Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/q1CbhzS1Jj6symZoea88OISx2V4.roa
File: q1CbhzS1Jj6symZoea88OISx2V4.roa (raw, json)
Hash identifier: fwghGxgsCVsmQLGZoGIZXCw3qSpRh+6mM1BKJgAEFK8=
Subject key identifier: AB:50:9B:87:34:B5:26:3E:AC:CA:66:68:79:AF:3C:38:84:B1:D9:5E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 52BD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/q1CbhzS1Jj6symZoea88OISx2V4.roa
Signing time: Wed 08 May 2024 21:53:57 +0000
ROA not before: Wed 08 May 2024 21:53:57 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21181 (0x52bd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 8 21:53:57 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AB509B8734B5263EACCA666879AF3C3884B1D95E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:3b:37:45:e0:71:4f:a1:84:d8:40:80:e6:0e:
21:09:f2:fa:4f:01:43:f8:da:0e:93:db:79:0a:70:
21:13:6f:88:6c:d1:5e:4b:4b:e0:0e:e7:66:4a:fe:
a6:6b:3f:76:71:f6:71:b2:6e:9b:9e:23:73:1e:b4:
4d:a4:9c:f5:ad:19:f4:1d:40:22:67:d1:fa:f9:cd:
13:b4:67:1b:7f:b6:5b:e2:ba:37:ea:0a:60:22:a4:
d0:3b:2b:70:dd:36:b0:89:61:97:0c:80:90:b7:99:
bf:4b:64:7f:9f:b5:c8:1a:c9:b3:79:ad:db:9b:e4:
a8:0f:c3:45:c4:95:f6:24:73:0d:bb:07:65:62:2c:
44:45:86:e8:9e:88:62:56:8e:b9:98:a9:6a:75:ac:
38:87:60:c7:48:ae:37:cf:58:68:a0:74:e4:57:1a:
1b:9e:65:d5:fd:0f:53:68:d7:a2:12:e3:99:2a:50:
c9:96:d9:73:e3:1b:9a:f0:01:cb:a6:6c:17:19:ed:
bd:6e:97:33:87:fd:b4:af:11:ae:d3:86:31:85:15:
d4:23:79:95:e4:be:2d:5b:9e:59:e1:a8:3d:b4:4a:
52:d8:59:21:1a:93:88:4d:7c:de:a5:67:38:e3:d0:
08:07:fa:39:3a:7c:8a:0e:b7:97:20:3d:83:cf:85:
04:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:50:9B:87:34:B5:26:3E:AC:CA:66:68:79:AF:3C:38:84:B1:D9:5E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/q1CbhzS1Jj6symZoea88OISx2V4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
16:c2:06:59:4e:e9:7e:62:08:25:97:12:55:da:c6:54:34:c5:
f3:b9:a9:cd:1d:39:b9:43:d1:54:81:be:a1:f6:f4:b2:2c:74:
c3:50:50:c5:c5:c9:b8:05:a2:6c:c7:5e:c4:fd:7f:d9:d0:85:
30:98:2c:78:4e:c3:77:8b:a0:21:f9:f3:2f:00:cf:a6:9f:5b:
38:00:a0:e1:a5:ba:d0:dd:d0:0e:60:e9:63:7b:eb:bf:6d:27:
09:46:ac:98:fe:4b:90:be:e4:8e:68:35:30:15:49:93:e6:63:
ba:b2:c2:15:66:4a:37:0d:7d:f2:ac:2f:9d:81:af:01:00:45:
d4:f2:73:11:c3:76:d3:f4:48:d3:b3:e7:72:52:c7:11:2b:b9:
8b:ad:4b:1e:af:34:7c:26:77:a0:93:e1:69:5e:be:28:22:33:
be:ad:1e:20:0e:6d:71:79:95:76:76:f9:72:57:18:63:aa:2c:
ba:97:26:99:02:c0:0c:dd:94:15:49:78:f5:20:6f:45:b3:67:
19:f3:35:00:f2:78:89:f3:98:ca:ef:ba:6f:4a:4c:ce:78:de:
ef:e6:bd:c2:f3:4a:c5:ef:06:cc:58:7a:8f:63:c5:80:ac:d4:
8a:9d:41:75:a5:bb:5e:a1:32:38:13:12:87:54:08:27:a8:ee:
79:ea:3d:1d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUr0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDgy
MTUzNTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFCNTA5Qjg3MzRCNTI2
M0VBQ0NBNjY2ODc5QUYzQzM4ODRCMUQ5NUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNOzdF4HFPoYTYQIDmDiEJ8vpPAUP42g6T23kKcCETb4hs0V5L
S+AO52ZK/qZrP3Zx9nGybpueI3MetE2knPWtGfQdQCJn0fr5zRO0Zxt/tlviujfq
CmAipNA7K3DdNrCJYZcMgJC3mb9LZH+ftcgaybN5rdub5KgPw0XElfYkcw27B2Vi
LERFhuieiGJWjrmYqWp1rDiHYMdIrjfPWGigdORXGhueZdX9D1No16IS45kqUMmW
2XPjG5rwAcumbBcZ7b1ulzOH/bSvEa7ThjGFFdQjeZXkvi1bnlnhqD20SlLYWSEa
k4hNfN6lZzjj0AgH+jk6fIoOt5cgPYPPhQSDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUq1CbhzS1Jj6symZoea88OISx2V4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ExQ2JoelMxSmo2c3lt
Wm9lYTg4T0lTeDJWNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABbCBllO6X5iCCWX
ElXaxlQ0xfO5qc0dOblD0VSBvqH29LIsdMNQUMXFybgFomzHXsT9f9nQhTCYLHhO
w3eLoCH58y8Az6afWzgAoOGlutDd0A5g6WN7679tJwlGrJj+S5C+5I5oNTAVSZPm
Y7qywhVmSjcNffKsL52BrwEARdTycxHDdtP0SNOz53JSxxEruYutSx6vNHwmd6CT
4WlevigiM76tHiAObXF5lXZ2+XJXGGOqLLqXJpkCwAzdlBVJePUgb0WzZxnzNQDy
eInzmMrvum9KTM543u/mvcLzSsXvBsxYeo9jxYCs1IqdQXWlu16hMjgTEodUCCeo
7nnqPR0=
-----END CERTIFICATE-----
Generated at Sat May 17 22:41:33 2025 by rpki-client