Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rypgFPerHHLMI60PqpBtAU1Zaas.roa
File: rypgFPerHHLMI60PqpBtAU1Zaas.roa (raw, json)
Hash identifier: UWhoeHehGjyk8ZF1Jc2AHksQMV31KJ8O4t3vYRVYvMg=
Subject key identifier: AF:2A:60:14:F7:AB:1C:72:CC:23:AD:0F:AA:90:6D:01:4D:59:69:AB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4BAD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rypgFPerHHLMI60PqpBtAU1Zaas.roa
Signing time: Mon 29 Apr 2024 11:53:32 +0000
ROA not before: Mon 29 Apr 2024 11:53:32 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19373 (0x4bad)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 11:53:32 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AF2A6014F7AB1C72CC23AD0FAA906D014D5969AB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:e9:be:3c:c6:65:05:40:7c:b3:b1:e3:b9:66:
f3:b9:cb:f7:25:86:89:1b:4e:ba:81:d6:90:df:e4:
88:30:da:78:0b:3f:37:be:67:54:2b:b2:2e:c0:74:
2a:b5:e1:b6:df:5a:37:4c:da:38:da:67:3e:a5:f2:
78:cb:d3:99:b2:66:04:c8:69:2f:20:11:90:bd:7e:
94:1a:9c:b1:7d:e4:16:d2:10:c6:e0:8a:32:0f:6b:
10:9e:15:5b:2f:c7:a3:0a:ff:d1:44:d2:b1:33:bf:
26:7e:c5:db:7d:70:9c:fe:10:2f:0e:98:18:cf:29:
c1:18:73:96:ad:e9:bb:85:b9:5d:d9:23:b2:38:8f:
96:68:b8:b9:8e:11:a5:e2:e8:85:d8:62:e4:4f:e7:
96:0b:fc:34:07:62:0a:c9:35:f3:92:b8:d6:03:88:
7a:41:f7:8d:f6:91:4a:28:a2:f9:10:73:88:a1:f8:
d0:12:a7:55:4f:00:60:49:7a:24:88:49:91:f1:89:
18:fb:13:65:32:1f:37:7c:12:81:8d:42:3c:9d:99:
e2:43:80:8e:ac:0e:7c:4b:ae:c3:42:9e:8a:9b:39:
d0:2d:54:d7:91:c6:09:32:19:f8:e5:29:63:93:73:
6b:41:1e:7d:84:0e:b6:95:b6:5f:3f:20:17:80:bd:
a2:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:2A:60:14:F7:AB:1C:72:CC:23:AD:0F:AA:90:6D:01:4D:59:69:AB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rypgFPerHHLMI60PqpBtAU1Zaas.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
78:98:75:fd:56:ec:78:e2:30:f6:ab:ac:16:d5:46:23:02:21:
3e:f2:bd:50:a4:71:e2:b0:f1:6a:06:50:02:ec:47:cd:95:9f:
d1:f9:2f:e2:e8:30:14:d3:54:ad:1f:8e:d0:d9:0b:a5:ac:32:
e1:35:9c:24:73:13:22:50:28:84:7e:65:25:db:ab:7a:fe:ba:
a0:1c:f2:f1:8f:8d:d5:ff:e6:82:b3:7b:99:37:e9:7e:0d:25:
6b:16:6a:1b:7e:dd:47:43:a2:2e:8a:8c:bd:4e:43:26:34:81:
2d:16:6b:98:c6:e8:2e:71:c4:fb:cb:a6:b6:bc:ab:73:04:58:
7d:00:de:58:c4:1b:52:44:21:68:41:37:6c:8a:f6:a0:c3:73:
00:09:80:f2:16:77:2b:a9:c4:b2:7e:58:b4:76:b3:54:4f:81:
31:db:97:75:3e:35:e4:32:a5:a4:5c:d1:24:fd:bc:e9:0d:4a:
37:54:3f:0e:fb:37:c1:56:30:9b:ae:a4:15:ad:91:6c:bd:48:
fc:8d:cd:37:5b:91:a8:58:9f:8a:c8:3d:56:b5:ea:bd:53:f9:
23:32:fa:53:eb:9f:98:d1:68:d8:a7:40:31:f3:7f:1d:b7:70:
df:84:3c:3d:28:94:56:24:37:59:46:02:23:19:dc:d3:2b:79:
77:91:73:43
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICS60wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkx
MTUzMzJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFGMkE2MDE0RjdBQjFD
NzJDQzIzQUQwRkFBOTA2RDAxNEQ1OTY5QUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDF6b48xmUFQHyzseO5ZvO5y/clhokbTrqB1pDf5Igw2ngLPze+
Z1Qrsi7AdCq14bbfWjdM2jjaZz6l8njL05myZgTIaS8gEZC9fpQanLF95BbSEMbg
ijIPaxCeFVsvx6MK/9FE0rEzvyZ+xdt9cJz+EC8OmBjPKcEYc5at6buFuV3ZI7I4
j5ZouLmOEaXi6IXYYuRP55YL/DQHYgrJNfOSuNYDiHpB9432kUooovkQc4ih+NAS
p1VPAGBJeiSISZHxiRj7E2UyHzd8EoGNQjydmeJDgI6sDnxLrsNCnoqbOdAtVNeR
xgkyGfjlKWOTc2tBHn2EDraVtl8/IBeAvaKHAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUrypgFPerHHLMI60PqpBtAU1ZaaswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3J5cGdGUGVySEhMTUk2
MFBxcEJ0QVUxWmFhcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHiYdf1W7HjiMPar
rBbVRiMCIT7yvVCkceKw8WoGUALsR82Vn9H5L+LoMBTTVK0fjtDZC6WsMuE1nCRz
EyJQKIR+ZSXbq3r+uqAc8vGPjdX/5oKze5k36X4NJWsWaht+3UdDoi6KjL1OQyY0
gS0Wa5jG6C5xxPvLpra8q3MEWH0A3ljEG1JEIWhBN2yK9qDDcwAJgPIWdyupxLJ+
WLR2s1RPgTHbl3U+NeQypaRc0ST9vOkNSjdUPw77N8FWMJuupBWtkWy9SPyNzTdb
kahYn4rIPVa16r1T+SMy+lPrn5jRaNinQDHzfx23cN+EPD0olFYkN1lGAiMZ3NMr
eXeRc0M=
-----END CERTIFICATE-----
Generated at Sat May 17 23:38:36 2025 by rpki-client