Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tXFtnL9wiLPVjZSQz66iWLRhJkI.roa
File: tXFtnL9wiLPVjZSQz66iWLRhJkI.roa (raw, json)
Hash identifier: XRTXtK68q2NX9po4e+Rd1QaWTiium+i7iVy+QYdk5ac=
Subject key identifier: B5:71:6D:9C:BF:70:88:B3:D5:8D:94:90:CF:AE:A2:58:B4:61:26:42
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5095
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tXFtnL9wiLPVjZSQz66iWLRhJkI.roa
Signing time: Mon 06 May 2024 00:54:05 +0000
ROA not before: Mon 06 May 2024 00:54:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20629 (0x5095)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 00:54:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B5716D9CBF7088B3D58D9490CFAEA258B4612642
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:b2:e9:d2:10:4d:bf:43:e4:9f:3e:7d:3d:09:
81:d4:7b:11:7e:44:fd:bd:b5:3c:ba:55:6a:a7:b3:
a5:f9:c0:5a:3b:53:dc:6e:c2:a2:03:ac:3a:00:6b:
ae:f8:61:fc:ef:6f:1c:9f:82:a5:3f:a7:af:0b:8b:
56:dc:8a:a1:11:70:6d:3f:3b:5e:71:06:25:7c:f5:
18:2a:d4:5b:8e:0e:fc:03:77:86:8e:25:17:9f:9f:
ed:1e:03:08:32:e3:0c:fb:00:90:8d:e5:c3:16:e8:
92:0c:48:d2:2a:ce:ca:82:2f:c8:d2:4f:c1:f4:41:
12:81:cf:b1:c6:a0:db:c3:d4:68:60:ba:ec:07:a5:
1f:2e:03:58:c9:47:69:da:cd:ca:7d:8d:1a:0c:b1:
60:68:0e:1a:43:a6:43:fb:05:6d:22:d7:16:71:38:
76:ef:b3:6f:41:64:78:e1:b0:59:64:fe:f4:11:ca:
b4:15:3d:04:2e:4a:3e:14:9f:7c:0e:c5:a5:22:1d:
25:b8:8a:59:bf:9f:cd:2c:d0:20:1c:9b:05:09:8e:
17:56:fb:71:69:c8:e5:39:06:18:35:f7:06:46:87:
24:1d:53:64:f1:15:3b:43:27:51:e4:2c:6e:9d:25:
06:7e:69:12:83:f2:96:fc:55:87:58:56:7d:6a:d0:
5c:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:71:6D:9C:BF:70:88:B3:D5:8D:94:90:CF:AE:A2:58:B4:61:26:42
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tXFtnL9wiLPVjZSQz66iWLRhJkI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
4b:6c:f9:27:11:12:a6:43:d7:fb:ac:bc:11:1a:5d:c9:2f:e7:
ed:ff:d9:30:7c:33:48:c5:05:13:b1:6a:0f:ff:65:00:26:0a:
cc:68:27:ee:2b:b0:06:09:94:2d:57:be:d4:61:7e:0e:60:d4:
15:a4:cd:be:f9:d9:2e:f5:61:ce:ba:a2:e0:e1:e2:85:6f:f6:
c6:11:6a:2f:b1:7f:8b:08:03:55:8e:1c:e3:5e:80:83:9f:9b:
2f:57:18:08:87:b1:15:8c:47:27:5e:bb:83:ec:95:f2:74:a2:
3e:43:fe:3c:9d:0c:5a:9a:e4:a9:1a:74:d9:47:58:ef:ae:53:
a4:a5:23:0d:a5:a7:ef:63:6b:4f:8b:7d:7b:05:50:18:67:34:
84:34:a5:af:6d:c2:68:ba:cb:e3:d8:1e:93:7d:6f:09:b6:42:
93:21:04:6e:c7:3d:18:28:74:80:39:0e:80:1e:a2:8c:9a:18:
a6:f0:8e:98:57:3b:c4:27:63:29:80:ea:c9:c3:b7:87:f4:08:
33:c4:4b:d2:fd:12:f9:2c:25:91:ff:b9:fe:11:51:ad:d0:66:
e0:e7:df:c5:62:4b:35:94:45:3d:0d:ab:b1:9c:c4:e0:c3:51:
f4:05:f2:89:9a:41:dc:26:d8:0c:d4:8d:64:f1:9e:62:ed:8e:
93:20:db:1a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUJUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYw
MDU0MDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI1NzE2RDlDQkY3MDg4
QjNENThEOTQ5MENGQUVBMjU4QjQ2MTI2NDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6sunSEE2/Q+SfPn09CYHUexF+RP29tTy6VWqns6X5wFo7U9xu
wqIDrDoAa674YfzvbxyfgqU/p68Li1bciqERcG0/O15xBiV89Rgq1FuODvwDd4aO
JRefn+0eAwgy4wz7AJCN5cMW6JIMSNIqzsqCL8jST8H0QRKBz7HGoNvD1GhguuwH
pR8uA1jJR2nazcp9jRoMsWBoDhpDpkP7BW0i1xZxOHbvs29BZHjhsFlk/vQRyrQV
PQQuSj4Un3wOxaUiHSW4ilm/n80s0CAcmwUJjhdW+3FpyOU5Bhg19wZGhyQdU2Tx
FTtDJ1HkLG6dJQZ+aRKD8pb8VYdYVn1q0FyfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUtXFtnL9wiLPVjZSQz66iWLRhJkIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RYRnRuTDl3aUxQVmpa
U1F6NjZpV0xSaEprSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEts+ScREqZD1/us
vBEaXckv5+3/2TB8M0jFBROxag//ZQAmCsxoJ+4rsAYJlC1XvtRhfg5g1BWkzb75
2S71Yc66ouDh4oVv9sYRai+xf4sIA1WOHONegIOfmy9XGAiHsRWMRydeu4PslfJ0
oj5D/jydDFqa5KkadNlHWO+uU6SlIw2lp+9ja0+LfXsFUBhnNIQ0pa9twmi6y+PY
HpN9bwm2QpMhBG7HPRgodIA5DoAeooyaGKbwjphXO8QnYymA6snDt4f0CDPES9L9
EvksJZH/uf4RUa3QZuDn38ViSzWURT0Nq7GcxODDUfQF8omaQdwm2AzUjWTxnmLt
jpMg2xo=
-----END CERTIFICATE-----
Generated at Sat May 17 22:38:17 2025 by rpki-client