Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/q83saF1d9rWZ8tPEl32LHwkamS8.roa
File: q83saF1d9rWZ8tPEl32LHwkamS8.roa (raw, json)
Hash identifier: VPnyg4I4mr3uBax6oJIPlWU7XYkbZrfBXyVdDV6taE8=
Subject key identifier: AB:CD:EC:68:5D:5D:F6:B5:99:F2:D3:C4:97:7D:8B:1F:09:1A:99:2F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 50B9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/q83saF1d9rWZ8tPEl32LHwkamS8.roa
Signing time: Mon 06 May 2024 05:23:49 +0000
ROA not before: Mon 06 May 2024 05:23:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20665 (0x50b9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 05:23:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ABCDEC685D5DF6B599F2D3C4977D8B1F091A992F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:11:c8:a6:ed:61:47:83:b1:65:8d:2d:3b:d3:
31:f2:2e:16:cb:83:73:60:a1:b1:65:a6:11:94:4f:
bf:59:73:bf:5d:f8:59:74:89:c8:92:cc:db:64:b0:
bb:10:8d:cc:44:d6:02:c3:d7:0a:1c:e6:2a:38:91:
52:e4:26:02:c7:ae:40:28:13:f5:a2:00:31:66:fb:
69:8a:c4:0b:81:0f:13:fb:62:60:6c:50:28:06:9a:
1a:f8:ce:c3:ad:4f:44:2c:66:c6:98:3f:bb:86:ef:
49:6e:9e:86:87:38:bb:e6:1b:61:a2:42:fb:6d:32:
af:a5:01:ad:89:6f:8f:f1:50:b4:a0:27:3a:7e:11:
6d:38:34:de:34:0c:ae:da:bb:6e:0a:d4:ff:3f:b9:
59:f5:ae:21:7a:a7:58:bf:f7:3a:60:da:49:57:28:
ac:f3:bd:e1:80:7a:f9:ef:91:6a:9c:aa:0d:b2:5c:
bb:d0:28:43:85:3d:96:56:18:20:d2:0d:ff:35:39:
8b:f9:b1:be:9f:30:85:a5:92:da:c4:37:ee:ec:ba:
45:fd:da:78:e6:e1:92:60:f5:36:15:f7:ef:dc:88:
dd:72:8d:6e:61:61:58:19:0a:58:a3:40:99:49:c0:
9b:10:9f:ba:85:4b:6f:92:27:94:db:db:7b:50:af:
39:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:CD:EC:68:5D:5D:F6:B5:99:F2:D3:C4:97:7D:8B:1F:09:1A:99:2F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/q83saF1d9rWZ8tPEl32LHwkamS8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
4b:60:c4:e5:fd:7b:2a:9d:60:eb:8a:2d:00:a1:dc:05:6c:95:
d5:bf:bd:bf:ab:c7:c9:25:32:e5:e2:21:90:50:f4:b7:5f:fa:
ab:64:67:94:4c:f9:e9:eb:fd:86:f4:2e:de:5f:8c:a2:80:42:
30:2a:e5:ed:05:33:dc:85:d0:32:1d:b3:59:6e:42:d1:b9:40:
03:c8:21:76:4b:97:76:5a:e6:82:e5:78:83:0c:20:5c:c9:42:
b9:2e:98:5c:2a:45:87:a4:14:7d:3d:0e:cf:17:2d:01:bf:dd:
40:64:11:87:5d:c8:17:aa:dd:85:43:4f:3e:8a:94:48:cc:41:
c9:77:83:cb:65:99:98:63:34:bc:70:58:e5:c4:ee:59:b6:b7:
65:72:33:f6:a5:7b:90:16:c9:82:c6:7f:f0:d9:bb:ca:c9:3e:
b9:fe:65:fb:56:ae:55:ab:b8:16:f1:6e:5d:f3:54:14:fa:cb:
79:c2:be:22:4c:71:6b:b4:10:32:71:4a:d0:1d:cb:66:a6:db:
4f:64:ee:11:76:7f:bf:45:66:10:99:1f:bf:f9:0c:ee:a4:4a:
b1:53:33:7c:63:77:65:44:56:4e:58:02:2f:05:7a:3e:35:e9:
f0:76:c0:3e:8e:a5:0c:3a:c7:8c:9c:84:1e:d5:fa:56:9b:4d:
1d:d6:00:83
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICULkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYw
NTIzNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFCQ0RFQzY4NUQ1REY2
QjU5OUYyRDNDNDk3N0Q4QjFGMDkxQTk5MkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDgEcim7WFHg7FljS070zHyLhbLg3NgobFlphGUT79Zc79d+Fl0
iciSzNtksLsQjcxE1gLD1woc5io4kVLkJgLHrkAoE/WiADFm+2mKxAuBDxP7YmBs
UCgGmhr4zsOtT0QsZsaYP7uG70lunoaHOLvmG2GiQvttMq+lAa2Jb4/xULSgJzp+
EW04NN40DK7au24K1P8/uVn1riF6p1i/9zpg2klXKKzzveGAevnvkWqcqg2yXLvQ
KEOFPZZWGCDSDf81OYv5sb6fMIWlktrEN+7sukX92njm4ZJg9TYV9+/ciN1yjW5h
YVgZClijQJlJwJsQn7qFS2+SJ5Tb23tQrzkVAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUq83saF1d9rWZ8tPEl32LHwkamS8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3E4M3NhRjFkOXJXWjh0
UEVsMzJMSHdrYW1TOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEtgxOX9eyqdYOuK
LQCh3AVsldW/vb+rx8klMuXiIZBQ9Ldf+qtkZ5RM+enr/Yb0Lt5fjKKAQjAq5e0F
M9yF0DIds1luQtG5QAPIIXZLl3Za5oLleIMMIFzJQrkumFwqRYekFH09Ds8XLQG/
3UBkEYddyBeq3YVDTz6KlEjMQcl3g8tlmZhjNLxwWOXE7lm2t2VyM/ale5AWyYLG
f/DZu8rJPrn+ZftWrlWruBbxbl3zVBT6y3nCviJMcWu0EDJxStAdy2am209k7hF2
f79FZhCZH7/5DO6kSrFTM3xjd2VEVk5YAi8Fej416fB2wD6OpQw6x4ychB7V+lab
TR3WAIM=
-----END CERTIFICATE-----
Generated at Sat May 17 23:33:21 2025 by rpki-client