Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jw3M6gK5Jla-0nDnca9uy0xlOKY.roa
File: jw3M6gK5Jla-0nDnca9uy0xlOKY.roa (raw, json)
Hash identifier: 7y8ru1jKwbKiQwR/4cgpaaBGAF5g174YOECxDXT059s=
Subject key identifier: 8F:0D:CC:EA:02:B9:26:56:BE:D2:70:E7:71:AF:6E:CB:4C:65:38:A6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5185
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jw3M6gK5Jla-0nDnca9uy0xlOKY.roa
Signing time: Tue 07 May 2024 06:53:52 +0000
ROA not before: Tue 07 May 2024 06:53:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20869 (0x5185)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 06:53:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8F0DCCEA02B92656BED270E771AF6ECB4C6538A6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:39:19:33:43:c7:7b:2a:2a:1e:53:d5:69:81:
08:34:62:26:08:81:d7:1a:c7:16:b6:2f:91:1b:27:
61:4e:6a:64:c7:8a:e5:dc:a2:79:a7:ef:5f:87:67:
e7:8a:a1:77:a2:dd:32:21:2c:27:c9:01:de:4e:41:
ab:5e:08:4c:f3:40:29:d6:b5:c8:4c:3d:f8:62:f4:
0d:81:4c:f1:7a:a6:d0:b1:e2:79:60:fd:fd:d3:61:
54:bf:e3:59:a9:88:31:ef:e5:b7:92:a3:46:a7:03:
64:0a:61:29:2a:98:af:12:0a:78:9b:db:4b:f4:44:
c9:67:78:4f:87:b9:6f:b4:25:5d:40:bc:2f:ca:b9:
b9:09:38:e3:d7:ba:50:87:03:b5:03:53:c2:2d:ef:
05:5f:58:53:47:c7:ad:33:78:1b:ba:54:b2:51:38:
30:75:c3:f2:2e:c7:30:b7:e3:89:a1:74:c1:ae:29:
5c:ef:f1:60:8d:c8:5f:93:79:0e:bc:49:c0:cb:97:
34:10:7d:36:0c:31:0d:b0:19:13:f1:cc:f5:82:74:
19:89:b2:1e:00:24:9f:c7:e0:b1:a7:a0:40:44:27:
9c:df:cb:fd:44:1e:29:96:b3:c9:09:6a:eb:d3:0a:
c3:55:f6:74:22:30:e4:01:70:f2:be:7d:30:73:e5:
42:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:0D:CC:EA:02:B9:26:56:BE:D2:70:E7:71:AF:6E:CB:4C:65:38:A6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jw3M6gK5Jla-0nDnca9uy0xlOKY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
94:88:e9:88:f9:6e:a5:ec:40:11:1e:49:9f:e5:dd:32:af:0e:
9f:89:9a:22:38:5f:f8:64:1b:30:b7:3e:8a:98:52:4d:b1:1e:
ef:c1:63:98:89:6e:e5:c0:31:57:0b:c3:b1:53:a4:3c:d6:46:
aa:de:44:29:82:53:90:15:27:b4:4c:86:26:a9:02:ce:a4:d2:
5b:78:32:06:f8:02:f0:56:fc:fe:0c:50:2d:10:7e:69:9e:36:
b5:74:7d:16:b9:5c:af:08:25:b7:1c:72:62:04:65:c0:62:85:
60:95:98:a0:81:17:ae:38:5f:e0:bf:c2:e0:70:c5:3b:55:19:
f2:39:d7:54:22:11:46:e1:39:36:6c:80:b2:a3:d3:6f:d6:73:
c6:f6:af:92:fb:74:dc:29:b4:88:a7:d1:bc:7b:5b:33:7b:7c:
ae:bb:2a:1b:77:17:f4:0a:25:1f:4a:9e:2c:88:37:44:db:c1:
fe:6b:43:5a:fb:6e:66:fe:94:79:56:95:76:9b:5a:c5:9c:3a:
1b:b5:8f:06:86:72:db:c2:5c:5f:fa:57:87:2b:23:b1:1e:64:
23:c0:14:3f:dc:c6:b1:8f:07:5d:a7:f0:b3:4d:0b:5f:15:72:
8f:c8:4a:1f:12:f2:46:4c:1c:31:f2:89:58:0c:54:78:ee:67:
30:68:28:c7
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUYUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcw
NjUzNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhGMERDQ0VBMDJCOTI2
NTZCRUQyNzBFNzcxQUY2RUNCNEM2NTM4QTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwORkzQ8d7KioeU9VpgQg0YiYIgdcaxxa2L5EbJ2FOamTHiuXc
onmn71+HZ+eKoXei3TIhLCfJAd5OQateCEzzQCnWtchMPfhi9A2BTPF6ptCx4nlg
/f3TYVS/41mpiDHv5beSo0anA2QKYSkqmK8SCnib20v0RMlneE+HuW+0JV1AvC/K
ubkJOOPXulCHA7UDU8It7wVfWFNHx60zeBu6VLJRODB1w/IuxzC344mhdMGuKVzv
8WCNyF+TeQ68ScDLlzQQfTYMMQ2wGRPxzPWCdBmJsh4AJJ/H4LGnoEBEJ5zfy/1E
HimWs8kJauvTCsNV9nQiMOQBcPK+fTBz5ULpAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUjw3M6gK5Jla+0nDnca9uy0xlOKYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2p3M002Z0s1SmxhLTBu
RG5jYTl1eTB4bE9LWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJSI6Yj5bqXsQBEe
SZ/l3TKvDp+JmiI4X/hkGzC3PoqYUk2xHu/BY5iJbuXAMVcLw7FTpDzWRqreRCmC
U5AVJ7RMhiapAs6k0lt4Mgb4AvBW/P4MUC0QfmmeNrV0fRa5XK8IJbcccmIEZcBi
hWCVmKCBF644X+C/wuBwxTtVGfI511QiEUbhOTZsgLKj02/Wc8b2r5L7dNwptIin
0bx7WzN7fK67Kht3F/QKJR9KniyIN0Tbwf5rQ1r7bmb+lHlWlXabWsWcOhu1jwaG
ctvCXF/6V4crI7EeZCPAFD/cxrGPB12n8LNNC18Vco/ISh8S8kZMHDHyiVgMVHju
ZzBoKMc=
-----END CERTIFICATE-----
Generated at Sun May 18 01:57:26 2025 by rpki-client