Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xUtjV2aT-nXqch59DEuwWDuVnyY.roa
File: xUtjV2aT-nXqch59DEuwWDuVnyY.roa (raw, json)
Hash identifier: 5VrzQinnT4bZ5GvwYExE1AesqznE92nTr7pSBi937e8=
Subject key identifier: C5:4B:63:57:66:93:FA:75:EA:72:1E:7D:0C:4B:B0:58:3B:95:9F:26
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3CC9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xUtjV2aT-nXqch59DEuwWDuVnyY.roa
Signing time: Tue 09 Apr 2024 15:22:37 +0000
ROA not before: Tue 09 Apr 2024 15:22:37 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15561 (0x3cc9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 15:22:37 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C54B63576693FA75EA721E7D0C4BB0583B959F26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:4b:7d:9a:b7:94:bc:41:81:ba:7b:dd:88:6e:
ef:2e:0d:19:c1:99:44:9e:96:f0:d3:28:8c:ad:73:
29:18:90:c4:7b:f6:b8:80:83:90:b4:76:54:e7:e0:
ab:20:cf:ae:fa:84:8a:4d:a3:33:8b:e0:af:ff:b6:
1d:f4:b7:cb:fa:7a:ea:2c:60:86:3e:a7:a8:5a:0e:
3b:79:b3:af:7f:db:97:25:e0:13:6c:98:b9:fd:16:
1d:ec:ff:97:15:d1:90:89:69:ff:8b:cd:f0:1e:de:
53:03:da:d8:be:f1:95:86:71:e0:31:b2:72:78:12:
67:ca:dd:b4:99:69:1d:8a:eb:d6:4e:e0:42:62:a8:
4e:7b:77:12:ae:fb:d0:cd:f8:2a:aa:11:4b:92:4a:
ab:a6:45:49:83:61:fb:67:e1:7e:36:20:f1:76:27:
36:46:c3:15:7b:a1:57:c0:14:55:9d:e6:be:72:d8:
38:69:8d:e4:91:da:37:aa:cd:7b:6a:43:46:34:22:
5e:89:6f:46:09:62:85:a3:2c:19:c3:8d:f9:26:c5:
43:1d:20:ae:ad:90:a9:ba:f4:9e:75:d8:89:c1:6d:
dc:c5:59:58:00:5a:49:99:74:32:9c:70:81:a5:6f:
2e:39:14:ac:dc:79:00:24:5b:2f:59:3a:11:46:7b:
b8:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:4B:63:57:66:93:FA:75:EA:72:1E:7D:0C:4B:B0:58:3B:95:9F:26
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xUtjV2aT-nXqch59DEuwWDuVnyY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
0f:4f:05:ad:1d:94:35:da:36:2e:af:27:12:9e:47:f7:2a:0d:
a1:85:c9:2a:0b:7e:f0:10:04:5a:87:62:62:c9:cd:25:59:1d:
7f:c0:84:e5:5d:78:a6:e9:44:f0:4d:26:4b:e0:49:e3:2e:5e:
46:d4:aa:67:a0:be:9c:6f:ba:7d:f6:40:06:f5:a1:c5:49:bd:
45:6f:bb:c3:02:8f:38:ff:81:f9:3d:62:5a:9d:57:a4:67:df:
69:41:db:c4:79:06:f1:af:43:2f:80:72:32:b7:77:6d:63:06:
c0:36:38:8e:65:a9:b5:f7:57:6a:5b:fa:11:ee:6e:de:8a:ea:
a4:26:32:47:70:de:57:13:c0:e3:b8:12:7e:bf:96:64:2c:d0:
8d:35:1d:24:32:99:d0:9f:c7:57:4f:fe:08:1b:ef:24:f9:60:
05:38:d4:b6:51:84:62:09:1e:75:ee:cd:54:61:45:b1:4c:b9:
f8:da:d1:9b:52:09:46:24:46:a9:83:9f:ef:13:6a:8a:f3:36:
6d:6e:31:a8:a8:96:d5:45:ee:5c:aa:75:b0:1c:39:cd:a4:16:
e7:5e:44:64:05:ae:50:17:49:68:0e:81:cb:bb:eb:92:3b:3e:
03:1f:ab:b7:df:50:92:50:a6:21:52:48:5d:2b:5b:be:bc:a6:
c2:f4:6e:aa
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPMkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkx
NTIyMzdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM1NEI2MzU3NjY5M0ZB
NzVFQTcyMUU3RDBDNEJCMDU4M0I5NTlGMjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0S32at5S8QYG6e92Ibu8uDRnBmUSelvDTKIytcykYkMR79riA
g5C0dlTn4Ksgz676hIpNozOL4K//th30t8v6euosYIY+p6haDjt5s69/25cl4BNs
mLn9Fh3s/5cV0ZCJaf+LzfAe3lMD2ti+8ZWGceAxsnJ4EmfK3bSZaR2K69ZO4EJi
qE57dxKu+9DN+CqqEUuSSqumRUmDYftn4X42IPF2JzZGwxV7oVfAFFWd5r5y2Dhp
jeSR2jeqzXtqQ0Y0Il6Jb0YJYoWjLBnDjfkmxUMdIK6tkKm69J512InBbdzFWVgA
WkmZdDKccIGlby45FKzceQAkWy9ZOhFGe7gJAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUxUtjV2aT+nXqch59DEuwWDuVnyYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hVdGpWMmFULW5YcWNo
NTlERXV3V0R1Vm55WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAA9PBa0dlDXaNi6v
JxKeR/cqDaGFySoLfvAQBFqHYmLJzSVZHX/AhOVdeKbpRPBNJkvgSeMuXkbUqmeg
vpxvun32QAb1ocVJvUVvu8MCjzj/gfk9YlqdV6Rn32lB28R5BvGvQy+AcjK3d21j
BsA2OI5lqbX3V2pb+hHubt6K6qQmMkdw3lcTwOO4En6/lmQs0I01HSQymdCfx1dP
/ggb7yT5YAU41LZRhGIJHnXuzVRhRbFMufja0ZtSCUYkRqmDn+8TaorzNm1uMaio
ltVF7lyqdbAcOc2kFudeRGQFrlAXSWgOgcu765I7PgMfq7ffUJJQpiFSSF0rW768
psL0bqo=
-----END CERTIFICATE-----
Generated at Sat May 17 21:23:39 2025 by rpki-client