Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rfPZVIaEsrlx5pdeEx7mPCgmCsE.roa
File: rfPZVIaEsrlx5pdeEx7mPCgmCsE.roa (raw, json)
Hash identifier: MlwpvPKXP9Bh4ceLRrCLWtzHGgfaZnaSoV3wX7ArkuA=
Subject key identifier: AD:F3:D9:54:86:84:B2:B9:71:E6:97:5E:13:1E:E6:3C:28:26:0A:C1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4CB9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rfPZVIaEsrlx5pdeEx7mPCgmCsE.roa
Signing time: Tue 30 Apr 2024 21:23:50 +0000
ROA not before: Tue 30 Apr 2024 21:23:50 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19641 (0x4cb9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 21:23:50 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ADF3D9548684B2B971E6975E131EE63C28260AC1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:cd:23:a3:a0:f6:cc:a3:61:3b:95:48:c0:0b:
26:8b:4c:01:db:90:e3:4f:aa:2c:e3:c3:06:f4:0f:
4f:ce:23:17:03:b7:42:dd:57:3f:f8:37:12:20:3e:
ca:68:96:ec:50:72:70:81:18:4c:a0:1b:3b:81:6b:
85:77:d5:22:e6:61:15:b0:fe:ae:b8:dc:63:fb:0d:
70:bf:f1:f3:13:d0:80:55:86:45:f6:c4:af:9c:8e:
6b:52:15:d6:55:c5:89:dd:89:c6:18:b5:6d:00:a4:
42:a9:99:8a:77:8b:3b:fb:b9:68:5e:61:0c:69:cd:
b2:fb:db:e1:b3:37:60:f0:33:05:d6:73:44:07:8e:
74:c7:34:2f:0c:4b:28:47:7c:91:cf:08:5d:be:73:
11:93:c4:c8:42:ae:a3:c5:e8:80:72:1e:be:88:c0:
2f:f9:c3:5b:0b:4c:e7:a4:3a:b0:dc:73:aa:77:06:
24:43:a7:50:a4:39:77:b0:c7:08:74:78:de:95:60:
10:b9:02:08:ec:1e:f4:b6:08:62:a5:6c:c3:bb:01:
a9:84:0b:f6:df:99:e3:47:8c:12:8b:5f:f5:ac:ee:
74:c9:1c:ca:58:ec:93:e1:7e:f6:ed:be:ce:33:20:
1a:61:f9:fa:11:c3:50:2a:27:41:2d:9e:de:8c:de:
8d:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:F3:D9:54:86:84:B2:B9:71:E6:97:5E:13:1E:E6:3C:28:26:0A:C1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rfPZVIaEsrlx5pdeEx7mPCgmCsE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
38:c8:df:4d:1a:5e:0d:01:df:96:be:44:8e:5e:03:36:46:43:
4f:63:b5:98:81:62:43:25:b3:bd:e6:b8:b1:40:d0:57:3a:67:
29:21:49:a5:9d:6a:6a:03:4e:04:f9:10:02:df:24:8b:ef:89:
bd:d9:e7:7a:7b:d0:45:9f:de:bd:0b:55:88:7f:84:c8:cc:3c:
f4:17:49:7b:08:5a:d3:90:17:e1:e7:dd:cd:31:89:52:77:9c:
6a:63:e1:84:a9:ae:9f:da:ff:d1:1b:bf:ad:a5:46:ef:4a:dd:
01:d2:c1:b3:94:cc:ae:f7:da:6f:4e:6a:8a:35:eb:c5:1b:fb:
5b:1c:8c:75:69:f7:d4:27:30:6d:36:af:3a:59:c3:ad:72:09:
45:81:0e:3a:db:ff:90:bb:e0:9f:a7:26:66:1f:e5:d6:fe:4a:
6f:ab:17:38:0a:b7:9e:1e:7a:62:37:e4:ed:47:49:f6:83:da:
59:fb:1e:4a:bb:46:2d:db:53:33:84:85:b7:3f:e2:b4:42:12:
4a:cd:1b:2b:90:77:6f:66:89:7c:e2:a0:7f:74:3f:9d:a1:c2:
5a:f1:ac:7c:98:bd:42:6a:1e:8e:a3:33:c6:9d:ba:78:c6:75:
83:c7:ef:61:29:1d:c3:41:2a:76:17:d2:39:50:d5:eb:2c:1e:
71:ed:b4:ff
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTLkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAy
MTIzNTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFERjNEOTU0ODY4NEIy
Qjk3MUU2OTc1RTEzMUVFNjNDMjgyNjBBQzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3zSOjoPbMo2E7lUjACyaLTAHbkONPqizjwwb0D0/OIxcDt0Ld
Vz/4NxIgPspoluxQcnCBGEygGzuBa4V31SLmYRWw/q643GP7DXC/8fMT0IBVhkX2
xK+cjmtSFdZVxYndicYYtW0ApEKpmYp3izv7uWheYQxpzbL72+GzN2DwMwXWc0QH
jnTHNC8MSyhHfJHPCF2+cxGTxMhCrqPF6IByHr6IwC/5w1sLTOekOrDcc6p3BiRD
p1CkOXewxwh0eN6VYBC5AgjsHvS2CGKlbMO7AamEC/bfmeNHjBKLX/Ws7nTJHMpY
7JPhfvbtvs4zIBph+foRw1AqJ0Etnt6M3o0lAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUrfPZVIaEsrlx5pdeEx7mPCgmCsEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JmUFpWSWFFc3JseDVw
ZGVFeDdtUENnbUNzRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADjI300aXg0B35a+
RI5eAzZGQ09jtZiBYkMls73muLFA0Fc6ZykhSaWdamoDTgT5EALfJIvvib3Z53p7
0EWf3r0LVYh/hMjMPPQXSXsIWtOQF+Hn3c0xiVJ3nGpj4YSprp/a/9Ebv62lRu9K
3QHSwbOUzK732m9Oaoo168Ub+1scjHVp99QnMG02rzpZw61yCUWBDjrb/5C74J+n
JmYf5db+Sm+rFzgKt54eemI35O1HSfaD2ln7Hkq7Ri3bUzOEhbc/4rRCEkrNGyuQ
d29miXzioH90P52hwlrxrHyYvUJqHo6jM8adunjGdYPH72EpHcNBKnYX0jlQ1ess
HnHttP8=
-----END CERTIFICATE-----
Generated at Sun May 18 04:54:17 2025 by rpki-client