Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qfWyyZKZJnxqppzDvaepxsLtTIU.roa
File: qfWyyZKZJnxqppzDvaepxsLtTIU.roa (raw, json)
Hash identifier: cBP4nV7TYaGl9VfAzQb9ZGjLZ9IQU79joC83z646Ots=
Subject key identifier: A9:F5:B2:C9:92:99:26:7C:6A:A6:9C:C3:BD:A7:A9:C6:C2:ED:4C:85
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B85
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qfWyyZKZJnxqppzDvaepxsLtTIU.roa
Signing time: Sun 07 Apr 2024 22:52:33 +0000
ROA not before: Sun 07 Apr 2024 22:52:33 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15237 (0x3b85)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 22:52:33 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A9F5B2C99299267C6AA69CC3BDA7A9C6C2ED4C85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:53:e5:18:97:0d:66:06:34:1c:25:65:2d:9f:
48:2e:65:6c:81:21:c0:5e:c7:05:02:22:f6:f7:42:
80:29:fd:cf:0c:48:bf:c5:1f:59:f4:d4:9a:85:50:
ca:e6:b6:dc:93:ef:fd:b6:b7:b3:03:4e:7b:6d:64:
e7:c0:37:df:ec:6c:53:80:f3:40:16:1e:ff:1a:2f:
93:d0:92:86:c6:a4:20:56:3d:6d:b9:0f:17:b7:b1:
76:7d:62:14:43:5d:d7:5e:30:72:89:b4:9d:8e:c5:
2a:42:4d:1b:1d:1b:9c:7b:86:d7:69:4f:f3:34:72:
ae:d9:bd:1b:28:52:ea:06:fc:af:b7:ee:34:66:36:
17:ae:63:28:91:e7:e8:de:6f:dc:73:43:ba:f7:3d:
a8:9a:62:92:bf:b2:7a:fe:38:36:43:20:0d:aa:5b:
53:98:7f:67:ab:42:79:11:b5:2e:e4:c7:ad:29:39:
e9:6b:b0:c1:06:0d:f5:d9:a7:62:c7:00:a8:ae:47:
da:c6:6d:c6:12:43:87:ee:7d:ca:25:a4:ea:7e:33:
15:23:3b:6b:28:80:65:f6:eb:f7:ab:31:7a:d5:bc:
3c:99:3f:cb:f3:e1:2c:28:e8:10:60:51:05:58:f4:
9e:c9:3b:1f:3d:79:ea:e5:89:7e:e7:39:81:84:eb:
ed:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:F5:B2:C9:92:99:26:7C:6A:A6:9C:C3:BD:A7:A9:C6:C2:ED:4C:85
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qfWyyZKZJnxqppzDvaepxsLtTIU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
9e:fc:ce:fb:b8:82:5f:92:d0:54:2c:c6:9b:e2:5e:77:d4:a4:
9e:a3:2e:a1:2b:df:af:4b:16:3d:51:a2:29:d3:bf:5e:b5:4a:
40:58:46:e7:29:f8:4d:fa:1e:a5:29:a6:2b:61:81:d0:eb:22:
ac:c3:e5:2e:10:72:af:9f:0e:1c:d9:7a:2a:64:75:e2:75:58:
32:b7:c3:3e:27:93:da:39:2f:48:41:a4:82:c0:fb:76:8a:6b:
d5:db:cd:25:d9:4c:9f:0f:f4:c9:78:3d:e8:ba:20:da:0d:5e:
2d:29:60:45:fd:e1:be:e2:66:d2:10:fc:43:b7:3a:20:5d:e4:
91:05:81:25:7d:46:8d:ee:e2:56:49:b4:dd:a8:39:f3:7c:f0:
b1:4b:b3:c7:7a:6c:fa:3b:07:a0:fc:40:59:c1:87:13:55:00:
a3:18:32:d8:53:27:d2:4c:91:23:dd:69:ad:43:52:31:91:74:
77:26:47:75:a0:62:42:ad:df:33:ac:d0:fb:0a:13:f9:c8:0a:
df:ce:0b:b7:2e:66:6c:d5:27:41:b3:6c:b9:4e:d4:e4:4b:73:
0e:5c:e6:bf:d7:56:62:87:4d:0b:fb:4a:9b:fd:2c:28:f5:ca:
2c:d3:fc:a4:4f:29:62:9b:c0:59:4b:03:f2:ea:ff:a8:21:0a:
36:0c:d1:61
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICO4UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcy
MjUyMzNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE5RjVCMkM5OTI5OTI2
N0M2QUE2OUNDM0JEQTdBOUM2QzJFRDRDODUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmU+UYlw1mBjQcJWUtn0guZWyBIcBexwUCIvb3QoAp/c8MSL/F
H1n01JqFUMrmttyT7/22t7MDTnttZOfAN9/sbFOA80AWHv8aL5PQkobGpCBWPW25
Dxe3sXZ9YhRDXddeMHKJtJ2OxSpCTRsdG5x7htdpT/M0cq7ZvRsoUuoG/K+37jRm
NheuYyiR5+jeb9xzQ7r3PaiaYpK/snr+ODZDIA2qW1OYf2erQnkRtS7kx60pOelr
sMEGDfXZp2LHAKiuR9rGbcYSQ4fufcolpOp+MxUjO2sogGX26/erMXrVvDyZP8vz
4Swo6BBgUQVY9J7JOx89eerliX7nOYGE6+0XAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUqfWyyZKZJnxqppzDvaepxsLtTIUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FmV3l5WktaSm54cXBw
ekR2YWVweHNMdFRJVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJ78zvu4gl+S0FQs
xpviXnfUpJ6jLqEr369LFj1RoinTv161SkBYRucp+E36HqUppithgdDrIqzD5S4Q
cq+fDhzZeipkdeJ1WDK3wz4nk9o5L0hBpILA+3aKa9XbzSXZTJ8P9Ml4Pei6INoN
Xi0pYEX94b7iZtIQ/EO3OiBd5JEFgSV9Ro3u4lZJtN2oOfN88LFLs8d6bPo7B6D8
QFnBhxNVAKMYMthTJ9JMkSPdaa1DUjGRdHcmR3WgYkKt3zOs0PsKE/nICt/OC7cu
ZmzVJ0GzbLlO1ORLcw5c5r/XVmKHTQv7Spv9LCj1yizT/KRPKWKbwFlLA/Lq/6gh
CjYM0WE=
-----END CERTIFICATE-----
Generated at Sun May 18 03:07:41 2025 by rpki-client