Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hzRe1TXg1C_Oqp7PIf4zZlRUXIY.roa
File: hzRe1TXg1C_Oqp7PIf4zZlRUXIY.roa (raw, json)
Hash identifier: 9m3nnQnM1CjRsa9sIpK8khdkm6hZq8NoiY23UH4sJuM=
Subject key identifier: 87:34:5E:D5:35:E0:D4:2F:CE:AA:9E:CF:21:FE:33:66:54:54:5C:86
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3919
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hzRe1TXg1C_Oqp7PIf4zZlRUXIY.roa
Signing time: Thu 04 Apr 2024 17:22:20 +0000
ROA not before: Thu 04 Apr 2024 17:22:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14617 (0x3919)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 4 17:22:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=87345ED535E0D42FCEAA9ECF21FE336654545C86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:f9:14:87:db:b6:1c:ed:8e:0a:6a:ec:41:5c:
11:ad:10:1b:be:e0:54:41:5d:20:bd:43:ee:9d:58:
7c:a0:79:a2:7e:1f:8e:23:e1:52:a7:9c:dc:6d:f3:
d2:49:03:be:dc:de:79:4c:27:af:2c:00:0e:45:d8:
4b:37:31:57:4a:e2:f4:bb:6d:19:f5:cd:c2:56:4b:
4d:4f:47:ab:56:5d:a0:92:7d:2b:ab:08:59:5f:87:
37:e7:db:62:6f:06:e4:c1:fa:24:3c:e3:cc:ea:13:
25:9c:71:fe:60:34:f4:b6:f9:c5:20:40:01:ef:bc:
d7:cf:ab:33:b3:5f:fa:2a:15:ad:fa:86:47:50:4f:
f0:cc:90:85:a1:0d:c2:eb:d8:2c:28:79:fe:14:59:
2a:15:26:fe:49:96:36:48:51:ed:15:e0:49:9c:a7:
7f:79:ec:cf:6f:d1:9c:04:87:0e:5d:7c:fe:cb:98:
87:b7:de:da:7a:0e:41:cb:92:c2:61:08:6d:62:c5:
c5:f6:64:52:24:9e:ed:80:94:c0:26:35:df:b0:a3:
54:ac:42:38:6b:36:d6:2d:3c:1a:4f:62:a8:e5:cd:
00:26:91:dd:f7:ba:41:72:19:73:cb:f1:3e:58:04:
7c:ec:9e:5a:aa:28:8b:54:6d:7e:a4:13:d9:37:0e:
75:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:34:5E:D5:35:E0:D4:2F:CE:AA:9E:CF:21:FE:33:66:54:54:5C:86
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hzRe1TXg1C_Oqp7PIf4zZlRUXIY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
47:ee:fb:2b:84:bb:3a:b8:fa:15:4e:ad:85:20:87:c0:6d:e9:
67:d6:2c:5b:24:da:21:9e:3f:6e:0b:62:19:54:54:48:17:6f:
98:a7:5f:3f:c2:22:41:d8:79:a8:d1:e7:b5:8d:fe:f0:45:5a:
99:0b:3e:b4:6c:71:cb:dc:24:be:91:2b:8a:4e:91:79:fa:47:
04:13:e2:38:5e:9a:a4:c1:9c:93:0d:bd:77:af:dd:0b:01:4a:
2f:8d:1e:5d:e7:6f:0b:e6:68:71:a4:26:14:24:1f:69:bc:1e:
e8:17:0b:41:8b:04:58:f6:da:67:69:f1:b4:a6:ca:cb:9b:79:
be:75:7a:21:5a:20:ab:74:4a:54:30:87:5c:4b:62:69:19:3a:
ae:e5:84:8e:bd:3a:88:7d:99:9e:79:e4:42:8f:85:fb:07:5f:
e5:64:d6:ad:0b:6d:bf:a0:0a:8f:9d:48:10:e9:ce:40:a9:37:
9a:50:75:85:69:9f:cf:15:50:1e:c9:7f:ac:82:b4:30:a5:19:
8b:ee:e6:2b:63:e9:8b:04:b5:35:6e:c9:09:26:bc:f8:75:d4:
35:92:6d:c7:74:c3:13:18:de:be:a3:3e:b9:49:8d:77:63:a4:
56:18:80:99:51:c9:ca:72:b1:b0:60:80:16:62:ca:30:ed:3e:
f2:db:d8:62
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICORkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDQx
NzIyMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg3MzQ1RUQ1MzVFMEQ0
MkZDRUFBOUVDRjIxRkUzMzY2NTQ1NDVDODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCy+RSH27Yc7Y4KauxBXBGtEBu+4FRBXSC9Q+6dWHygeaJ+H44j
4VKnnNxt89JJA77c3nlMJ68sAA5F2Es3MVdK4vS7bRn1zcJWS01PR6tWXaCSfSur
CFlfhzfn22JvBuTB+iQ848zqEyWccf5gNPS2+cUgQAHvvNfPqzOzX/oqFa36hkdQ
T/DMkIWhDcLr2Cwoef4UWSoVJv5JljZIUe0V4Emcp3957M9v0ZwEhw5dfP7LmIe3
3tp6DkHLksJhCG1ixcX2ZFIknu2AlMAmNd+wo1SsQjhrNtYtPBpPYqjlzQAmkd33
ukFyGXPL8T5YBHzsnlqqKItUbX6kE9k3DnXfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUhzRe1TXg1C/Oqp7PIf4zZlRUXIYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2h6UmUxVFhnMUNfT3Fw
N1BJZjR6WmxSVVhJWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEfu+yuEuzq4+hVO
rYUgh8Bt6WfWLFsk2iGeP24LYhlUVEgXb5inXz/CIkHYeajR57WN/vBFWpkLPrRs
ccvcJL6RK4pOkXn6RwQT4jhemqTBnJMNvXev3QsBSi+NHl3nbwvmaHGkJhQkH2m8
HugXC0GLBFj22mdp8bSmysubeb51eiFaIKt0SlQwh1xLYmkZOq7lhI69Ooh9mZ55
5EKPhfsHX+Vk1q0Lbb+gCo+dSBDpzkCpN5pQdYVpn88VUB7Jf6yCtDClGYvu5itj
6YsEtTVuyQkmvPh11DWSbcd0wxMY3r6jPrlJjXdjpFYYgJlRycpysbBggBZiyjDt
PvLb2GI=
-----END CERTIFICATE-----
Generated at Sat May 17 22:38:10 2025 by rpki-client