Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/etwFZmZw_5SHXEmqwICjFttvpyM.roa
File: etwFZmZw_5SHXEmqwICjFttvpyM.roa (raw, json)
Hash identifier: NVv1rSW2ErD0Ry460czF1nrXLoFK3ViLVk5UD6k32PQ=
Subject key identifier: 7A:DC:05:66:66:70:FF:94:87:5C:49:AA:C0:80:A3:16:DB:6F:A7:23
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3CB5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/etwFZmZw_5SHXEmqwICjFttvpyM.roa
Signing time: Tue 09 Apr 2024 12:52:41 +0000
ROA not before: Tue 09 Apr 2024 12:52:41 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15541 (0x3cb5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 12:52:41 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7ADC05666670FF94875C49AAC080A316DB6FA723
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:77:de:54:2f:ee:4e:63:9b:15:01:66:92:40:
71:e4:75:27:15:fb:5a:d4:d6:0c:64:1f:57:99:fd:
cd:3e:6b:34:1e:ed:7f:01:08:17:bb:5a:10:a8:3d:
c2:5c:d4:7b:8f:d5:a2:1c:74:1d:b5:3f:24:1d:8f:
ac:d4:33:f1:39:1c:24:b0:73:8f:2d:f8:dd:60:9f:
fb:97:a2:eb:c3:5f:9b:94:03:b3:d7:95:83:c3:3b:
bd:58:37:bf:ea:c3:bb:34:39:11:b6:5d:fa:e1:34:
27:4d:ec:56:b4:46:71:39:99:18:ab:e4:3a:44:b7:
36:6a:09:51:08:61:ce:ec:0f:1c:1f:b9:89:bb:d8:
f6:cc:61:95:ba:00:a2:21:ce:fe:d0:b0:16:28:4c:
07:00:05:b5:4c:2d:ba:aa:9d:be:e1:a9:6f:bd:2b:
36:e9:62:1d:e2:5f:58:8c:5e:e6:ce:94:ab:0b:b9:
d9:82:7b:6b:ef:36:ee:5f:24:01:dc:db:09:55:80:
de:83:78:3d:67:9f:13:0e:93:f3:28:47:90:f6:09:
53:4e:7a:d4:2b:8a:3c:79:52:05:ea:3f:1e:ab:4c:
36:4b:2f:83:68:b0:f4:7b:ee:48:71:37:e2:01:dd:
97:7d:1a:e0:6d:c4:cb:c8:50:14:bf:ef:d2:ff:df:
fa:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:DC:05:66:66:70:FF:94:87:5C:49:AA:C0:80:A3:16:DB:6F:A7:23
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/etwFZmZw_5SHXEmqwICjFttvpyM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
36:2d:a2:fc:b0:36:c7:3a:f9:2b:3d:8d:66:d8:6d:09:e5:3a:
6e:94:42:31:9f:f9:6c:c2:2f:bd:19:f9:83:c8:9c:37:33:55:
8d:32:8c:e3:24:04:f0:b3:c8:66:77:b0:e5:46:a4:a0:61:cf:
1e:72:0c:68:89:12:dd:10:fe:27:f5:5c:9f:f6:7e:0d:82:16:
df:18:e5:af:16:26:29:45:f7:39:37:a3:58:95:59:57:c6:45:
3b:ac:69:bf:d9:58:0b:7f:8f:1b:d0:6f:8a:a5:fa:c1:f7:05:
25:f3:b9:8c:f8:bd:6f:36:d2:9b:79:77:fa:4b:9a:2a:b7:35:
ec:8a:f6:51:ff:2e:de:7c:f5:82:8e:39:e6:8f:12:7a:e3:e7:
cb:5c:b5:f3:04:d7:9d:b5:01:78:b0:a4:11:a2:2c:ad:c5:96:
0d:9b:3c:61:f3:05:e7:a3:68:a2:64:6c:f9:ff:b0:4c:af:25:
a5:f6:51:16:df:8d:b2:88:ec:97:dc:7d:43:50:2d:77:e9:0c:
df:91:d2:68:5b:7c:c2:c3:80:45:87:8b:93:20:b8:07:40:97:
12:39:a2:21:9d:84:aa:27:71:21:ea:fc:03:fe:26:0d:ea:d0:
7d:ba:fb:ed:78:ad:93:69:a4:12:95:8d:4b:99:48:9a:37:8e:
42:12:47:09
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPLUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkx
MjUyNDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdBREMwNTY2NjY3MEZG
OTQ4NzVDNDlBQUMwODBBMzE2REI2RkE3MjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxd95UL+5OY5sVAWaSQHHkdScV+1rU1gxkH1eZ/c0+azQe7X8B
CBe7WhCoPcJc1HuP1aIcdB21PyQdj6zUM/E5HCSwc48t+N1gn/uXouvDX5uUA7PX
lYPDO71YN7/qw7s0ORG2XfrhNCdN7Fa0RnE5mRir5DpEtzZqCVEIYc7sDxwfuYm7
2PbMYZW6AKIhzv7QsBYoTAcABbVMLbqqnb7hqW+9KzbpYh3iX1iMXubOlKsLudmC
e2vvNu5fJAHc2wlVgN6DeD1nnxMOk/MoR5D2CVNOetQrijx5UgXqPx6rTDZLL4No
sPR77khxN+IB3Zd9GuBtxMvIUBS/79L/3/rRAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUetwFZmZw/5SHXEmqwICjFttvpyMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2V0d0ZabVp3XzVTSFhF
bXF3SUNqRnR0dnB5TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADYtovywNsc6+Ss9
jWbYbQnlOm6UQjGf+WzCL70Z+YPInDczVY0yjOMkBPCzyGZ3sOVGpKBhzx5yDGiJ
Et0Q/if1XJ/2fg2CFt8Y5a8WJilF9zk3o1iVWVfGRTusab/ZWAt/jxvQb4ql+sH3
BSXzuYz4vW820pt5d/pLmiq3NeyK9lH/Lt589YKOOeaPEnrj58tctfME1521AXiw
pBGiLK3Flg2bPGHzBeejaKJkbPn/sEyvJaX2URbfjbKI7JfcfUNQLXfpDN+R0mhb
fMLDgEWHi5MguAdAlxI5oiGdhKoncSHq/AP+Jg3q0H26++14rZNppBKVjUuZSJo3
jkISRwk=
-----END CERTIFICATE-----
Generated at Sun May 18 04:50:51 2025 by rpki-client