Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/s2gF8Rvu45VBc7pSD5bTIz2QCNg.roa
File: s2gF8Rvu45VBc7pSD5bTIz2QCNg.roa (raw, json)
Hash identifier: DmUm3e5g5qtXdn1qZ7awrRGXz3YpHHQxKInUxLUn07g=
Subject key identifier: B3:68:05:F1:1B:EE:E3:95:41:73:BA:52:0F:96:D3:23:3D:90:08:D8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4AB5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/s2gF8Rvu45VBc7pSD5bTIz2QCNg.roa
Signing time: Sun 28 Apr 2024 04:53:25 +0000
ROA not before: Sun 28 Apr 2024 04:53:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19125 (0x4ab5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 04:53:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B36805F11BEEE3954173BA520F96D3233D9008D8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:93:c8:16:4b:96:15:7e:f8:2d:be:c7:be:3d:
29:b6:eb:91:a2:34:c5:ec:4c:f8:cd:c2:f1:4e:79:
da:b3:87:68:d1:ed:f8:77:2d:2c:48:62:c3:3c:c1:
1f:23:fc:e0:0d:5c:fb:c7:e9:58:92:35:f4:f7:72:
aa:72:de:18:3e:30:0a:30:40:fd:80:e3:0a:94:57:
90:b3:d0:3e:9a:1d:10:24:ca:1d:e3:d4:41:94:96:
af:14:27:3a:23:8f:91:a9:88:3b:b6:78:20:95:c7:
4b:e1:19:ba:26:1f:7f:1d:63:4e:e6:74:b5:cd:57:
e2:5e:3c:64:75:39:9b:0e:88:1a:e9:79:1d:9b:16:
58:bc:df:ea:0d:0f:69:d1:38:5c:e9:d5:48:fc:b1:
0d:74:f2:9e:5b:bc:78:d2:ef:56:b6:a1:d3:94:d5:
f3:5f:c3:a0:ce:cf:36:bb:92:14:6f:27:74:2e:15:
2f:72:97:3e:45:60:27:7f:cd:be:2e:ba:8a:02:29:
2a:a8:b2:de:0f:82:4e:a9:d8:08:7e:92:f5:da:b7:
6f:5c:6a:38:27:2a:eb:e0:34:90:10:f2:ad:ad:0e:
72:72:00:70:70:8e:37:07:2a:45:6e:8b:2c:72:d0:
b8:2e:98:f9:99:0f:02:74:e2:f1:ad:b5:05:cf:a6:
a8:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:68:05:F1:1B:EE:E3:95:41:73:BA:52:0F:96:D3:23:3D:90:08:D8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/s2gF8Rvu45VBc7pSD5bTIz2QCNg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
4b:58:6b:af:de:95:31:86:e3:ec:26:85:89:63:c9:0e:1a:cd:
cb:bb:93:1c:2d:c6:a7:ee:45:46:89:6e:0b:3b:fd:72:b9:ba:
7e:8d:72:37:f0:62:b5:61:55:3f:71:27:1c:42:15:c2:63:55:
ce:68:2c:5b:d4:7f:0c:f4:c1:53:6e:29:be:38:23:ab:28:ac:
6a:9a:ed:56:01:04:f1:95:1a:e0:fc:42:bf:c4:ca:8b:44:08:
3e:14:94:05:de:60:d8:ab:9d:4a:c8:8f:5d:cf:45:cb:08:ac:
66:eb:99:9f:48:f2:e8:60:d1:6b:bc:68:6a:fd:09:0b:36:c6:
1a:20:35:d5:ce:af:76:33:10:61:b1:56:7d:5d:8d:8e:14:76:
40:cc:a9:ef:55:6f:b7:84:56:39:7f:7f:ca:77:70:fb:ee:88:
82:8c:ea:f6:a9:8c:dd:1e:60:92:f8:b2:9a:ca:6c:b0:47:fc:
b7:05:9e:96:08:08:72:5d:06:4e:dc:f8:4d:64:6e:b4:52:1a:
ee:5f:35:0a:db:b9:63:7f:8a:3e:02:85:b5:91:75:35:b8:d1:
c1:85:e3:19:8b:8a:cf:10:63:60:33:a6:83:25:5f:03:59:a0:
a7:38:30:73:07:24:0b:f2:a7:db:81:fe:bf:58:cf:77:c2:56:
58:94:29:40
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSrUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgw
NDUzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEIzNjgwNUYxMUJFRUUz
OTU0MTczQkE1MjBGOTZEMzIzM0Q5MDA4RDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIk8gWS5YVfvgtvse+PSm265GiNMXsTPjNwvFOedqzh2jR7fh3
LSxIYsM8wR8j/OANXPvH6ViSNfT3cqpy3hg+MAowQP2A4wqUV5Cz0D6aHRAkyh3j
1EGUlq8UJzojj5GpiDu2eCCVx0vhGbomH38dY07mdLXNV+JePGR1OZsOiBrpeR2b
Fli83+oND2nROFzp1Uj8sQ108p5bvHjS71a2odOU1fNfw6DOzza7khRvJ3QuFS9y
lz5FYCd/zb4uuooCKSqost4Pgk6p2Ah+kvXat29cajgnKuvgNJAQ8q2tDnJyAHBw
jjcHKkVuiyxy0LgumPmZDwJ04vGttQXPpqirAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUs2gF8Rvu45VBc7pSD5bTIz2QCNgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3MyZ0Y4UnZ1NDVWQmM3
cFNENWJUSXoyUUNOZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEtYa6/elTGG4+wm
hYljyQ4azcu7kxwtxqfuRUaJbgs7/XK5un6NcjfwYrVhVT9xJxxCFcJjVc5oLFvU
fwz0wVNuKb44I6sorGqa7VYBBPGVGuD8Qr/EyotECD4UlAXeYNirnUrIj13PRcsI
rGbrmZ9I8uhg0Wu8aGr9CQs2xhogNdXOr3YzEGGxVn1djY4UdkDMqe9Vb7eEVjl/
f8p3cPvuiIKM6vapjN0eYJL4sprKbLBH/LcFnpYICHJdBk7c+E1kbrRSGu5fNQrb
uWN/ij4ChbWRdTW40cGF4xmLis8QY2AzpoMlXwNZoKc4MHMHJAvyp9uB/r9Yz3fC
VliUKUA=
-----END CERTIFICATE-----
Generated at Sun May 18 04:48:53 2025 by rpki-client