Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nB5Cu9sY0zLLw3Ya3y2GdP-QHVk.roa
File: nB5Cu9sY0zLLw3Ya3y2GdP-QHVk.roa (raw, json)
Hash identifier: p7inFnueVaCUVWUot9/X9IfaU2Rb1LKSYsQysCEOeio=
Subject key identifier: 9C:1E:42:BB:DB:18:D3:32:CB:C3:76:1A:DF:2D:86:74:FF:90:1D:59
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 52ED
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nB5Cu9sY0zLLw3Ya3y2GdP-QHVk.roa
Signing time: Thu 09 May 2024 03:53:57 +0000
ROA not before: Thu 09 May 2024 03:53:57 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21229 (0x52ed)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 03:53:57 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9C1E42BBDB18D332CBC3761ADF2D8674FF901D59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:84:a1:6c:c7:4a:a3:17:37:a4:ff:05:76:88:
49:9e:93:d7:1f:f8:6b:0d:13:b2:bc:33:7c:bc:54:
8b:c4:22:66:a9:51:27:fa:e9:94:e7:91:e1:37:17:
01:9a:2a:d5:7b:ce:77:f3:07:42:7c:0c:9a:d7:41:
65:75:52:58:14:2f:85:7a:9c:fd:82:b0:df:0a:45:
d9:c9:d4:0f:7f:27:92:42:54:d4:e4:a7:08:30:dd:
53:5c:ad:3d:e1:2d:c3:20:ef:2e:c5:c5:e9:ab:38:
97:22:b2:bc:b5:b1:66:1f:8c:50:0a:c1:11:58:fc:
ee:8b:eb:bd:b6:fc:ce:79:ba:8f:48:9d:fc:21:8e:
f7:4a:a9:8c:0e:bd:42:a4:eb:90:c8:68:43:4a:d3:
75:04:48:54:5c:e2:55:ad:b1:55:94:79:c3:73:38:
ea:d0:27:26:3b:f7:f3:30:32:4f:31:a2:21:71:9c:
9e:99:49:22:f0:6d:27:1a:c4:71:3a:7a:06:e6:6c:
84:85:7b:13:ed:ec:e6:c8:d2:6c:9b:70:7d:c6:30:
63:6d:9c:b1:57:92:09:4b:ec:d9:e5:83:1c:c5:39:
d3:84:73:a9:f4:54:22:7e:5b:c0:1d:d3:7f:be:66:
e7:ab:d7:e6:2f:fb:a5:26:c5:6d:d5:48:77:41:1c:
d8:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:1E:42:BB:DB:18:D3:32:CB:C3:76:1A:DF:2D:86:74:FF:90:1D:59
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nB5Cu9sY0zLLw3Ya3y2GdP-QHVk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
89:95:b1:a0:65:8d:fd:49:c5:0c:4c:26:d8:f3:35:a1:d5:38:
73:c1:98:23:22:e5:16:8f:0b:80:f6:18:6a:68:4b:7c:ea:ee:
c2:e8:0b:98:3f:7f:7c:54:3c:f8:09:85:9d:b0:4a:75:38:15:
38:64:24:27:fe:01:66:53:73:34:1d:b9:fe:c5:62:c7:86:0a:
eb:8e:0b:ee:f7:dd:25:87:f6:7e:b4:ef:83:79:c7:81:78:d2:
79:24:85:bf:0f:fc:fb:87:fc:30:d6:2b:dd:f0:cd:d7:9a:4c:
04:fa:d9:53:57:7b:6d:66:8d:88:3a:2e:cf:49:06:fd:2d:9d:
01:a2:ef:cd:81:50:ac:99:e5:4b:e4:82:ae:63:08:e8:b4:50:
19:09:ff:51:0f:60:27:14:f6:73:ab:b7:ab:bc:a9:bf:29:b3:
8e:fe:03:01:f8:65:73:fd:ea:b4:0e:ca:87:e5:ac:7f:6e:1e:
26:ae:d3:3a:5c:65:b3:7c:b3:3b:c1:62:05:81:1f:51:8d:f6:
ca:b0:bc:8c:b1:41:f2:4a:fc:ad:ac:0a:28:36:1a:b6:88:be:
87:7c:fc:0c:2b:54:2d:43:e8:b7:5f:93:0a:a2:80:fd:d4:96:
0e:2d:7a:68:95:f4:50:1f:b6:15:ef:95:ad:1c:56:41:2f:7c:
53:f1:58:d8
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUu0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDkw
MzUzNTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlDMUU0MkJCREIxOEQz
MzJDQkMzNzYxQURGMkQ4Njc0RkY5MDFENTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2hKFsx0qjFzek/wV2iEmek9cf+GsNE7K8M3y8VIvEImapUSf6
6ZTnkeE3FwGaKtV7znfzB0J8DJrXQWV1UlgUL4V6nP2CsN8KRdnJ1A9/J5JCVNTk
pwgw3VNcrT3hLcMg7y7FxemrOJcisry1sWYfjFAKwRFY/O6L6722/M55uo9Infwh
jvdKqYwOvUKk65DIaENK03UESFRc4lWtsVWUecNzOOrQJyY79/MwMk8xoiFxnJ6Z
SSLwbScaxHE6egbmbISFexPt7ObI0mybcH3GMGNtnLFXkglL7NnlgxzFOdOEc6n0
VCJ+W8Ad03++Zuer1+Yv+6UmxW3VSHdBHNjfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUnB5Cu9sY0zLLw3Ya3y2GdP+QHVkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25CNUN1OXNZMHpMTHcz
WWEzeTJHZFAtUUhWay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAImVsaBljf1JxQxM
JtjzNaHVOHPBmCMi5RaPC4D2GGpoS3zq7sLoC5g/f3xUPPgJhZ2wSnU4FThkJCf+
AWZTczQduf7FYseGCuuOC+733SWH9n6074N5x4F40nkkhb8P/PuH/DDWK93wzdea
TAT62VNXe21mjYg6Ls9JBv0tnQGi782BUKyZ5Uvkgq5jCOi0UBkJ/1EPYCcU9nOr
t6u8qb8ps47+AwH4ZXP96rQOyoflrH9uHiau0zpcZbN8szvBYgWBH1GN9sqwvIyx
QfJK/K2sCig2GraIvod8/AwrVC1D6LdfkwqigP3Ulg4temiV9FAfthXvla0cVkEv
fFPxWNg=
-----END CERTIFICATE-----
Generated at Sat May 17 19:34:02 2025 by rpki-client