Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/j-Cr1fG2yIFLpe-WLHzTLGJU3sg.roa
File: j-Cr1fG2yIFLpe-WLHzTLGJU3sg.roa (raw, json)
Hash identifier: IgWO7OGn/oVHphV61Nge6mwChRIwel1Lq+hBCgOgSQg=
Subject key identifier: 8F:E0:AB:D5:F1:B6:C8:81:4B:A5:EF:96:2C:7C:D3:2C:62:54:DE:C8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4AD1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j-Cr1fG2yIFLpe-WLHzTLGJU3sg.roa
Signing time: Sun 28 Apr 2024 08:23:25 +0000
ROA not before: Sun 28 Apr 2024 08:23:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19153 (0x4ad1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 08:23:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8FE0ABD5F1B6C8814BA5EF962C7CD32C6254DEC8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:ed:eb:7e:37:e9:36:e0:15:43:4b:3f:69:28:
60:4f:96:8c:37:b7:26:8c:19:34:55:c8:bd:fe:f1:
dd:1f:71:c9:5b:b6:ce:a0:83:c3:2c:a5:6e:49:70:
ff:2c:ac:49:ad:7f:29:92:fa:ad:5b:50:f3:32:a4:
56:08:72:16:24:89:14:8f:6b:5c:a8:2c:ff:93:cd:
e0:42:29:eb:4e:04:16:af:8f:2d:5c:0d:2d:cd:4b:
90:21:72:a8:01:37:6a:0f:42:e9:db:f9:f5:93:39:
95:26:3f:ca:19:fb:f1:50:ca:82:24:f8:7e:36:68:
57:b2:fa:24:d7:a2:88:1b:93:83:23:8a:a9:3a:05:
79:35:8b:4e:e8:a8:a8:5f:02:cf:19:cf:74:1e:3a:
13:e8:4c:1c:f3:5f:07:63:6c:c5:84:a9:ae:dd:29:
52:61:d3:4e:c7:fd:b1:97:4b:98:36:43:5b:34:b4:
1f:64:41:16:28:d3:9c:3b:d0:23:78:75:df:89:df:
9f:a1:2e:54:1a:77:ae:54:65:0a:ca:e1:5b:19:08:
47:37:b1:9f:24:f5:b8:56:14:de:02:9f:cd:ea:af:
7b:8e:ad:10:35:e6:11:e2:0d:a4:ba:6a:41:7f:5b:
c6:fd:e0:d7:dd:b5:60:51:17:cf:84:07:a7:2f:fd:
23:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:E0:AB:D5:F1:B6:C8:81:4B:A5:EF:96:2C:7C:D3:2C:62:54:DE:C8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j-Cr1fG2yIFLpe-WLHzTLGJU3sg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
1c:e1:6c:e7:10:2d:04:46:4d:74:71:7d:1c:99:58:09:22:65:
e3:d2:a6:88:29:58:09:60:5f:07:0d:73:27:29:e9:69:03:20:
17:e7:70:97:2a:37:8b:ef:13:a1:80:1a:b0:4d:ad:c5:e5:91:
60:7a:96:6f:55:18:07:9b:dd:0f:64:d4:0e:f4:56:ea:ff:9b:
0d:af:48:79:0b:a1:36:ec:7e:f5:fc:50:b4:f1:de:72:e7:05:
d3:c2:ef:e2:4f:7f:b6:12:32:bb:b8:f8:77:9a:29:fc:ea:d9:
81:3f:11:7e:5b:79:79:f2:24:ca:c0:59:1d:89:2e:85:85:ce:
da:58:33:72:55:ad:48:92:f9:e1:a0:2a:6e:67:20:6a:35:d6:
32:04:b1:e0:b8:70:f8:f7:08:68:f6:ac:af:d0:bc:63:b2:56:
61:1f:48:00:64:96:99:13:2d:92:76:0b:95:9b:d1:df:ed:8a:
f6:bb:a3:d7:9d:31:e4:ec:73:58:53:8b:a8:fd:5a:d3:c8:d0:
97:92:e1:cc:92:56:ff:be:e3:9c:53:c3:a7:ee:bc:78:d9:b2:
dd:fe:cf:d7:32:19:fc:03:62:4d:af:aa:7a:cb:4a:0d:d6:5a:
c9:04:52:de:c4:4f:1a:10:0d:86:68:80:79:83:48:7b:47:ea:
c5:8e:34:6a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICStEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgw
ODIzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhGRTBBQkQ1RjFCNkM4
ODE0QkE1RUY5NjJDN0NEMzJDNjI1NERFQzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDT7et+N+k24BVDSz9pKGBPlow3tyaMGTRVyL3+8d0fcclbts6g
g8MspW5JcP8srEmtfymS+q1bUPMypFYIchYkiRSPa1yoLP+TzeBCKetOBBavjy1c
DS3NS5AhcqgBN2oPQunb+fWTOZUmP8oZ+/FQyoIk+H42aFey+iTXoogbk4Mjiqk6
BXk1i07oqKhfAs8Zz3QeOhPoTBzzXwdjbMWEqa7dKVJh007H/bGXS5g2Q1s0tB9k
QRYo05w70CN4dd+J35+hLlQad65UZQrK4VsZCEc3sZ8k9bhWFN4Cn83qr3uOrRA1
5hHiDaS6akF/W8b94NfdtWBRF8+EB6cv/SOzAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUj+Cr1fG2yIFLpe+WLHzTLGJU3sgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2otQ3IxZkcyeUlGTHBl
LVdMSHpUTEdKVTNzZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABzhbOcQLQRGTXRx
fRyZWAkiZePSpogpWAlgXwcNcycp6WkDIBfncJcqN4vvE6GAGrBNrcXlkWB6lm9V
GAeb3Q9k1A70Vur/mw2vSHkLoTbsfvX8ULTx3nLnBdPC7+JPf7YSMru4+HeaKfzq
2YE/EX5beXnyJMrAWR2JLoWFztpYM3JVrUiS+eGgKm5nIGo11jIEseC4cPj3CGj2
rK/QvGOyVmEfSABklpkTLZJ2C5Wb0d/tiva7o9edMeTsc1hTi6j9WtPI0JeS4cyS
Vv++45xTw6fuvHjZst3+z9cyGfwDYk2vqnrLSg3WWskEUt7ETxoQDYZogHmDSHtH
6sWONGo=
-----END CERTIFICATE-----
Generated at Sat May 17 23:56:32 2025 by rpki-client