Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/iHqpdOs_ZhWqA7C2ejtGLk8X-5A.roa
File: iHqpdOs_ZhWqA7C2ejtGLk8X-5A.roa (raw, json)
Hash identifier: 4KmJ82/9XzwJaz8E9pbN3sGhPA5L5+Cx7HS1LxTV2TU=
Subject key identifier: 88:7A:A9:74:EB:3F:66:15:AA:03:B0:B6:7A:3B:46:2E:4F:17:FB:90
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 52AD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iHqpdOs_ZhWqA7C2ejtGLk8X-5A.roa
Signing time: Wed 08 May 2024 19:54:07 +0000
ROA not before: Wed 08 May 2024 19:54:07 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21165 (0x52ad)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 8 19:54:07 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=887AA974EB3F6615AA03B0B67A3B462E4F17FB90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:8e:55:fe:86:86:9d:29:bb:aa:61:e5:56:6e:
6e:d2:c4:b5:45:2a:e9:38:db:8e:9e:f4:da:09:3e:
ef:c0:aa:86:0f:27:4b:96:8d:6b:ec:c4:07:ff:20:
5f:95:85:46:8d:42:a0:33:49:83:ff:b8:53:19:ba:
43:d6:cc:02:f9:a2:39:65:2f:c5:0c:a4:1d:f8:5c:
f2:db:4f:0a:fd:fb:ff:d5:20:70:86:57:87:c2:2d:
e9:ad:3a:e3:0c:da:59:bb:f2:ce:87:e3:73:42:3b:
6c:c6:67:83:84:f4:55:39:af:23:b0:fe:de:d5:62:
22:e9:b6:91:b9:3c:3d:06:c5:b4:dd:92:34:db:06:
25:28:65:ba:58:c7:6d:c9:f3:23:ae:8c:ec:5d:b6:
d5:55:60:35:6a:68:9b:a6:c7:2f:f9:38:a1:1f:67:
e6:e9:27:a6:c7:a3:3f:98:e6:9a:f6:c7:d0:45:37:
18:4a:f8:9f:1e:46:1a:9d:c8:5a:24:ab:d0:34:74:
38:74:22:57:be:d9:a7:c6:08:ad:ab:02:30:c8:c0:
a4:59:01:19:11:14:e4:70:89:5e:ce:48:b6:00:71:
b1:e6:98:10:e6:19:d3:5a:65:1c:76:15:02:c8:f1:
64:f0:c9:39:74:28:49:b6:98:83:43:26:a3:d4:f3:
6a:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:7A:A9:74:EB:3F:66:15:AA:03:B0:B6:7A:3B:46:2E:4F:17:FB:90
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iHqpdOs_ZhWqA7C2ejtGLk8X-5A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
09:29:a5:95:d9:14:4d:ba:fb:a5:91:7d:79:7c:d9:cb:89:08:
c4:54:d3:00:a1:d5:dc:a8:f3:79:11:ee:bb:06:06:f5:5a:5f:
88:9f:c8:c7:62:a1:b7:35:13:cb:e8:dc:4a:34:19:86:c6:c7:
b5:f8:60:7d:ff:fa:c5:a8:a6:b5:34:cb:9f:7d:f7:4e:c2:4a:
d4:2d:f1:34:41:d1:4f:2f:e3:91:1e:eb:0d:ef:da:98:ab:76:
93:52:47:de:74:3a:cb:ba:3d:c1:3f:c4:c0:1d:f2:dc:82:46:
f4:85:3c:ea:2b:ef:40:eb:94:a9:9c:6d:f0:3b:c3:bd:3d:e4:
3e:e6:61:b2:41:52:fd:5e:73:c4:47:4a:1d:5e:e9:56:80:50:
b5:ca:7a:8c:a9:2f:06:1f:9e:26:4a:a7:d4:4c:cf:90:9f:e7:
ee:7d:69:c3:22:9a:8f:ac:b6:92:52:50:11:20:bd:fc:9d:f6:
13:ff:8d:97:f5:f0:bd:d7:d3:76:8c:57:9f:5a:ba:ae:06:0a:
47:54:8c:82:c8:21:d1:b8:35:dd:54:a0:4c:5e:a0:1e:69:b2:
53:81:d1:0f:c6:c6:79:9a:7f:20:13:64:b4:33:f0:70:2c:9a:
03:d5:c3:99:06:5d:53:aa:2f:26:70:ff:51:3f:a5:18:69:91:
85:f3:18:b1
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUq0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDgx
OTU0MDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg4N0FBOTc0RUIzRjY2
MTVBQTAzQjBCNjdBM0I0NjJFNEYxN0ZCOTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBjlX+hoadKbuqYeVWbm7SxLVFKuk4246e9NoJPu/AqoYPJ0uW
jWvsxAf/IF+VhUaNQqAzSYP/uFMZukPWzAL5ojllL8UMpB34XPLbTwr9+//VIHCG
V4fCLemtOuMM2lm78s6H43NCO2zGZ4OE9FU5ryOw/t7VYiLptpG5PD0GxbTdkjTb
BiUoZbpYx23J8yOujOxdttVVYDVqaJumxy/5OKEfZ+bpJ6bHoz+Y5pr2x9BFNxhK
+J8eRhqdyFokq9A0dDh0Ile+2afGCK2rAjDIwKRZARkRFORwiV7OSLYAcbHmmBDm
GdNaZRx2FQLI8WTwyTl0KEm2mINDJqPU82rJAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUiHqpdOs/ZhWqA7C2ejtGLk8X+5AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lIcXBkT3NfWmhXcUE3
QzJlanRHTGs4WC01QS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAkppZXZFE26+6WR
fXl82cuJCMRU0wCh1dyo83kR7rsGBvVaX4ifyMdiobc1E8vo3Eo0GYbGx7X4YH3/
+sWoprU0y599907CStQt8TRB0U8v45Ee6w3v2pirdpNSR950Osu6PcE/xMAd8tyC
RvSFPOor70DrlKmcbfA7w7095D7mYbJBUv1ec8RHSh1e6VaAULXKeoypLwYfniZK
p9RMz5Cf5+59acMimo+stpJSUBEgvfyd9hP/jZf18L3X03aMV59auq4GCkdUjILI
IdG4Nd1UoExeoB5pslOB0Q/GxnmafyATZLQz8HAsmgPVw5kGXVOqLyZw/1E/pRhp
kYXzGLE=
-----END CERTIFICATE-----
Generated at Sun May 18 01:53:40 2025 by rpki-client