Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yEL5H9veXqeHDwSQmXaNeEu6Kx4.roa
File: yEL5H9veXqeHDwSQmXaNeEu6Kx4.roa (raw, json)
Hash identifier: pwtUaA4e6q952z0zhj6IExLg80t/HI3/3WCuUmi6LCc=
Subject key identifier: C8:42:F9:1F:DB:DE:5E:A7:87:0F:04:90:99:76:8D:78:4B:BA:2B:1E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 56B1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yEL5H9veXqeHDwSQmXaNeEu6Kx4.roa
Signing time: Tue 14 May 2024 04:24:08 +0000
ROA not before: Tue 14 May 2024 04:24:08 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22193 (0x56b1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 04:24:08 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C842F91FDBDE5EA7870F049099768D784BBA2B1E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:55:5e:0c:b3:4c:64:8d:4c:a7:d8:b6:90:bc:
a9:6b:8f:1d:27:c3:52:a7:bc:e8:a0:58:c9:44:46:
8a:e6:f3:a9:08:0f:4f:e7:d9:2b:5f:e4:52:b5:5a:
cd:b5:34:95:2e:6f:1a:24:05:1f:de:e5:ca:0d:ff:
8f:eb:e8:a9:b7:f5:61:5e:92:18:61:a3:e9:7f:d2:
c9:a3:4d:bc:bf:0f:ec:29:72:a2:1e:72:dc:0a:7e:
eb:fe:97:88:6a:50:26:0b:41:d1:0a:d4:e1:50:a9:
8c:b9:5d:78:6e:6b:37:5c:5b:ae:48:c4:6d:0b:3e:
89:ae:4c:9a:70:90:79:c1:fc:0f:65:4b:bf:a9:83:
9b:bc:5e:5a:7f:bf:22:95:c3:85:10:a5:53:15:1a:
52:92:11:09:2a:38:2b:31:ff:f9:84:41:db:fb:4f:
19:67:f4:e4:ad:0b:ef:a0:cb:c6:48:c2:1b:2f:a1:
eb:73:b7:17:2d:25:57:64:72:bf:e4:a9:34:cf:50:
f0:1d:1d:72:bb:74:65:0a:92:7f:24:dc:1f:ee:1a:
ec:ea:da:6c:81:73:b9:42:06:50:6d:27:3d:ec:e9:
3b:7b:df:7a:28:c1:52:0a:34:21:64:75:95:12:6f:
4d:bf:99:56:93:96:b8:f7:1e:f2:53:6f:eb:a9:ec:
71:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:42:F9:1F:DB:DE:5E:A7:87:0F:04:90:99:76:8D:78:4B:BA:2B:1E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yEL5H9veXqeHDwSQmXaNeEu6Kx4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
19:76:dd:43:2d:2e:31:cb:79:64:a6:32:0d:5c:55:ba:94:cc:
6d:6f:88:6d:33:a4:21:df:4f:49:bb:9c:da:75:c2:33:3c:fd:
92:05:36:da:8c:12:97:1b:2d:db:d6:8a:c7:89:20:53:1a:21:
05:98:e4:73:fd:62:e3:ba:97:85:3d:6a:13:1e:8d:af:3e:a3:
08:0f:1f:9d:a6:89:71:43:d9:2a:fd:12:f3:0e:73:71:da:e6:
57:94:0d:8d:32:84:3b:96:dd:9c:83:d1:14:1b:6b:ef:cf:cd:
cb:af:3b:7c:f9:1c:7c:6f:6f:07:29:0e:1e:34:08:f5:6e:a3:
e0:ac:b3:47:4c:41:8d:a1:7f:f7:26:7a:f7:94:73:eb:aa:88:
03:34:72:e3:4e:1c:f8:df:d7:b2:fb:cd:94:c0:cf:20:6e:39:
66:a3:e4:9e:3c:40:54:cf:75:4c:30:e4:a4:b9:b2:a2:ff:71:
48:60:74:37:7f:82:00:ed:8c:91:3a:e5:58:fe:9f:71:3b:ef:
8e:71:47:15:07:5a:2a:e2:92:eb:5e:e4:e7:dc:a0:81:5f:9a:
3e:37:93:06:d5:35:a3:0f:43:8a:5d:e4:ab:0c:8c:93:bb:1d:
1b:b7:c6:94:24:21:c2:aa:92:92:4a:66:25:86:e6:89:fd:63:
f9:57:d5:8f
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVrEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQw
NDI0MDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM4NDJGOTFGREJERTVF
QTc4NzBGMDQ5MDk5NzY4RDc4NEJCQTJCMUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKVV4Ms0xkjUyn2LaQvKlrjx0nw1KnvOigWMlERorm86kID0/n
2Stf5FK1Ws21NJUubxokBR/e5coN/4/r6Km39WFekhhho+l/0smjTby/D+wpcqIe
ctwKfuv+l4hqUCYLQdEK1OFQqYy5XXhuazdcW65IxG0LPomuTJpwkHnB/A9lS7+p
g5u8Xlp/vyKVw4UQpVMVGlKSEQkqOCsx//mEQdv7Txln9OStC++gy8ZIwhsvoetz
txctJVdkcr/kqTTPUPAdHXK7dGUKkn8k3B/uGuzq2myBc7lCBlBtJz3s6Tt733oo
wVIKNCFkdZUSb02/mVaTlrj3HvJTb+up7HGnAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUyEL5H9veXqeHDwSQmXaNeEu6Kx4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3lFTDVIOXZlWHFlSER3
U1FtWGFOZUV1Nkt4NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABl23UMtLjHLeWSm
Mg1cVbqUzG1viG0zpCHfT0m7nNp1wjM8/ZIFNtqMEpcbLdvWiseJIFMaIQWY5HP9
YuO6l4U9ahMeja8+owgPH52miXFD2Sr9EvMOc3Ha5leUDY0yhDuW3ZyD0RQba+/P
zcuvO3z5HHxvbwcpDh40CPVuo+Css0dMQY2hf/cmeveUc+uqiAM0cuNOHPjf17L7
zZTAzyBuOWaj5J48QFTPdUww5KS5sqL/cUhgdDd/ggDtjJE65Vj+n3E7745xRxUH
Wirikute5OfcoIFfmj43kwbVNaMPQ4pd5KsMjJO7HRu3xpQkIcKqkpJKZiWG5on9
Y/lX1Y8=
-----END CERTIFICATE-----
Generated at Mon May 19 03:55:34 2025 by rpki-client