Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wXlrLDzKeUAhQXbYVxR8lz7Y4tk.roa
File: wXlrLDzKeUAhQXbYVxR8lz7Y4tk.roa (raw, json)
Hash identifier: MHZd9fUcVT8kfxCAEg/Ewpg+bfoe5TgxGJjr34nQIwc=
Subject key identifier: C1:79:6B:2C:3C:CA:79:40:21:41:76:D8:57:14:7C:97:3E:D8:E2:D9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3D09
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wXlrLDzKeUAhQXbYVxR8lz7Y4tk.roa
Signing time: Tue 09 Apr 2024 23:22:38 +0000
ROA not before: Tue 09 Apr 2024 23:22:38 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15625 (0x3d09)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 23:22:38 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C1796B2C3CCA7940214176D857147C973ED8E2D9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:da:1d:85:00:d7:13:c0:82:48:2b:ee:7d:93:
a6:18:93:0a:92:bf:3c:87:a7:88:52:5f:4f:ae:1c:
8c:53:9b:ce:c0:64:44:b0:44:6d:54:52:4a:bf:fa:
0f:f2:40:cc:3f:8d:9a:33:c3:98:50:63:28:b4:bf:
ea:64:6b:8c:82:6a:a2:57:2c:36:8b:f4:6a:87:d2:
a3:db:05:0b:86:a6:4e:02:78:64:b3:14:30:6f:72:
dc:a8:c2:93:18:a3:e0:db:1b:0c:51:de:98:c4:04:
da:92:cf:95:a3:af:e3:b7:28:cf:28:c9:8e:33:16:
5d:81:d1:74:bf:4e:4d:2f:43:33:e7:dc:c2:1a:ce:
81:55:ba:2f:31:b1:97:4c:b5:32:9e:ed:3d:81:df:
02:45:30:b2:f0:26:7e:76:ab:54:ca:8b:85:4e:09:
b5:12:86:41:46:9a:71:13:55:ec:de:65:5d:2a:b7:
c6:ec:49:94:9b:06:5a:6e:07:8e:e5:9f:be:c9:23:
1d:b3:94:2c:55:80:dc:d8:4b:06:8a:54:03:2a:fc:
79:96:a7:3b:ab:df:d7:48:af:f6:5c:0f:bd:c3:f3:
32:c9:b9:9d:27:11:eb:5f:21:cf:4c:e4:cf:46:c4:
df:be:1e:94:c9:2e:5b:08:27:df:88:86:af:b9:a7:
b0:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:79:6B:2C:3C:CA:79:40:21:41:76:D8:57:14:7C:97:3E:D8:E2:D9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wXlrLDzKeUAhQXbYVxR8lz7Y4tk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
77:94:25:fa:3c:c1:e6:9e:9e:19:49:fe:96:9f:dc:b4:c1:16:
8d:7c:f4:cc:f4:be:60:a5:66:c6:47:de:55:9e:aa:17:84:cd:
40:38:9c:c0:a7:39:99:62:50:aa:55:3b:70:5d:8a:41:3b:ff:
c0:96:aa:b2:4b:7f:c3:81:48:24:6f:f1:b9:dd:6d:c7:fd:5f:
2e:ea:ec:fd:8a:24:fb:fc:6b:d9:0a:72:6f:c1:05:b5:03:af:
e0:14:eb:45:45:e9:78:0d:f7:50:02:84:bb:c2:7f:f4:69:df:
d5:d2:16:36:ac:c6:05:d5:89:90:73:71:1c:9b:7f:7d:4b:24:
2d:4b:8d:ee:95:04:e6:3e:2d:b8:e4:2b:02:c3:12:7d:04:b1:
b6:3c:06:ac:a8:57:15:b3:b4:32:8a:21:8a:f0:6f:19:66:6a:
e1:e5:4f:17:ae:9d:bf:7d:04:1f:3f:2a:4f:d8:df:4d:5f:78:
eb:25:68:8f:13:0d:c7:b0:e4:ad:73:aa:06:67:63:06:53:5f:
31:25:39:61:3c:64:a1:df:6e:e1:6d:0f:a9:1d:7b:60:3b:d6:
5a:58:f3:10:ff:51:8e:12:9b:a4:6d:32:00:38:a4:63:8d:24:
25:82:52:a8:00:fa:57:69:b8:fd:d0:15:bb:e7:ea:6e:77:b2:
a0:f4:bd:e7
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPQkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDky
MzIyMzhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEMxNzk2QjJDM0NDQTc5
NDAyMTQxNzZEODU3MTQ3Qzk3M0VEOEUyRDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDn2h2FANcTwIJIK+59k6YYkwqSvzyHp4hSX0+uHIxTm87AZESw
RG1UUkq/+g/yQMw/jZozw5hQYyi0v+pka4yCaqJXLDaL9GqH0qPbBQuGpk4CeGSz
FDBvctyowpMYo+DbGwxR3pjEBNqSz5Wjr+O3KM8oyY4zFl2B0XS/Tk0vQzPn3MIa
zoFVui8xsZdMtTKe7T2B3wJFMLLwJn52q1TKi4VOCbUShkFGmnETVezeZV0qt8bs
SZSbBlpuB47ln77JIx2zlCxVgNzYSwaKVAMq/HmWpzur39dIr/ZcD73D8zLJuZ0n
EetfIc9M5M9GxN++HpTJLlsIJ9+Ihq+5p7B3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUwXlrLDzKeUAhQXbYVxR8lz7Y4tkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dYbHJMRHpLZVVBaFFY
YllWeFI4bHo3WTR0ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHeUJfo8weaenhlJ
/paf3LTBFo189Mz0vmClZsZH3lWeqheEzUA4nMCnOZliUKpVO3BdikE7/8CWqrJL
f8OBSCRv8bndbcf9Xy7q7P2KJPv8a9kKcm/BBbUDr+AU60VF6XgN91AChLvCf/Rp
39XSFjasxgXViZBzcRybf31LJC1Lje6VBOY+LbjkKwLDEn0EsbY8BqyoVxWztDKK
IYrwbxlmauHlTxeunb99BB8/Kk/Y301feOslaI8TDcew5K1zqgZnYwZTXzElOWE8
ZKHfbuFtD6kde2A71lpY8xD/UY4Sm6RtMgA4pGONJCWCUqgA+ldpuP3QFbvn6m53
sqD0vec=
-----END CERTIFICATE-----
Generated at Sat May 17 22:56:39 2025 by rpki-client