Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zb3UTyA4-vh0VJv2j7GE8sOp8xg.roa
File: zb3UTyA4-vh0VJv2j7GE8sOp8xg.roa (raw, json)
Hash identifier: 7jof9Xtpt8XlKdjMJj6iFW44UG3Z3lQaRCQt0bWFU44=
Subject key identifier: CD:BD:D4:4F:20:38:FA:F8:74:54:9B:F6:8F:B1:84:F2:C3:A9:F3:18
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3BB9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zb3UTyA4-vh0VJv2j7GE8sOp8xg.roa
Signing time: Mon 08 Apr 2024 05:22:34 +0000
ROA not before: Mon 08 Apr 2024 05:22:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15289 (0x3bb9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 05:22:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CDBDD44F2038FAF874549BF68FB184F2C3A9F318
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:04:f9:b1:ac:0f:dd:be:83:f8:c6:ab:76:f8:
02:79:0e:98:67:65:1a:4a:3b:62:eb:c7:ed:86:60:
d3:b3:4f:e4:b8:35:2a:0e:da:e8:c7:94:2f:e4:de:
4b:5b:de:50:72:5e:be:bc:93:e3:86:d9:c6:8c:6f:
62:79:53:46:3b:aa:4c:f8:02:b2:4f:1d:c9:aa:fc:
ff:a0:0c:ba:88:80:49:fb:4c:31:46:b1:17:bc:79:
98:06:aa:2f:b5:d7:a1:62:47:d6:53:31:3b:c5:ed:
0f:a8:cc:5f:0a:db:71:57:09:14:f8:89:c9:cf:d3:
54:ae:8f:c0:0e:3e:06:8d:0a:bf:70:b5:5d:31:84:
02:f9:da:03:d2:1f:96:ca:78:5a:31:b5:e2:7a:57:
50:90:7b:16:8e:15:70:b5:b6:7d:fa:b1:eb:0b:ca:
85:bb:93:15:cb:53:45:b3:ae:10:3f:c3:7c:80:81:
e9:86:50:78:a6:8b:f6:24:65:4f:6d:4a:62:de:90:
a6:0d:6d:ae:0e:da:02:0a:b4:e5:c2:a5:93:3d:2d:
0a:75:55:c3:4b:0a:88:6d:54:67:8b:82:5f:f8:41:
3e:8e:43:03:60:a5:a9:bd:b5:d7:23:3e:d2:5c:15:
e6:6f:b9:57:f9:d5:3a:fa:3d:97:48:1d:0e:94:bc:
cf:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:BD:D4:4F:20:38:FA:F8:74:54:9B:F6:8F:B1:84:F2:C3:A9:F3:18
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zb3UTyA4-vh0VJv2j7GE8sOp8xg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
15:6d:1f:26:ca:8d:05:43:5c:cb:14:17:62:c9:0f:e4:75:25:
2b:ec:54:cf:65:23:1e:d2:20:45:b5:4c:df:7f:cb:df:f6:f5:
bd:23:9c:4c:c9:72:2f:72:5f:de:7d:a3:62:c6:ea:d6:f1:51:
94:14:ae:54:33:51:03:fd:f2:ca:6c:20:60:e6:ee:65:fa:1b:
5f:ec:b9:0d:9d:85:1d:39:d4:31:3d:83:1d:79:5b:0a:5b:69:
68:33:a4:88:d9:95:a9:c6:ca:eb:13:42:10:06:45:68:49:b3:
f2:e8:63:8d:17:50:8a:d5:b2:83:c3:51:d2:fd:a5:ad:2c:93:
20:14:68:39:fc:2a:7c:c0:1a:ed:77:38:38:74:d9:fa:da:42:
c7:0d:02:cb:3e:1c:33:24:42:68:39:2b:75:b2:0d:95:b1:d7:
82:1a:c2:d6:8a:da:76:2b:da:e8:0a:ff:ef:30:65:95:46:45:
87:88:37:95:1a:32:4b:27:94:69:b6:c2:07:c9:1f:62:b2:d6:
d7:29:9b:7c:00:1e:03:3b:14:30:ca:84:48:8b:82:f1:1f:74:
47:0a:2d:50:07:b6:b8:7b:03:f2:99:2b:ec:55:54:98:1e:88:
2d:03:e1:ab:21:0f:3e:d2:9c:54:61:47:da:64:d1:84:7d:a7:
d3:11:0b:3a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICO7kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgw
NTIyMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENEQkRENDRGMjAzOEZB
Rjg3NDU0OUJGNjhGQjE4NEYyQzNBOUYzMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6BPmxrA/dvoP4xqt2+AJ5DphnZRpKO2Lrx+2GYNOzT+S4NSoO
2ujHlC/k3ktb3lByXr68k+OG2caMb2J5U0Y7qkz4ArJPHcmq/P+gDLqIgEn7TDFG
sRe8eZgGqi+116FiR9ZTMTvF7Q+ozF8K23FXCRT4icnP01Suj8AOPgaNCr9wtV0x
hAL52gPSH5bKeFoxteJ6V1CQexaOFXC1tn36sesLyoW7kxXLU0WzrhA/w3yAgemG
UHimi/YkZU9tSmLekKYNba4O2gIKtOXCpZM9LQp1VcNLCohtVGeLgl/4QT6OQwNg
pam9tdcjPtJcFeZvuVf51Tr6PZdIHQ6UvM/3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUzb3UTyA4+vh0VJv2j7GE8sOp8xgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3piM1VUeUE0LXZoMFZK
djJqN0dFOHNPcDh4Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABVtHybKjQVDXMsU
F2LJD+R1JSvsVM9lIx7SIEW1TN9/y9/29b0jnEzJci9yX959o2LG6tbxUZQUrlQz
UQP98spsIGDm7mX6G1/suQ2dhR051DE9gx15WwpbaWgzpIjZlanGyusTQhAGRWhJ
s/LoY40XUIrVsoPDUdL9pa0skyAUaDn8KnzAGu13ODh02fraQscNAss+HDMkQmg5
K3WyDZWx14IawtaK2nYr2ugK/+8wZZVGRYeIN5UaMksnlGm2wgfJH2Ky1tcpm3wA
HgM7FDDKhEiLgvEfdEcKLVAHtrh7A/KZK+xVVJgeiC0D4ashDz7SnFRhR9pk0YR9
p9MRCzo=
-----END CERTIFICATE-----
Generated at Sat May 17 19:37:53 2025 by rpki-client