Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xxz10SoCJ1GQmE6JrWJC1Owb5yE.roa
File: xxz10SoCJ1GQmE6JrWJC1Owb5yE.roa (raw, json)
Hash identifier: X/GLLPdmhAVLyQSOE51QGvkH2fDj3oy3cPVkz03mB+s=
Subject key identifier: C7:1C:F5:D1:2A:02:27:51:90:98:4E:89:AD:62:42:D4:EC:1B:E7:21
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 419D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xxz10SoCJ1GQmE6JrWJC1Owb5yE.roa
Signing time: Tue 16 Apr 2024 01:52:54 +0000
ROA not before: Tue 16 Apr 2024 01:52:54 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16797 (0x419d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 01:52:54 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C71CF5D12A02275190984E89AD6242D4EC1BE721
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:4b:c3:40:ee:df:8e:fd:02:43:1e:cd:da:21:
c3:da:e2:61:3f:49:94:8c:de:5e:e7:e5:e0:f3:f2:
84:7b:7f:ae:81:52:6b:75:11:5b:a1:6e:33:88:11:
f5:f0:bd:9b:27:ea:9f:bf:0e:cc:5d:02:0c:84:10:
17:1a:d1:72:96:06:28:ed:50:6a:3c:6f:53:fc:7c:
54:d1:46:45:e1:c7:8b:2a:66:91:d5:8a:5f:32:a3:
84:1e:f7:31:78:ef:a0:35:22:c9:bd:ba:d8:51:c0:
11:c3:e3:35:9f:37:44:64:4c:84:26:35:e7:56:c3:
38:fc:97:ad:1f:33:26:cb:ca:14:df:e3:3d:f1:2f:
98:0e:54:8c:60:ac:83:08:5c:f6:6b:d1:67:fd:66:
9e:2a:16:4e:e5:38:ed:f5:aa:b0:c3:3c:7f:d6:1d:
29:e8:51:66:87:00:51:5c:80:89:2b:2e:9c:e4:1c:
99:05:fa:ce:52:f9:ac:b1:da:f7:64:3f:12:b6:6a:
7d:65:27:0a:80:cf:2b:ef:60:52:90:fa:60:80:e9:
de:f7:0b:2d:49:de:6c:75:a8:24:0f:fe:d9:ac:b5:
80:c5:36:2e:ff:bc:76:dc:ae:ec:70:4a:e0:55:c3:
28:d6:f8:42:d9:40:8f:c2:05:ad:1b:66:7f:5d:d4:
d3:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:1C:F5:D1:2A:02:27:51:90:98:4E:89:AD:62:42:D4:EC:1B:E7:21
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xxz10SoCJ1GQmE6JrWJC1Owb5yE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
2a:3f:65:ca:b2:76:4b:06:5a:23:be:ba:91:91:79:05:22:3f:
e5:c9:bc:17:77:a3:d4:44:4e:73:8b:fb:aa:36:49:8b:cc:fc:
e3:13:b8:9a:c1:70:e7:8f:78:ea:24:0a:84:8e:d2:de:21:ae:
52:f2:3e:4d:5b:d2:27:dd:df:38:27:a4:e5:b3:0f:7d:f6:c6:
c2:90:71:ec:8e:62:7c:da:c7:a0:26:7d:96:96:26:de:d3:47:
30:d7:1b:69:af:63:68:11:b0:5d:80:d8:7a:7d:8c:8a:c6:cc:
4f:94:4e:be:1a:3e:7f:4c:70:1a:f8:9f:57:af:71:1c:08:d7:
32:73:f0:d0:56:1b:0e:ce:c4:11:7d:7e:17:c4:c2:59:39:b1:
03:91:fc:15:28:8f:68:4f:81:78:e9:02:ff:3c:23:f2:39:a6:
11:7e:46:fc:ca:8c:90:67:12:0e:77:7c:b0:a4:6f:5c:69:bb:
7d:df:ab:6e:f2:b9:b0:67:d4:af:07:c2:c0:93:cf:f9:fe:cd:
c2:27:f7:63:48:a5:00:82:fb:1d:08:e5:9f:28:eb:89:65:aa:
65:5b:3c:33:ea:d7:8d:5a:17:d4:1f:64:94:a8:7b:12:ae:fd:
a4:cb:02:17:3d:5c:81:23:21:f0:87:5f:59:97:3b:ea:6f:b1:
e4:b2:e3:55
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQZ0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYw
MTUyNTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM3MUNGNUQxMkEwMjI3
NTE5MDk4NEU4OUFENjI0MkQ0RUMxQkU3MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDES8NA7t+O/QJDHs3aIcPa4mE/SZSM3l7n5eDz8oR7f66BUmt1
EVuhbjOIEfXwvZsn6p+/DsxdAgyEEBca0XKWBijtUGo8b1P8fFTRRkXhx4sqZpHV
il8yo4Qe9zF476A1Ism9uthRwBHD4zWfN0RkTIQmNedWwzj8l60fMybLyhTf4z3x
L5gOVIxgrIMIXPZr0Wf9Zp4qFk7lOO31qrDDPH/WHSnoUWaHAFFcgIkrLpzkHJkF
+s5S+ayx2vdkPxK2an1lJwqAzyvvYFKQ+mCA6d73Cy1J3mx1qCQP/tmstYDFNi7/
vHbcruxwSuBVwyjW+ELZQI/CBa0bZn9d1NOZAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUxxz10SoCJ1GQmE6JrWJC1Owb5yEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3h4ejEwU29DSjFHUW1F
NkpyV0pDMU93YjV5RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACo/ZcqydksGWiO+
upGReQUiP+XJvBd3o9RETnOL+6o2SYvM/OMTuJrBcOePeOokCoSO0t4hrlLyPk1b
0ifd3zgnpOWzD332xsKQceyOYnzax6AmfZaWJt7TRzDXG2mvY2gRsF2A2Hp9jIrG
zE+UTr4aPn9McBr4n1evcRwI1zJz8NBWGw7OxBF9fhfEwlk5sQOR/BUoj2hPgXjp
Av88I/I5phF+RvzKjJBnEg53fLCkb1xpu33fq27yubBn1K8HwsCTz/n+zcIn92NI
pQCC+x0I5Z8o64llqmVbPDPq141aF9QfZJSoexKu/aTLAhc9XIEjIfCHX1mXO+pv
seSy41U=
-----END CERTIFICATE-----
Generated at Sun May 18 23:04:19 2025 by rpki-client