Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zHxuq2nQkNLh570RQ6xwvAKJNZU.roa
File: zHxuq2nQkNLh570RQ6xwvAKJNZU.roa (raw, json)
Hash identifier: 7q267hf2zh3Z2NAUcX8QA/o0XvfiPugfbPvVb05s+7E=
Subject key identifier: CC:7C:6E:AB:69:D0:90:D2:E1:E7:BD:11:43:AC:70:BC:02:89:35:95
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4D81
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zHxuq2nQkNLh570RQ6xwvAKJNZU.roa
Signing time: Wed 01 May 2024 22:23:40 +0000
ROA not before: Wed 01 May 2024 22:23:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19841 (0x4d81)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 22:23:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CC7C6EAB69D090D2E1E7BD1143AC70BC02893595
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:c3:bc:be:67:c9:d1:cc:d7:a7:77:76:51:49:
13:ed:cc:72:67:60:2a:7b:ec:cd:a5:4c:54:8c:cc:
a4:6b:8d:85:dd:49:da:cb:cd:0c:31:ba:34:d3:9b:
7b:f0:c6:54:31:f5:13:8b:7d:b6:bd:74:df:f7:a4:
8d:ed:1a:f0:c8:90:12:77:a3:08:ab:e0:1b:85:00:
39:c5:57:06:36:4f:a1:a3:33:44:3e:90:dd:5f:82:
62:79:0b:77:7f:42:20:38:f8:5d:c0:3e:72:09:3d:
64:84:5d:96:50:59:9a:2b:c7:a0:05:dd:25:ef:9b:
40:de:73:0a:40:be:da:ee:73:17:0f:a5:97:cb:51:
73:56:e4:77:ad:96:41:17:be:26:83:29:f3:6c:c1:
f5:ee:76:65:89:c0:67:4d:4c:84:b5:c5:b6:c5:2a:
69:fa:d2:d4:e3:3f:e6:94:0a:f7:33:52:60:f5:1f:
85:dd:21:07:1e:37:32:10:8c:69:1d:6f:9e:fd:5a:
81:87:81:93:38:2b:dc:38:5f:9a:b0:fc:68:fb:6d:
56:5f:13:df:48:a6:7b:ad:80:ce:1d:20:82:a3:c0:
7f:fa:69:28:a9:c8:f6:4b:a7:86:32:89:e8:e5:5b:
30:59:f3:a5:1e:c7:1f:8e:e3:9c:87:6e:b1:94:9b:
b9:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:7C:6E:AB:69:D0:90:D2:E1:E7:BD:11:43:AC:70:BC:02:89:35:95
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zHxuq2nQkNLh570RQ6xwvAKJNZU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
aa:96:8a:14:57:82:16:4f:0a:63:e4:6e:22:70:91:49:a7:12:
dc:a6:a3:06:ce:ba:84:9f:43:3a:c3:cd:28:54:75:7b:15:9b:
9d:40:f1:6f:1a:28:88:0d:37:98:f0:97:09:41:1f:76:47:18:
12:33:77:02:4b:47:99:15:cd:ac:ed:61:a8:08:9b:3c:f1:13:
4c:5f:10:29:52:8d:94:70:bc:73:3a:f1:3e:b0:82:eb:2f:2c:
84:af:9e:2c:62:51:fd:bc:21:4c:63:68:cf:f1:e0:c7:1f:8c:
eb:47:59:13:8f:f5:5b:67:75:4a:2b:3c:c2:40:c6:58:be:97:
08:63:65:63:50:f7:c0:13:f7:9d:85:36:12:4d:45:52:02:09:
3c:d7:84:a3:ad:27:0b:55:90:f7:06:f2:80:95:64:cf:71:de:
97:58:5d:2c:97:03:a9:34:4f:45:3f:2f:20:22:ec:73:46:0e:
47:3e:9f:2f:64:73:6f:89:19:3a:40:ff:ea:2d:2b:00:6a:ce:
e2:a1:c0:0f:4c:b7:25:6c:ec:f7:20:46:02:10:2c:59:68:31:
73:0d:06:d2:af:4e:c9:63:c4:df:8b:3e:12:0b:30:77:a9:46:
75:eb:11:ec:ab:cf:71:47:56:dd:13:b7:b7:9a:98:ce:17:81:
1e:35:e6:12
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTYEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEy
MjIzNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENDN0M2RUFCNjlEMDkw
RDJFMUU3QkQxMTQzQUM3MEJDMDI4OTM1OTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDpw7y+Z8nRzNend3ZRSRPtzHJnYCp77M2lTFSMzKRrjYXdSdrL
zQwxujTTm3vwxlQx9ROLfba9dN/3pI3tGvDIkBJ3owir4BuFADnFVwY2T6GjM0Q+
kN1fgmJ5C3d/QiA4+F3APnIJPWSEXZZQWZorx6AF3SXvm0DecwpAvtrucxcPpZfL
UXNW5HetlkEXviaDKfNswfXudmWJwGdNTIS1xbbFKmn60tTjP+aUCvczUmD1H4Xd
IQceNzIQjGkdb579WoGHgZM4K9w4X5qw/Gj7bVZfE99IpnutgM4dIIKjwH/6aSip
yPZLp4YyiejlWzBZ86Uexx+O45yHbrGUm7llAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUzHxuq2nQkNLh570RQ6xwvAKJNZUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pIeHVxMm5Ra05MaDU3
MFJRNnh3dkFLSk5aVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKqWihRXghZPCmPk
biJwkUmnEtymowbOuoSfQzrDzShUdXsVm51A8W8aKIgNN5jwlwlBH3ZHGBIzdwJL
R5kVzaztYagImzzxE0xfEClSjZRwvHM68T6wgusvLISvnixiUf28IUxjaM/x4Mcf
jOtHWROP9VtndUorPMJAxli+lwhjZWNQ98AT952FNhJNRVICCTzXhKOtJwtVkPcG
8oCVZM9x3pdYXSyXA6k0T0U/LyAi7HNGDkc+ny9kc2+JGTpA/+otKwBqzuKhwA9M
tyVs7PcgRgIQLFloMXMNBtKvTsljxN+LPhILMHepRnXrEeyrz3FHVt0Tt7eamM4X
gR415hI=
-----END CERTIFICATE-----
Generated at Sun May 18 22:40:34 2025 by rpki-client