Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/n0d7jTctdVF0_h7NgjwcBtjRrnY.roa
File: n0d7jTctdVF0_h7NgjwcBtjRrnY.roa (raw, json)
Hash identifier: 2OZseYmuz4yD8arCYhnG0wd+GoBXZFpU8rOD4fHjk9Q=
Subject key identifier: 9F:47:7B:8D:37:2D:75:51:74:FE:1E:CD:82:3C:1C:06:D8:D1:AE:76
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 51B9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/n0d7jTctdVF0_h7NgjwcBtjRrnY.roa
Signing time: Tue 07 May 2024 13:24:01 +0000
ROA not before: Tue 07 May 2024 13:24:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20921 (0x51b9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 13:24:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9F477B8D372D755174FE1ECD823C1C06D8D1AE76
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:50:b7:d9:fe:7a:95:29:6e:c2:8e:06:f9:05:
95:16:40:b2:03:14:1d:c8:ba:2f:1a:5b:d2:d9:26:
84:4e:54:30:5d:b7:c8:3f:19:f7:f3:41:ef:0b:2c:
f5:3f:bc:5a:b7:35:a9:65:5c:8d:dd:91:99:0e:69:
98:d0:ab:c6:0e:8d:b5:88:90:28:27:4a:15:34:4a:
9c:d5:11:e4:47:21:71:89:51:91:88:ae:df:74:fb:
6c:c0:40:28:8f:5b:ed:c5:a7:69:39:90:5a:36:91:
0a:e5:43:44:0b:ec:7d:e1:7c:67:cd:60:74:cd:0f:
5a:e4:b5:3e:34:d1:28:30:01:f0:b5:f0:2a:51:9d:
af:62:cc:50:32:2b:83:63:0a:ad:d2:32:69:1c:68:
1f:95:93:15:61:fa:3e:ab:4d:e0:95:b4:3d:60:f4:
ce:f4:b0:63:b9:4d:1f:9e:b9:7b:eb:49:44:fc:de:
ad:55:e3:60:1b:5b:a0:de:5e:a0:13:8f:0f:88:0d:
d8:1a:a8:e8:83:e4:11:53:1c:fd:18:34:dc:54:43:
8c:78:a9:ab:a1:cc:db:c0:e8:15:8d:9d:c3:cb:7f:
30:d4:0f:34:85:9a:25:80:fe:24:20:7e:bf:9c:53:
cd:84:56:39:10:e0:59:a2:77:78:99:71:07:26:32:
57:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:47:7B:8D:37:2D:75:51:74:FE:1E:CD:82:3C:1C:06:D8:D1:AE:76
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/n0d7jTctdVF0_h7NgjwcBtjRrnY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
49:2c:6e:46:23:e6:c2:58:23:f5:89:5d:55:52:c1:fe:40:45:
25:0c:f5:d4:ff:65:85:34:f4:3a:e2:5c:31:ed:d1:ac:04:76:
83:13:8f:a0:b7:2f:a4:49:df:e6:cb:46:56:f3:d3:2e:1f:98:
82:e5:7e:94:23:53:de:dd:7b:49:e4:8d:f4:c0:a8:f3:67:4e:
c5:ad:61:8f:d1:59:24:7b:70:ad:15:db:fe:c1:49:8d:48:e2:
64:07:62:d6:b6:1f:a3:86:c0:7b:51:55:5c:36:d7:a2:1f:e1:
90:73:e7:29:f2:bf:b8:5d:1c:6f:8d:04:f0:68:37:72:38:96:
e2:cb:8d:c4:72:f0:58:e1:9c:78:a4:c8:23:32:0c:fd:51:49:
08:70:bf:a2:10:ba:44:32:7b:43:09:84:a2:bc:ae:a8:11:80:
21:43:30:a9:54:e9:9a:0a:92:2b:53:34:02:f8:0d:b6:12:d7:
42:62:5f:3d:1c:1f:a7:c6:1e:d4:30:37:b0:76:34:3a:0d:07:
c4:cf:6e:1b:60:2a:03:83:e6:18:e3:db:fd:3f:bb:ff:a2:51:
a5:0e:df:7a:c7:c4:2e:45:55:e5:10:93:f2:b1:90:fd:9f:54:
1c:cb:19:54:f5:8b:95:8c:23:82:d6:c1:10:07:ff:53:fe:c5:
b9:ec:c9:ab
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUbkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcx
MzI0MDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlGNDc3QjhEMzcyRDc1
NTE3NEZFMUVDRDgyM0MxQzA2RDhEMUFFNzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnULfZ/nqVKW7Cjgb5BZUWQLIDFB3Iui8aW9LZJoROVDBdt8g/
GffzQe8LLPU/vFq3NallXI3dkZkOaZjQq8YOjbWIkCgnShU0SpzVEeRHIXGJUZGI
rt90+2zAQCiPW+3Fp2k5kFo2kQrlQ0QL7H3hfGfNYHTND1rktT400SgwAfC18CpR
na9izFAyK4NjCq3SMmkcaB+VkxVh+j6rTeCVtD1g9M70sGO5TR+euXvrSUT83q1V
42AbW6DeXqATjw+IDdgaqOiD5BFTHP0YNNxUQ4x4qauhzNvA6BWNncPLfzDUDzSF
miWA/iQgfr+cU82EVjkQ4Fmid3iZcQcmMle/AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUn0d7jTctdVF0/h7NgjwcBtjRrnYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L24wZDdqVGN0ZFZGMF9o
N05nandjQnRqUnJuWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEksbkYj5sJYI/WJ
XVVSwf5ARSUM9dT/ZYU09DriXDHt0awEdoMTj6C3L6RJ3+bLRlbz0y4fmILlfpQj
U97de0nkjfTAqPNnTsWtYY/RWSR7cK0V2/7BSY1I4mQHYta2H6OGwHtRVVw216If
4ZBz5ynyv7hdHG+NBPBoN3I4luLLjcRy8FjhnHikyCMyDP1RSQhwv6IQukQye0MJ
hKK8rqgRgCFDMKlU6ZoKkitTNAL4DbYS10JiXz0cH6fGHtQwN7B2NDoNB8TPbhtg
KgOD5hjj2/0/u/+iUaUO33rHxC5FVeUQk/KxkP2fVBzLGVT1i5WMI4LWwRAH/1P+
xbnsyas=
-----END CERTIFICATE-----
Generated at Sun May 18 01:58:51 2025 by rpki-client