Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ihvwwZXtEzDEtmHcKFwgVVKZ6cs.roa
File: ihvwwZXtEzDEtmHcKFwgVVKZ6cs.roa (raw, json)
Hash identifier: Vykhh18xmwu4NJjasSlcOqtYhmV3n80viVesXfcKwf0=
Subject key identifier: 8A:1B:F0:C1:95:ED:13:30:C4:B6:61:DC:28:5C:20:55:52:99:E9:CB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5205
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ihvwwZXtEzDEtmHcKFwgVVKZ6cs.roa
Signing time: Tue 07 May 2024 22:54:04 +0000
ROA not before: Tue 07 May 2024 22:54:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20997 (0x5205)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 22:54:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8A1BF0C195ED1330C4B661DC285C20555299E9CB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:c6:8c:6b:69:3f:b5:b7:a5:b0:11:08:85:68:
71:88:ae:1f:f9:9a:4f:a1:2b:c5:8f:4e:34:e6:ec:
19:45:83:39:a0:5e:01:f9:ae:86:11:01:2e:e8:21:
c0:4d:a3:ac:bd:8d:f4:9a:b4:63:ba:db:df:8f:9f:
96:83:f7:cf:bf:bc:ea:7d:a6:0d:27:60:ca:eb:c3:
44:fb:35:a9:88:9e:1b:34:21:19:23:ff:e6:cc:e1:
81:0f:ec:c0:a2:a6:61:98:4b:9e:b1:40:14:3c:f9:
a9:35:6d:61:51:c8:74:33:20:70:57:fa:7f:86:8d:
f2:b1:73:ca:ae:2b:cf:71:2c:f2:7f:60:4e:9a:e8:
ed:14:6f:59:91:3b:c6:c5:ac:0f:5a:f3:b8:7a:d9:
ed:89:74:b7:36:e2:8a:ea:99:35:bc:83:46:a7:e7:
f2:c3:0a:bb:79:70:70:ef:d4:7d:da:48:a7:96:2c:
dc:62:28:d7:74:94:8a:3f:6c:55:a2:82:02:03:8c:
57:33:40:22:08:d6:8a:ef:fb:55:17:8f:c2:28:dc:
f8:5c:25:47:c0:9b:d0:7e:34:03:fb:6c:1a:a4:58:
62:2c:0b:27:86:2d:ab:53:2f:54:d2:26:38:11:9d:
88:1d:bc:3b:f2:04:78:24:6a:e9:ac:2e:52:53:be:
4d:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:1B:F0:C1:95:ED:13:30:C4:B6:61:DC:28:5C:20:55:52:99:E9:CB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ihvwwZXtEzDEtmHcKFwgVVKZ6cs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
2c:78:52:29:4d:c2:46:2e:ab:33:b1:1c:3f:db:7f:3e:6e:66:
2f:95:71:80:08:15:3d:3b:bf:ff:8e:73:e5:6f:09:d8:22:35:
2f:4a:85:2e:37:f6:50:9b:03:8c:63:a4:73:1a:7c:8b:95:44:
d2:23:7a:08:53:f5:ad:95:84:5b:f2:fc:00:21:aa:fd:00:fe:
46:a4:d9:dd:3e:3d:6c:a9:23:08:b4:2f:aa:7b:dd:0f:1c:a1:
4b:0d:4d:80:f0:19:bb:a5:89:c3:9d:33:a3:39:b6:de:1f:6a:
34:33:53:76:f4:22:e0:20:21:4c:87:78:b7:25:6e:9c:70:55:
11:71:04:62:80:05:e8:8c:4d:51:b9:78:41:96:8a:95:95:d7:
dc:fe:32:de:24:33:f9:88:d6:b7:3e:5f:36:2e:15:73:d9:af:
b1:38:56:80:d0:79:83:0a:79:18:f8:e6:b1:35:2a:93:f2:aa:
0c:86:ec:d0:bc:1f:36:0f:ec:7a:fe:5e:0c:2d:80:a4:5d:ac:
37:ca:d6:ee:cf:a6:33:96:07:65:89:28:09:42:09:94:73:46:
d1:7c:96:ee:a1:c7:c2:4b:94:54:c4:69:aa:eb:1e:17:f4:e2:
f8:8d:f4:72:22:19:3b:e3:81:de:dd:7e:ff:bb:24:24:6a:07:
f0:74:bc:7f
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUgUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcy
MjU0MDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhBMUJGMEMxOTVFRDEz
MzBDNEI2NjFEQzI4NUMyMDU1NTI5OUU5Q0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDaxoxraT+1t6WwEQiFaHGIrh/5mk+hK8WPTjTm7BlFgzmgXgH5
roYRAS7oIcBNo6y9jfSatGO629+Pn5aD98+/vOp9pg0nYMrrw0T7NamInhs0IRkj
/+bM4YEP7MCipmGYS56xQBQ8+ak1bWFRyHQzIHBX+n+GjfKxc8quK89xLPJ/YE6a
6O0Ub1mRO8bFrA9a87h62e2JdLc24orqmTW8g0an5/LDCrt5cHDv1H3aSKeWLNxi
KNd0lIo/bFWiggIDjFczQCII1orv+1UXj8Io3PhcJUfAm9B+NAP7bBqkWGIsCyeG
LatTL1TSJjgRnYgdvDvyBHgkaumsLlJTvk1bAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUihvwwZXtEzDEtmHcKFwgVVKZ6cswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lodnd3Wlh0RXpERXRt
SGNLRndnVlZLWjZjcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACx4UilNwkYuqzOx
HD/bfz5uZi+VcYAIFT07v/+Oc+VvCdgiNS9KhS439lCbA4xjpHMafIuVRNIjeghT
9a2VhFvy/AAhqv0A/kak2d0+PWypIwi0L6p73Q8coUsNTYDwGbulicOdM6M5tt4f
ajQzU3b0IuAgIUyHeLclbpxwVRFxBGKABeiMTVG5eEGWipWV19z+Mt4kM/mI1rc+
XzYuFXPZr7E4VoDQeYMKeRj45rE1KpPyqgyG7NC8HzYP7Hr+XgwtgKRdrDfK1u7P
pjOWB2WJKAlCCZRzRtF8lu6hx8JLlFTEaarrHhf04viN9HIiGTvjgd7dfv+7JCRq
B/B0vH8=
-----END CERTIFICATE-----
Generated at Sat May 17 22:39:09 2025 by rpki-client