Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/mTQBR0zAbY3eGNA2evzOLnrxtc4.roa
File: mTQBR0zAbY3eGNA2evzOLnrxtc4.roa (raw, json)
Hash identifier: /TXt0pgotvMpkd5LtJtdkFRrNL23KYzKGLZJtaqvdMA=
Subject key identifier: 99:34:01:47:4C:C0:6D:8D:DE:18:D0:36:7A:FC:CE:2E:7A:F1:B5:CE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54C1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mTQBR0zAbY3eGNA2evzOLnrxtc4.roa
Signing time: Sat 11 May 2024 14:24:09 +0000
ROA not before: Sat 11 May 2024 14:24:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21697 (0x54c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 14:24:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=993401474CC06D8DDE18D0367AFCCE2E7AF1B5CE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:44:2a:e3:29:37:a9:e0:6b:ee:2a:b9:3d:b2:
af:f1:f2:7d:21:2d:cb:50:ab:55:fa:6f:9e:a6:d3:
eb:76:17:cf:9e:18:d8:dc:ea:12:3b:35:3f:2a:fd:
ef:36:61:42:6f:72:9b:ad:03:d1:6e:d8:1a:a6:b1:
e1:8a:f3:ce:97:67:7e:f0:65:44:36:4c:02:c0:6c:
d5:86:28:4b:00:a6:eb:61:8a:6c:57:38:1a:d6:6c:
7f:0f:1d:76:06:25:30:ef:e0:8f:0e:02:b7:6c:87:
d4:20:8f:81:ce:81:df:9d:41:9b:d8:e6:75:ce:31:
d6:88:1b:ea:36:72:bc:ee:f2:c5:53:6a:c1:34:78:
fc:f3:af:00:b2:75:97:c2:30:98:2f:4e:57:33:b3:
0f:2f:b0:da:9d:39:dc:ec:c1:81:d7:c3:85:ed:a9:
22:00:b3:00:c3:40:33:e9:ad:f0:64:bd:54:99:21:
fd:95:25:13:5b:b5:dd:e8:3d:58:4d:88:3c:58:84:
8c:b1:ba:66:63:c7:d3:31:60:ce:d0:01:cc:60:cc:
81:7d:b4:e5:ae:37:a4:d2:7d:78:30:08:73:4f:c7:
08:07:da:50:b7:b6:cc:f6:02:ac:e1:a1:46:83:78:
6c:3a:9f:0c:a5:45:85:5d:1a:63:f4:62:71:47:cc:
b4:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:34:01:47:4C:C0:6D:8D:DE:18:D0:36:7A:FC:CE:2E:7A:F1:B5:CE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mTQBR0zAbY3eGNA2evzOLnrxtc4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
ba:17:23:53:b7:16:e3:f3:40:41:da:51:d5:2a:4d:b9:ad:dd:
3e:a2:f4:e5:4e:05:bd:93:ff:59:44:1d:95:32:4d:5b:ec:55:
6a:cb:c4:e5:21:9c:81:1d:c0:d9:58:60:74:2f:7b:1e:9d:b1:
30:ed:70:d9:c1:61:47:28:d3:2e:db:43:95:bd:8a:e0:b7:7c:
f0:56:b6:d6:5d:43:de:00:16:64:d3:5e:12:bf:00:bb:68:b3:
56:c3:ae:06:b3:98:08:0d:9f:f1:64:5f:39:b6:39:2e:48:76:
38:9c:2c:0f:7c:9f:50:14:d0:5b:5f:46:a9:ff:7e:3b:e4:39:
ea:f1:57:6a:6c:78:50:8b:fd:8c:4f:38:f1:5f:d8:87:c1:1f:
d8:27:51:e1:64:d2:4d:a2:79:2b:8d:0d:27:28:05:d1:91:ab:
29:29:b8:3b:2e:fc:43:da:84:b6:6e:20:5d:ff:5b:50:28:16:
df:2a:eb:41:f4:70:90:d5:74:10:a0:1f:b9:5f:25:c6:39:43:
c4:38:9f:32:ad:90:53:63:47:5e:cd:3d:31:d6:71:fb:b7:c6:
4f:cb:a3:a4:66:b2:55:25:73:8a:56:e4:b0:42:4d:2e:1f:a3:
7e:e6:81:e1:2d:31:a3:6d:55:af:44:44:e2:df:8c:41:81:12:
d6:da:c6:b3
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVMEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEx
NDI0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk5MzQwMTQ3NENDMDZE
OERERTE4RDAzNjdBRkNDRTJFN0FGMUI1Q0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/RCrjKTep4GvuKrk9sq/x8n0hLctQq1X6b56m0+t2F8+eGNjc
6hI7NT8q/e82YUJvcputA9Fu2BqmseGK886XZ37wZUQ2TALAbNWGKEsAputhimxX
OBrWbH8PHXYGJTDv4I8OArdsh9Qgj4HOgd+dQZvY5nXOMdaIG+o2crzu8sVTasE0
ePzzrwCydZfCMJgvTlczsw8vsNqdOdzswYHXw4XtqSIAswDDQDPprfBkvVSZIf2V
JRNbtd3oPVhNiDxYhIyxumZjx9MxYM7QAcxgzIF9tOWuN6TSfXgwCHNPxwgH2lC3
tsz2AqzhoUaDeGw6nwylRYVdGmP0YnFHzLRLAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUmTQBR0zAbY3eGNA2evzOLnrxtc4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L21UUUJSMHpBYlkzZUdO
QTJldnpPTG5yeHRjNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALoXI1O3FuPzQEHa
UdUqTbmt3T6i9OVOBb2T/1lEHZUyTVvsVWrLxOUhnIEdwNlYYHQvex6dsTDtcNnB
YUco0y7bQ5W9iuC3fPBWttZdQ94AFmTTXhK/ALtos1bDrgazmAgNn/FkXzm2OS5I
djicLA98n1AU0FtfRqn/fjvkOerxV2pseFCL/YxPOPFf2IfBH9gnUeFk0k2ieSuN
DScoBdGRqykpuDsu/EPahLZuIF3/W1AoFt8q60H0cJDVdBCgH7lfJcY5Q8Q4nzKt
kFNjR17NPTHWcfu3xk/Lo6RmslUlc4pW5LBCTS4fo37mgeEtMaNtVa9EROLfjEGB
EtbaxrM=
-----END CERTIFICATE-----
Generated at Sun May 18 02:00:46 2025 by rpki-client