Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/owEZrOwk1iobjEQcsbqKza-6UvU.roa
File: owEZrOwk1iobjEQcsbqKza-6UvU.roa (raw, json)
Hash identifier: yEYgoSFWWNHAaNLfscroo7zViqEomFayDsf/0av/tNI=
Subject key identifier: A3:01:19:AC:EC:24:D6:2A:1B:8C:44:1C:B1:BA:8A:CD:AF:BA:52:F5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3785
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/owEZrOwk1iobjEQcsbqKza-6UvU.roa
Signing time: Tue 02 Apr 2024 14:52:20 +0000
ROA not before: Tue 02 Apr 2024 14:52:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14213 (0x3785)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 2 14:52:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A30119ACEC24D62A1B8C441CB1BA8ACDAFBA52F5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:08:82:5b:f6:9c:2a:b3:03:27:b6:3c:ab:32:
5d:7f:30:e6:b2:51:f0:6b:ed:d4:86:94:db:c9:c4:
43:85:07:36:2f:d3:77:a4:8d:b7:ec:34:29:b6:e7:
f8:b7:c3:51:78:57:20:24:eb:e6:03:6e:b8:68:29:
cb:7c:90:12:f3:70:95:02:be:78:22:5b:9c:a8:32:
f4:c7:2b:ce:00:18:ca:75:18:07:df:20:51:5d:72:
e8:d9:4a:e7:82:72:58:03:e2:6a:2f:e7:14:13:5e:
fe:86:fe:63:1f:5d:a0:9b:85:7c:81:d6:7d:8c:11:
de:24:0f:e2:bb:ab:be:39:fc:66:ca:78:99:74:f4:
99:28:e3:d7:4b:47:e9:b2:92:bf:af:a0:d5:db:dc:
79:54:28:7f:b6:8d:c5:0b:3e:bc:b9:40:d4:25:c6:
10:3d:b3:e2:95:a2:cd:f4:eb:1b:3d:c7:39:d5:b9:
98:30:72:4c:4b:23:92:a1:2c:51:78:c2:f7:f5:86:
38:c2:82:5e:1a:61:d4:ee:d6:b1:e8:7e:c7:3d:0c:
68:6f:88:d4:5d:b8:e0:17:fe:24:48:e7:88:3e:df:
c7:b7:b5:b7:91:a1:a2:f9:fc:67:fb:bb:b6:86:34:
1b:0b:16:b0:6d:a8:f4:38:be:44:9e:69:2b:ac:be:
13:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:01:19:AC:EC:24:D6:2A:1B:8C:44:1C:B1:BA:8A:CD:AF:BA:52:F5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/owEZrOwk1iobjEQcsbqKza-6UvU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
54:17:d2:4b:32:ab:21:c3:77:af:96:e5:58:65:98:a8:fc:06:
f6:60:b6:74:c7:91:36:14:37:9d:1a:e8:c1:b7:7a:5c:d3:d6:
35:6a:fb:4f:bc:2a:92:40:c7:a3:1e:47:98:55:fd:cd:24:c3:
58:bd:17:4b:2c:e7:e1:3a:d4:80:26:d8:08:04:df:3f:29:da:
09:bd:a2:95:77:d3:92:2c:ad:46:c8:67:0e:74:a4:42:6c:14:
3f:fb:00:7a:f8:ed:df:c2:42:e4:51:4e:57:23:e3:77:be:a2:
7d:1f:93:67:cc:e6:a0:7a:01:8f:e9:9b:4e:4f:84:d5:0d:31:
01:0c:42:5b:6b:01:a9:14:60:2b:98:3d:b5:c2:9e:aa:ce:1e:
6b:a5:ad:74:cc:41:75:bd:cd:7f:5e:66:e4:6f:1a:be:f8:ab:
98:7d:50:bc:c2:52:59:ea:01:6e:2a:d2:0f:99:c6:fa:b1:10:
ac:f6:0c:8f:2b:93:ec:80:d6:83:fe:96:ce:91:87:b3:c2:fb:
51:27:cc:14:d9:87:33:18:fe:f0:e5:20:d7:f7:7d:df:df:6d:
fb:48:73:b6:16:c1:4e:aa:a5:68:a8:f0:6b:87:06:79:10:57:
0b:b5:6d:c3:2a:91:ca:11:00:47:78:56:45:b1:f1:51:ce:25:
22:25:b9:00
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICN4UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDIx
NDUyMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEzMDExOUFDRUMyNEQ2
MkExQjhDNDQxQ0IxQkE4QUNEQUZCQTUyRjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCCIJb9pwqswMntjyrMl1/MOayUfBr7dSGlNvJxEOFBzYv03ek
jbfsNCm25/i3w1F4VyAk6+YDbrhoKct8kBLzcJUCvngiW5yoMvTHK84AGMp1GAff
IFFdcujZSueCclgD4mov5xQTXv6G/mMfXaCbhXyB1n2MEd4kD+K7q745/GbKeJl0
9Jko49dLR+mykr+voNXb3HlUKH+2jcULPry5QNQlxhA9s+KVos306xs9xznVuZgw
ckxLI5KhLFF4wvf1hjjCgl4aYdTu1rHofsc9DGhviNRduOAX/iRI54g+38e3tbeR
oaL5/Gf7u7aGNBsLFrBtqPQ4vkSeaSusvhPVAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUowEZrOwk1iobjEQcsbqKza+6UvUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L293RVpyT3drMWlvYmpF
UWNzYnFLemEtNlV2VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFQX0ksyqyHDd6+W
5VhlmKj8BvZgtnTHkTYUN50a6MG3elzT1jVq+0+8KpJAx6MeR5hV/c0kw1i9F0ss
5+E61IAm2AgE3z8p2gm9opV305IsrUbIZw50pEJsFD/7AHr47d/CQuRRTlcj43e+
on0fk2fM5qB6AY/pm05PhNUNMQEMQltrAakUYCuYPbXCnqrOHmulrXTMQXW9zX9e
ZuRvGr74q5h9ULzCUlnqAW4q0g+ZxvqxEKz2DI8rk+yA1oP+ls6Rh7PC+1EnzBTZ
hzMY/vDlINf3fd/fbftIc7YWwU6qpWio8GuHBnkQVwu1bcMqkcoRAEd4VkWx8VHO
JSIluQA=
-----END CERTIFICATE-----
Generated at Sun May 18 19:08:33 2025 by rpki-client