Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jjKQUz4nOmrXCCMwNFJVvbzTY4s.roa
File: jjKQUz4nOmrXCCMwNFJVvbzTY4s.roa (raw, json)
Hash identifier: XdLKir3zy50CSRxJOPqNiywswoCVW6FZJoqaiY6sP3s=
Subject key identifier: 8E:32:90:53:3E:27:3A:6A:D7:08:23:30:34:52:55:BD:BC:D3:63:8B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E51
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jjKQUz4nOmrXCCMwNFJVvbzTY4s.roa
Signing time: Fri 03 May 2024 00:23:58 +0000
ROA not before: Fri 03 May 2024 00:23:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20049 (0x4e51)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 00:23:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8E3290533E273A6AD7082330345255BDBCD3638B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:6e:d0:34:39:e9:40:a9:c6:68:63:0a:78:0a:
e7:94:ea:73:44:17:f3:ce:f1:21:54:01:d3:04:d8:
43:41:1a:7e:3b:02:02:5a:91:03:8f:b1:ed:66:95:
d7:70:bf:32:d0:77:d1:d2:a7:af:79:40:99:93:6d:
d6:b4:20:b4:79:38:66:4c:16:ee:26:25:29:c2:71:
76:93:02:82:e6:98:07:3a:a2:22:25:c5:fe:06:62:
c2:de:5e:67:63:45:48:22:15:36:08:1c:b4:35:ec:
7e:e7:92:fa:45:a8:a4:5e:3f:80:35:bd:61:e9:cf:
b7:a1:c5:5e:7e:12:2e:57:48:03:16:ea:e4:3b:29:
47:ec:7f:65:e8:ba:94:78:4d:d4:86:fb:9a:9a:9a:
9e:4e:3e:40:4b:15:59:b4:4d:4a:44:07:06:c8:20:
ae:5c:e9:86:f2:2f:3e:41:c8:8d:f8:f1:43:13:5d:
02:0c:c7:c6:38:cc:74:26:f7:08:d3:d1:cf:d4:0f:
ae:80:a4:46:3f:27:9b:81:79:1d:c7:29:36:4e:61:
9d:ee:03:f8:67:4b:7a:db:68:a3:78:a6:e1:0a:b3:
17:c8:05:bf:bd:c5:36:c9:76:30:69:fa:04:14:7c:
80:5e:a1:9d:b1:95:67:8b:ee:24:94:dd:dd:23:4b:
94:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:32:90:53:3E:27:3A:6A:D7:08:23:30:34:52:55:BD:BC:D3:63:8B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jjKQUz4nOmrXCCMwNFJVvbzTY4s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
7d:79:5c:35:a5:4c:e1:28:74:77:77:72:bc:41:6f:86:46:1a:
13:c0:7d:70:36:49:f1:c3:17:f6:5f:6f:a2:4e:2d:53:2b:c8:
26:1f:76:21:88:46:10:c7:88:93:4f:41:71:20:97:c4:96:48:
41:84:04:6b:03:b1:9d:7d:42:48:d5:c6:70:91:32:78:a7:d4:
f7:da:5d:b5:09:31:5f:64:f0:40:3a:1d:36:d3:8a:d0:7c:bc:
97:00:40:d3:f9:7e:2f:51:39:de:c7:3b:b2:5b:30:cb:38:21:
68:38:2a:6a:70:17:16:7c:5f:19:a8:42:60:3c:b5:e0:e8:33:
7f:97:92:ba:81:40:96:34:2f:e8:7e:23:0c:70:5f:7e:67:82:
a3:61:e3:58:e1:e3:3b:b4:5c:0e:94:f2:a4:38:e2:02:15:67:
13:4a:7c:3e:36:f5:73:1b:8d:fe:86:9e:d5:9a:8e:1e:15:d6:
77:38:61:f7:de:d3:12:a0:02:9a:61:b2:85:6b:59:c6:0a:fb:
9a:4f:61:9f:e7:b8:6e:c5:df:0f:61:a2:71:44:f4:b2:06:7f:
89:9f:f8:06:ae:47:42:07:f7:5c:69:16:dd:b2:67:37:86:02:
f5:6d:38:4d:e8:87:ac:cb:27:60:98:ef:41:fb:75:a6:96:08:
a9:e8:1c:85
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTlEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMw
MDIzNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhFMzI5MDUzM0UyNzNB
NkFENzA4MjMzMDM0NTI1NUJEQkNEMzYzOEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDibtA0OelAqcZoYwp4CueU6nNEF/PO8SFUAdME2ENBGn47AgJa
kQOPse1mlddwvzLQd9HSp695QJmTbda0ILR5OGZMFu4mJSnCcXaTAoLmmAc6oiIl
xf4GYsLeXmdjRUgiFTYIHLQ17H7nkvpFqKReP4A1vWHpz7ehxV5+Ei5XSAMW6uQ7
KUfsf2XoupR4TdSG+5qamp5OPkBLFVm0TUpEBwbIIK5c6YbyLz5ByI348UMTXQIM
x8Y4zHQm9wjT0c/UD66ApEY/J5uBeR3HKTZOYZ3uA/hnS3rbaKN4puEKsxfIBb+9
xTbJdjBp+gQUfIBeoZ2xlWeL7iSU3d0jS5SpAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUjjKQUz4nOmrXCCMwNFJVvbzTY4swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pqS1FVejRuT21yWEND
TXdORkpWdmJ6VFk0cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAH15XDWlTOEodHd3
crxBb4ZGGhPAfXA2SfHDF/Zfb6JOLVMryCYfdiGIRhDHiJNPQXEgl8SWSEGEBGsD
sZ19QkjVxnCRMnin1PfaXbUJMV9k8EA6HTbTitB8vJcAQNP5fi9ROd7HO7JbMMs4
IWg4KmpwFxZ8XxmoQmA8teDoM3+XkrqBQJY0L+h+IwxwX35ngqNh41jh4zu0XA6U
8qQ44gIVZxNKfD429XMbjf6GntWajh4V1nc4Yffe0xKgApphsoVrWcYK+5pPYZ/n
uG7F3w9honFE9LIGf4mf+AauR0IH91xpFt2yZzeGAvVtOE3oh6zLJ2CY70H7daaW
CKnoHIU=
-----END CERTIFICATE-----
Generated at Sat May 17 19:58:42 2025 by rpki-client