:
74:a5:1f:bb:39:c8:c5:83:42:70:da:25:44:b1:7d:
d8:ae:f9:9f:26:5f:37:be:3a:fd:89:7e:67:65:c7:
7e:79:50:8a:03:65:2f:a7:bd:b2:78:83:25:93:33:
f0:6d:67:ae:b9:e7:18:76:73:13:b8:61:69:fd:9c:
12:47:36:36:b4:6e:e3:11:3e:5b:80:0d:1e:7f:78:
e8:5b:50:e2:12:6d:0c:ce:b6:1e:f4:d7:c6:93:2f:
58:63:30:62:72:d4:3d:79:f6:ed:bc:0c:df:05:87:
03:52:c4:de:82:34:7e:8d:5f:a0:8f:ba:8a:2f:d8:
b6:0e:a6:40:61:78:c1:84:e7:4e:08:a8:d6:f3:f0:
2a:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:4A:DF:CD:FE:32:FC:4C:CC:F9:38:A4:26:9C:6D:BD:90:76:3A:E1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ekrfzf4y_EzM-TikJpxtvZB2OuE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
ba:12:b6:78:f5:68:f6:55:a2:f9:86:0a:4f:01:69:82:70:02:
e8:06:1e:47:49:e7:38:6c:99:8d:a7:d7:97:cb:bf:f4:cf:8a:
65:80:d3:3a:d8:4b:87:83:0c:0e:b8:63:03:94:b1:1b:86:89:
42:df:d2:3d:5d:3b:86:7f:e1:af:ea:a9:b6:be:c7:3a:19:e2:
4e:e4:6c:85:10:0e:c6:97:2c:27:4c:8b:81:59:31:5f:0a:ea:
d3:8f:0f:75:66:0f:ac:e7:80:d3:ba:7d:5a:1c:42:e5:f7:d8:
e0:d6:59:bc:15:76:29:c8:db:39:c7:d6:49:7a:59:77:51:b5:
29:80:af:72:2e:78:95:44:de:52:0b:02:26:00:d5:1c:a5:7c:
df:d2:d5:ac:31:13:5b:81:c1:6d:bd:89:76:1a:3d:f3:24:e5:
b7:77:f4:c3:dd:b4:26:85:38:84:7b:80:66:19:fa:18:43:56:
fb:85:72:7b:5a:34:eb:94:5d:e3:b2:92:21:02:5e:cf:af:3a:
6c:37:d6:b7:55:b6:98:9c:a6:73:79:cd:78:61:2a:46:34:b3:
d6:aa:e1:08:30:51:c9:06:67:d5:25:02:71:91:57:2f:8e:f5:
f2:ba:3f:76:4c:7a:6e:e6:88:40:db:00:88:44:a8:9e:ee:59:
79:d2:d7:5f
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPq0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIw
MzUyNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdBNEFERkNERkUzMkZD
NENDQ0Y5MzhBNDI2OUM2REJEOTA3NjNBRTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDE/Az97i7Fc0dMmkxv9h/sU65MTihG9S9xH/b4s+75kBTPdC4R
trZqjSPVpmAUpx9pcHBVoGVnoQnb6vKY4ygvhcBEU1wNHS3VvoGXYJ1f6QXVvDS6
hlhCNWQKJOLIyETJBlE6yTpc5R4N4ZmpmfJKTYF7ANevH3SlH7s5yMWDQnDaJUSx
fdiu+Z8mXze+Ov2Jfmdlx355UIoDZS+nvbJ4gyWTM/BtZ6655xh2cxO4YWn9nBJH
Nja0buMRPluADR5/eOhbUOISbQzOth7018aTL1hjMGJy1D159u28DN8FhwNSxN6C
NH6NX6CPuoov2LYOpkBheMGE504IqNbz8CqtAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUekrfzf4y/EzM+TikJpxtvZB2OuEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2VrcmZ6ZjR5X0V6TS1U
aWtKcHh0dlpCMk91RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALoStnj1aPZVovmG
Ck8BaYJwAugGHkdJ5zhsmY2n15fLv/TPimWA0zrYS4eDDA64YwOUsRuGiULf0j1d
O4Z/4a/qqba+xzoZ4k7kbIUQDsaXLCdMi4FZMV8K6tOPD3VmD6zngNO6fVocQuX3
2ODWWbwVdinI2znH1kl6WXdRtSmAr3IueJVE3lILAiYA1RylfN/S1awxE1uBwW29
iXYaPfMk5bd39MPdtCaFOIR7gGYZ+hhDVvuFcntaNOuUXeOykiECXs+vOmw31rdV
tpicpnN5zXhhKkY0s9aq4QgwUckGZ9UlAnGRVy+O9fK6P3ZMem7miEDbAIhEqJ7u
WXnS118=
-----END CERTIFICATE-----
Generated at Sat May 17 21:20:23 2025 by rpki-client