Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zBNwPAhQaRAWQ01AOWrFlCI3qJk.roa
File: zBNwPAhQaRAWQ01AOWrFlCI3qJk.roa (raw, json)
Hash identifier: MGqR4dmOcIDWHiywE9y3DlQrO+/odWJoAo9kcaGEF2w=
Subject key identifier: CC:13:70:3C:08:50:69:10:16:43:4D:40:39:6A:C5:94:22:37:A8:99
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E6D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zBNwPAhQaRAWQ01AOWrFlCI3qJk.roa
Signing time: Fri 03 May 2024 03:53:43 +0000
ROA not before: Fri 03 May 2024 03:53:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20077 (0x4e6d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 03:53:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CC13703C0850691016434D40396AC5942237A899
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:cb:97:b7:f1:ad:af:7a:1d:e4:c1:b0:91:21:
3c:9b:b8:97:d1:97:af:cc:fc:5b:70:5a:be:e2:64:
2a:d4:f8:fa:16:5a:0b:9d:09:00:cc:be:18:16:88:
4c:e5:b3:77:26:ee:8d:9a:45:fe:df:e4:13:b3:be:
f5:8b:2a:25:75:34:ed:f1:75:ed:1e:99:9d:37:ee:
a9:e0:e2:04:03:5e:ad:57:a0:a4:6e:15:cb:bd:36:
d3:6c:f1:38:b1:62:b4:57:7d:0f:50:0c:36:9d:5f:
8e:16:f0:50:4d:d7:3c:70:46:88:5f:a3:9f:71:69:
81:f3:e5:a2:bc:0c:5d:6f:53:8d:27:08:d2:3c:79:
78:41:b3:44:54:19:92:51:ba:36:3b:fd:68:da:86:
76:08:8e:e5:9d:07:3c:90:87:4b:71:38:e2:cf:db:
8d:ec:a4:3f:28:96:b1:77:7f:bb:74:27:15:31:3f:
f3:38:05:0a:d4:7f:e2:12:e9:5e:82:21:ea:e3:af:
7f:d3:99:6b:e1:e5:63:84:f4:a2:ef:18:c6:af:08:
4c:fc:54:80:2a:95:e0:8e:3e:ab:97:fd:20:0b:99:
49:60:f2:68:c6:da:46:dc:f1:5a:0a:4d:16:66:fe:
37:f5:18:d3:f7:8d:65:2f:22:cf:ab:0f:4f:17:e0:
89:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:13:70:3C:08:50:69:10:16:43:4D:40:39:6A:C5:94:22:37:A8:99
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zBNwPAhQaRAWQ01AOWrFlCI3qJk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
0c:41:08:3b:97:6b:2c:3e:ba:66:a4:a4:69:74:96:2e:bd:89:
d8:dc:fd:c9:ca:48:78:1e:cb:52:a1:d1:ae:c6:d3:bf:9f:a1:
f7:63:d8:87:6e:3f:29:e9:03:f3:f3:b1:47:61:84:b3:2f:d0:
84:eb:94:69:3a:64:e2:92:b5:2e:c6:e7:aa:d7:c3:63:91:f0:
93:e4:35:b5:dc:64:5b:d3:d9:00:39:94:e9:e1:e7:06:77:3b:
df:55:cf:40:81:19:03:41:f1:31:c2:fa:53:69:ce:4d:29:24:
7a:8c:b0:16:76:e9:b1:50:34:84:a0:19:dd:4a:08:ab:8b:8a:
06:25:b0:a1:47:60:cf:99:6d:d7:9e:80:45:77:e2:cf:d7:d3:
fe:c5:0d:27:3c:61:18:cb:ce:e6:e4:19:f0:63:81:14:50:2b:
a0:c4:e6:09:78:ee:1a:4a:f1:3f:2d:3a:38:1b:e4:82:7d:9a:
43:27:a3:a9:87:8d:ae:66:60:5f:ed:43:b6:54:03:22:ea:dd:
6d:93:22:2d:1d:ea:71:8d:42:05:76:9e:1e:d2:5a:ff:63:a5:
01:19:8d:41:83:84:cc:b2:33:42:8f:4f:1e:f5:04:c6:ec:ab:
4c:07:e2:c3:94:f6:e5:db:ce:3c:74:04:60:c5:67:e2:f0:cd:
ee:1a:14:46
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTm0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMw
MzUzNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENDMTM3MDNDMDg1MDY5
MTAxNjQzNEQ0MDM5NkFDNTk0MjIzN0E4OTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfy5e38a2veh3kwbCRITybuJfRl6/M/FtwWr7iZCrU+PoWWgud
CQDMvhgWiEzls3cm7o2aRf7f5BOzvvWLKiV1NO3xde0emZ037qng4gQDXq1XoKRu
Fcu9NtNs8TixYrRXfQ9QDDadX44W8FBN1zxwRohfo59xaYHz5aK8DF1vU40nCNI8
eXhBs0RUGZJRujY7/WjahnYIjuWdBzyQh0txOOLP243spD8olrF3f7t0JxUxP/M4
BQrUf+IS6V6CIerjr3/TmWvh5WOE9KLvGMavCEz8VIAqleCOPquX/SALmUlg8mjG
2kbc8VoKTRZm/jf1GNP3jWUvIs+rD08X4Ik9AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUzBNwPAhQaRAWQ01AOWrFlCI3qJkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pCTndQQWhRYVJBV1Ew
MUFPV3JGbENJM3FKay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAxBCDuXayw+umak
pGl0li69idjc/cnKSHgey1Kh0a7G07+fofdj2IduPynpA/PzsUdhhLMv0ITrlGk6
ZOKStS7G56rXw2OR8JPkNbXcZFvT2QA5lOnh5wZ3O99Vz0CBGQNB8THC+lNpzk0p
JHqMsBZ26bFQNISgGd1KCKuLigYlsKFHYM+ZbdeegEV34s/X0/7FDSc8YRjLzubk
GfBjgRRQK6DE5gl47hpK8T8tOjgb5IJ9mkMno6mHja5mYF/tQ7ZUAyLq3W2TIi0d
6nGNQgV2nh7SWv9jpQEZjUGDhMyyM0KPTx71BMbsq0wH4sOU9uXbzjx0BGDFZ+Lw
ze4aFEY=
-----END CERTIFICATE-----
Generated at Sun May 18 02:03:57 2025 by rpki-client