Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/p-9dd896a4seBdSgx9ZSMblcQuI.roa
File: p-9dd896a4seBdSgx9ZSMblcQuI.roa (raw, json)
Hash identifier: rXxbxxS/mi9Z98MYpwT/sv7FA11s+tYX63Zav2t56gM=
Subject key identifier: A7:EF:5D:77:CF:7A:6B:8B:1E:05:D4:A0:C7:D6:52:31:B9:5C:42:E2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57B5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/p-9dd896a4seBdSgx9ZSMblcQuI.roa
Signing time: Wed 15 May 2024 12:54:35 +0000
ROA not before: Wed 15 May 2024 12:54:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22453 (0x57b5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 12:54:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A7EF5D77CF7A6B8B1E05D4A0C7D65231B95C42E2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:10:4c:de:11:93:56:38:28:c5:eb:67:78:ef:
42:76:01:8d:6c:45:a9:e9:eb:2d:fb:79:fe:e5:0a:
31:2e:1e:cd:fa:09:a2:3b:09:b5:db:bc:f7:e5:2c:
a6:38:a4:44:61:80:fa:9f:ec:b6:96:45:fa:b3:e1:
33:66:97:4c:67:06:2d:74:f8:d1:e6:ff:4c:e6:e2:
23:c2:52:9d:2d:f0:cd:25:9b:14:f3:71:78:fb:da:
82:76:e7:fb:f7:60:cb:3e:19:fd:05:67:69:35:bf:
37:2b:6e:55:20:58:49:71:7b:cf:5b:86:32:96:5a:
ea:8e:cb:53:be:81:5b:6f:ac:4c:6e:cc:5f:a4:e5:
64:bf:c3:38:47:77:6f:85:60:0d:7a:10:1c:d0:47:
8a:32:b5:db:b6:f4:1c:3a:4d:23:1f:93:52:91:2b:
81:ed:53:0a:bb:25:ba:16:cf:f5:4d:d8:20:65:0c:
d1:6c:96:ed:df:c8:5e:8c:e8:24:4e:40:d5:60:82:
43:4b:e2:e5:62:fb:25:a1:fa:d3:2d:d5:ae:47:70:
ae:73:0b:55:ce:6c:56:6f:53:28:51:c0:5b:f0:96:
d5:40:15:94:8a:4d:a8:e7:1d:7e:54:24:cf:b9:b4:
3d:68:4a:81:4a:39:e6:6c:ac:b6:45:fe:8d:7b:3c:
c6:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:EF:5D:77:CF:7A:6B:8B:1E:05:D4:A0:C7:D6:52:31:B9:5C:42:E2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/p-9dd896a4seBdSgx9ZSMblcQuI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
1c:8e:80:4d:3d:2c:e0:0c:7f:e0:b7:36:b8:7b:c0:3b:ba:5a:
b8:ed:b4:05:f2:7e:b9:dd:b5:79:f8:a0:8f:ef:65:44:27:78:
02:52:74:35:03:22:3a:c3:62:3c:50:7d:76:e2:75:c2:75:07:
7d:31:56:a8:1d:bd:22:cd:d6:7e:88:d0:11:68:f6:b5:74:b2:
bf:43:eb:73:51:44:3c:72:e3:c5:e2:58:ce:20:54:5d:8f:9b:
77:f6:35:c2:bf:d2:5f:f3:b8:ef:57:a9:af:49:20:d3:26:87:
1b:e5:b3:3f:db:e8:de:45:e7:10:df:48:61:cb:15:6c:90:10:
8e:f6:49:ee:1c:f7:5d:8b:1c:eb:14:6f:5d:58:e0:f5:21:89:
33:55:55:06:77:f0:7a:1f:87:85:af:8b:4b:13:64:c4:28:e3:
8e:60:d4:17:1d:49:21:54:26:88:d4:99:f5:63:03:1b:f1:5e:
68:42:8c:56:fb:1f:f6:1a:ff:08:f4:0c:93:c4:55:e0:98:09:
f1:1a:20:3a:68:2a:98:be:b5:21:f9:a1:84:8f:33:00:b5:cb:
7d:01:c8:ef:13:f5:b3:cf:50:f9:45:b7:8a:6c:da:78:8e:42:
ef:3f:9e:05:e9:f2:9d:a3:3f:40:e0:0c:92:13:63:0c:fb:8d:
94:51:6b:d8
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICV7UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUx
MjU0MzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE3RUY1RDc3Q0Y3QTZC
OEIxRTA1RDRBMEM3RDY1MjMxQjk1QzQyRTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDsEEzeEZNWOCjF62d470J2AY1sRanp6y37ef7lCjEuHs36CaI7
CbXbvPflLKY4pERhgPqf7LaWRfqz4TNml0xnBi10+NHm/0zm4iPCUp0t8M0lmxTz
cXj72oJ25/v3YMs+Gf0FZ2k1vzcrblUgWElxe89bhjKWWuqOy1O+gVtvrExuzF+k
5WS/wzhHd2+FYA16EBzQR4oytdu29Bw6TSMfk1KRK4HtUwq7JboWz/VN2CBlDNFs
lu3fyF6M6CROQNVggkNL4uVi+yWh+tMt1a5HcK5zC1XObFZvUyhRwFvwltVAFZSK
TajnHX5UJM+5tD1oSoFKOeZsrLZF/o17PMY9AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUp+9dd896a4seBdSgx9ZSMblcQuIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3AtOWRkODk2YTRzZUJk
U2d4OVpTTWJsY1F1SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAByOgE09LOAMf+C3
Nrh7wDu6WrjttAXyfrndtXn4oI/vZUQneAJSdDUDIjrDYjxQfXbidcJ1B30xVqgd
vSLN1n6I0BFo9rV0sr9D63NRRDxy48XiWM4gVF2Pm3f2NcK/0l/zuO9Xqa9JINMm
hxvlsz/b6N5F5xDfSGHLFWyQEI72Se4c912LHOsUb11Y4PUhiTNVVQZ38Hofh4Wv
i0sTZMQo445g1BcdSSFUJojUmfVjAxvxXmhCjFb7H/Ya/wj0DJPEVeCYCfEaIDpo
Kpi+tSH5oYSPMwC1y30ByO8T9bPPUPlFt4ps2niOQu8/ngXp8p2jP0DgDJITYwz7
jZRRa9g=
-----END CERTIFICATE-----
Generated at Sat May 17 19:36:41 2025 by rpki-client