Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/uMUCIbir9GTTf4iKYe1fL9Wwr14.roa
File: uMUCIbir9GTTf4iKYe1fL9Wwr14.roa (raw, json)
Hash identifier: QOWa01PG5hT+DQLmk7xxU1SvsWNCcFoYfKzR3sUR8h0=
Subject key identifier: B8:C5:02:21:B8:AB:F4:64:D3:7F:88:8A:61:ED:5F:2F:D5:B0:AF:5E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DC9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uMUCIbir9GTTf4iKYe1fL9Wwr14.roa
Signing time: Thu 02 May 2024 07:23:41 +0000
ROA not before: Thu 02 May 2024 07:23:41 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19913 (0x4dc9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 07:23:41 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B8C50221B8ABF464D37F888A61ED5F2FD5B0AF5E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:7e:87:38:a3:39:39:8f:d8:17:b7:06:50:c8:
93:b5:8e:99:44:aa:90:a6:0c:5a:6b:97:ce:09:e4:
e1:01:15:62:ec:03:87:7f:67:dd:85:b3:1f:b4:08:
df:97:a3:79:3c:88:1a:3a:04:f8:98:ac:11:2f:30:
fe:17:08:62:67:d0:16:53:42:66:5e:3c:45:ac:d4:
63:82:c7:f6:2a:86:fe:24:34:ae:3d:43:cc:55:43:
1b:4b:85:72:52:ac:fc:01:d2:87:e2:a4:7a:78:fe:
e0:a8:d9:4e:d9:33:a4:57:10:2a:7e:ca:60:5c:81:
17:a0:ac:40:d4:91:bb:45:4f:f4:e8:11:c1:84:9b:
63:5e:57:b5:3a:0f:d4:36:3d:6f:1a:2b:fa:fd:e2:
c0:d4:25:56:c1:30:5f:c9:e4:8a:52:38:2a:cb:45:
7c:f5:c4:29:82:13:0b:35:53:f0:c4:2e:d0:41:32:
9c:1b:67:1d:db:7e:b4:a9:19:7c:e0:1f:b3:3b:e6:
5a:99:38:92:07:4d:e4:37:b6:4c:73:3c:5b:2e:ea:
45:58:87:9b:24:41:07:e5:b7:88:f4:70:ef:96:12:
3e:c0:4c:d0:58:50:f7:35:e6:26:07:88:2f:68:e2:
71:b1:0c:4f:22:7d:50:bc:d0:91:b0:aa:ae:d8:2e:
1b:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:C5:02:21:B8:AB:F4:64:D3:7F:88:8A:61:ED:5F:2F:D5:B0:AF:5E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uMUCIbir9GTTf4iKYe1fL9Wwr14.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
96:78:aa:74:51:ec:20:8e:37:2f:4f:9a:02:e7:d9:39:9b:49:
7c:08:fd:dc:68:0a:8a:b2:78:2b:87:5c:06:49:ad:79:0c:48:
84:c6:4f:71:c4:50:bd:4e:f5:a7:87:e0:2d:db:18:8b:e1:c5:
b4:da:c5:dc:5c:20:d3:a8:9b:7c:5c:6f:be:c2:7a:e1:46:db:
fb:3b:fb:3e:70:86:5f:4d:45:b4:04:30:77:b8:6f:51:a3:61:
78:e9:0a:ab:f1:7c:47:a1:a1:ae:15:bb:ba:1f:78:83:89:2b:
77:a3:ee:e5:4b:d5:bd:7b:1d:63:ee:ce:7f:59:81:d8:da:db:
38:fe:d1:06:db:a5:49:35:46:44:d2:2a:17:d6:51:ca:28:49:
13:e6:67:ae:20:8e:86:d8:9a:9b:ce:de:9a:c4:3f:34:ff:ce:
92:74:d4:c6:1b:f1:00:f1:2f:eb:78:d8:51:83:bd:b7:6f:0c:
85:32:91:04:18:27:b1:20:8a:18:ca:c0:68:3e:b5:ee:30:a1:
e4:a0:c6:e7:aa:35:cc:4d:8b:e8:a2:2a:94:83:22:53:30:87:
99:f5:3a:65:44:70:2a:1b:89:4e:4f:17:7b:44:23:2f:97:cd:
e4:33:04:2c:28:88:0f:be:09:8d:39:f8:9b:cb:b7:09:b8:97:
05:b3:b3:88
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTckwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
NzIzNDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI4QzUwMjIxQjhBQkY0
NjREMzdGODg4QTYxRUQ1RjJGRDVCMEFGNUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDfoc4ozk5j9gXtwZQyJO1jplEqpCmDFprl84J5OEBFWLsA4d/
Z92Fsx+0CN+Xo3k8iBo6BPiYrBEvMP4XCGJn0BZTQmZePEWs1GOCx/Yqhv4kNK49
Q8xVQxtLhXJSrPwB0ofipHp4/uCo2U7ZM6RXECp+ymBcgRegrEDUkbtFT/ToEcGE
m2NeV7U6D9Q2PW8aK/r94sDUJVbBMF/J5IpSOCrLRXz1xCmCEws1U/DELtBBMpwb
Zx3bfrSpGXzgH7M75lqZOJIHTeQ3tkxzPFsu6kVYh5skQQflt4j0cO+WEj7ATNBY
UPc15iYHiC9o4nGxDE8ifVC80JGwqq7YLhuTAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUuMUCIbir9GTTf4iKYe1fL9Wwr14wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VNVUNJYmlyOUdUVGY0
aUtZZTFmTDlXd3IxNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJZ4qnRR7CCONy9P
mgLn2TmbSXwI/dxoCoqyeCuHXAZJrXkMSITGT3HEUL1O9aeH4C3bGIvhxbTaxdxc
INOom3xcb77CeuFG2/s7+z5whl9NRbQEMHe4b1GjYXjpCqvxfEehoa4Vu7ofeIOJ
K3ej7uVL1b17HWPuzn9Zgdja2zj+0QbbpUk1RkTSKhfWUcooSRPmZ64gjobYmpvO
3prEPzT/zpJ01MYb8QDxL+t42FGDvbdvDIUykQQYJ7EgihjKwGg+te4woeSgxueq
NcxNi+iiKpSDIlMwh5n1OmVEcCobiU5PF3tEIy+XzeQzBCwoiA++CY05+JvLtwm4
lwWzs4g=
-----END CERTIFICATE-----
Generated at Sat May 17 23:45:09 2025 by rpki-client