Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/pYGsjALSnF6ifTMUrtQN7rVjRaQ.roa
File: pYGsjALSnF6ifTMUrtQN7rVjRaQ.roa (raw, json)
Hash identifier: SpvRDydZAaUBBhrQooOCXnvROTTO1MnlxJKVRtsylW0=
Subject key identifier: A5:81:AC:8C:02:D2:9C:5E:A2:7D:33:14:AE:D4:0D:EE:B5:63:45:A4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5369
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pYGsjALSnF6ifTMUrtQN7rVjRaQ.roa
Signing time: Thu 09 May 2024 19:24:00 +0000
ROA not before: Thu 09 May 2024 19:24:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21353 (0x5369)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 19:24:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A581AC8C02D29C5EA27D3314AED40DEEB56345A4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:9e:96:f2:a9:4e:54:ad:f1:39:7b:04:7d:fb:
c0:80:4d:46:59:d6:7e:f9:cc:ac:3c:10:00:fe:fb:
0d:18:ab:91:6a:1d:30:db:04:67:c9:b5:44:b6:50:
07:2b:ff:3d:81:55:32:89:76:4b:8e:d5:6a:d9:77:
42:42:43:15:f1:82:a0:fc:6b:67:ea:49:cf:f1:b0:
ae:aa:b1:58:cc:6d:7c:fb:6f:ff:8c:cb:a6:ff:03:
99:a8:dd:17:b0:53:31:e5:04:bd:24:55:24:7d:f0:
71:6c:58:fb:0d:04:3a:c2:9c:79:d0:1d:8a:0f:f6:
a8:2b:bb:52:b9:a6:aa:b3:d9:30:d6:02:52:00:7e:
c1:9b:10:59:16:12:bc:56:f0:67:95:c3:35:6a:99:
1a:8f:08:29:48:6f:01:8c:93:f5:31:0c:7a:79:38:
dc:75:77:e5:f2:75:38:e7:e1:38:ae:b1:a3:b1:66:
12:08:97:82:4c:60:1a:03:cd:78:cb:e0:8e:13:c0:
80:09:36:06:3a:7e:a2:bd:5b:4e:93:35:89:30:ea:
3a:c1:48:f6:2d:ff:02:8d:61:69:09:ab:52:ff:21:
aa:87:65:c7:9d:02:00:63:16:59:9d:60:21:36:f3:
50:a6:0c:7c:4e:a9:cb:5f:87:3e:52:50:3b:f4:fc:
2a:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:81:AC:8C:02:D2:9C:5E:A2:7D:33:14:AE:D4:0D:EE:B5:63:45:A4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pYGsjALSnF6ifTMUrtQN7rVjRaQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
4e:74:d7:74:10:16:d4:04:76:75:e6:3d:61:09:b7:14:44:00:
13:d7:5e:41:56:24:3d:a2:83:ee:25:1f:4d:6b:14:e7:ad:d1:
f1:f5:67:75:6a:ec:73:8b:2b:0c:ea:bb:b3:27:19:01:eb:95:
b1:61:f9:41:df:12:02:5d:49:71:06:78:b5:06:8e:7c:f5:ac:
9d:a3:04:bf:64:8a:02:e7:b1:b2:eb:5e:d0:5e:ff:5e:7c:79:
0e:29:c5:29:b7:e3:20:74:df:5f:93:9e:0d:08:4e:17:50:8b:
41:3b:b4:7e:cd:62:b1:66:fb:c5:15:19:bf:6d:ed:a7:65:0a:
87:6b:75:7e:d6:c1:39:f0:ba:e5:d2:0e:1a:28:40:00:8c:f9:
af:93:05:2b:18:49:4c:aa:2b:25:3c:9c:d0:e2:ed:9b:6c:7a:
0d:9b:75:1b:7b:96:cb:86:b4:bf:db:9d:a9:b6:11:1a:24:77:
9f:ec:e4:83:96:3d:09:d2:96:c2:65:fa:86:5f:75:0c:d3:48:
a7:3e:31:b6:58:9d:53:60:d1:8a:a4:66:18:57:d8:62:9c:de:
aa:0d:0c:94:87:d4:ce:91:40:c8:c0:ec:f0:a9:99:61:b2:e0:
c8:70:65:af:0f:e2:8c:0d:63:c4:df:8b:fe:60:68:91:22:8b:
b4:a4:09:86
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICU2kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDkx
OTI0MDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE1ODFBQzhDMDJEMjlD
NUVBMjdEMzMxNEFFRDQwREVFQjU2MzQ1QTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0npbyqU5UrfE5ewR9+8CATUZZ1n75zKw8EAD++w0Yq5FqHTDb
BGfJtUS2UAcr/z2BVTKJdkuO1WrZd0JCQxXxgqD8a2fqSc/xsK6qsVjMbXz7b/+M
y6b/A5mo3RewUzHlBL0kVSR98HFsWPsNBDrCnHnQHYoP9qgru1K5pqqz2TDWAlIA
fsGbEFkWErxW8GeVwzVqmRqPCClIbwGMk/UxDHp5ONx1d+XydTjn4TiusaOxZhII
l4JMYBoDzXjL4I4TwIAJNgY6fqK9W06TNYkw6jrBSPYt/wKNYWkJq1L/IaqHZced
AgBjFlmdYCE281CmDHxOqctfhz5SUDv0/CpPAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUpYGsjALSnF6ifTMUrtQN7rVjRaQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BZR3NqQUxTbkY2aWZU
TVVydFFON3JWalJhUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAE5013QQFtQEdnXm
PWEJtxREABPXXkFWJD2ig+4lH01rFOet0fH1Z3Vq7HOLKwzqu7MnGQHrlbFh+UHf
EgJdSXEGeLUGjnz1rJ2jBL9kigLnsbLrXtBe/158eQ4pxSm34yB031+Tng0IThdQ
i0E7tH7NYrFm+8UVGb9t7adlCodrdX7WwTnwuuXSDhooQACM+a+TBSsYSUyqKyU8
nNDi7Ztseg2bdRt7lsuGtL/bnam2ERokd5/s5IOWPQnSlsJl+oZfdQzTSKc+MbZY
nVNg0YqkZhhX2GKc3qoNDJSH1M6RQMjA7PCpmWGy4MhwZa8P4owNY8Tfi/5gaJEi
i7SkCYY=
-----END CERTIFICATE-----
Generated at Sat May 17 23:14:11 2025 by rpki-client