Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/pPj16TU-htL63YWMc-qP_5RF1bY.roa
File: pPj16TU-htL63YWMc-qP_5RF1bY.roa (raw, json)
Hash identifier: AaQldgWqHsDeTNY9q3fHHCn90oZDd7DOJAichhclrj0=
Subject key identifier: A4:F8:F5:E9:35:3E:86:D2:FA:DD:85:8C:73:EA:8F:FF:94:45:D5:B6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42B1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pPj16TU-htL63YWMc-qP_5RF1bY.roa
Signing time: Wed 17 Apr 2024 12:23:26 +0000
ROA not before: Wed 17 Apr 2024 12:23:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17073 (0x42b1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 12:23:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A4F8F5E9353E86D2FADD858C73EA8FFF9445D5B6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:f2:79:c9:1c:e1:ea:f9:8e:aa:30:db:bb:03:
3e:63:e2:31:6d:9a:0b:5f:dc:06:38:a8:cd:49:6b:
68:78:07:56:5d:4d:c4:58:09:ac:a0:2d:61:14:ca:
f5:78:40:13:07:9a:32:20:c4:29:dc:47:c4:3c:18:
ba:54:88:b0:43:10:ef:54:f5:05:b6:51:bd:82:03:
dc:21:a3:9d:94:42:41:46:8c:5d:c3:b5:3f:f5:9c:
72:cd:3a:41:4f:16:02:3b:83:56:86:e6:3f:23:2f:
75:2b:b5:f8:2f:40:92:41:a9:3e:41:04:44:3b:e8:
64:c9:4c:c4:b6:0c:74:0e:a9:3e:72:4e:37:ec:61:
a5:25:41:75:56:fd:63:e9:d4:39:87:e4:02:0d:6e:
40:89:32:a3:7a:4f:c6:f0:1b:3d:c9:45:31:2b:6c:
b5:08:8f:3e:4c:88:75:98:af:52:6f:7d:f7:dc:d8:
c8:b9:9c:86:05:d0:48:d7:69:d4:39:8b:1a:78:8a:
9c:47:65:b6:09:16:fc:be:1f:f1:92:23:2f:69:6d:
e0:db:49:f9:ca:cc:7a:9b:1f:50:53:79:d1:f2:7a:
7b:e5:d4:f6:02:d1:eb:d5:1d:fa:0f:cd:17:e5:23:
53:67:b1:03:f0:d0:9e:4c:d0:f6:75:24:34:51:65:
d5:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:F8:F5:E9:35:3E:86:D2:FA:DD:85:8C:73:EA:8F:FF:94:45:D5:B6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pPj16TU-htL63YWMc-qP_5RF1bY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
44:c4:37:4f:c6:ee:84:41:43:b5:90:55:4c:df:e2:48:54:6c:
7a:d1:e9:fe:17:58:38:65:80:7a:d3:48:00:83:e0:77:47:b0:
d9:49:c6:02:74:96:0d:54:e2:bc:29:b1:e4:62:d6:b8:80:93:
f9:bf:87:67:be:b7:ad:73:fd:fd:9e:37:74:d0:97:7f:b5:4a:
61:c5:c9:3e:70:fc:92:37:20:88:e3:c2:c4:57:65:a0:10:75:
e4:f8:d2:f0:6e:39:31:b1:44:5a:00:f3:3f:18:3e:95:34:71:
e3:c5:19:00:39:b8:9e:1a:ee:f0:f9:63:76:3c:fd:43:d7:fd:
f7:61:7b:45:7d:1d:fe:2b:9e:4f:b1:82:df:6c:36:b7:fa:a0:
51:d4:f8:c8:cd:3f:82:d7:00:e8:56:1d:f1:dc:e3:da:77:f9:
e7:64:72:71:4f:d0:33:2b:7b:74:25:35:e5:58:1e:31:6e:75:
5b:8d:fd:87:81:33:bd:15:11:32:ed:08:c4:f3:e8:fe:3c:4b:
d8:71:62:2f:7b:aa:b9:72:29:28:b3:79:84:e8:df:34:ba:12:
dc:10:3d:ea:16:4c:23:c4:15:f5:17:c4:df:0e:40:5c:fc:1e:
58:ac:b2:cf:2e:5c:a5:f3:7d:c7:e6:75:ba:b2:59:69:54:a7:
98:0c:9c:de
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQrEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcx
MjIzMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE0RjhGNUU5MzUzRTg2
RDJGQUREODU4QzczRUE4RkZGOTQ0NUQ1QjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCs8nnJHOHq+Y6qMNu7Az5j4jFtmgtf3AY4qM1Ja2h4B1ZdTcRY
CaygLWEUyvV4QBMHmjIgxCncR8Q8GLpUiLBDEO9U9QW2Ub2CA9who52UQkFGjF3D
tT/1nHLNOkFPFgI7g1aG5j8jL3UrtfgvQJJBqT5BBEQ76GTJTMS2DHQOqT5yTjfs
YaUlQXVW/WPp1DmH5AINbkCJMqN6T8bwGz3JRTErbLUIjz5MiHWYr1Jvfffc2Mi5
nIYF0EjXadQ5ixp4ipxHZbYJFvy+H/GSIy9pbeDbSfnKzHqbH1BTedHyenvl1PYC
0evVHfoPzRflI1NnsQPw0J5M0PZ1JDRRZdUXAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUpPj16TU+htL63YWMc+qP/5RF1bYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BQajE2VFUtaHRMNjNZ
V01jLXFQXzVSRjFiWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAETEN0/G7oRBQ7WQ
VUzf4khUbHrR6f4XWDhlgHrTSACD4HdHsNlJxgJ0lg1U4rwpseRi1riAk/m/h2e+
t61z/f2eN3TQl3+1SmHFyT5w/JI3IIjjwsRXZaAQdeT40vBuOTGxRFoA8z8YPpU0
cePFGQA5uJ4a7vD5Y3Y8/UPX/fdhe0V9Hf4rnk+xgt9sNrf6oFHU+MjNP4LXAOhW
HfHc49p3+edkcnFP0DMre3QlNeVYHjFudVuN/YeBM70VETLtCMTz6P48S9hxYi97
qrlyKSizeYTo3zS6EtwQPeoWTCPEFfUXxN8OQFz8Hlisss8uXKXzfcfmdbqyWWlU
p5gMnN4=
-----END CERTIFICATE-----
Generated at Sun May 18 02:03:01 2025 by rpki-client