Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zvQEWbArpWkiUwrYCm3WT3dp1lg.roa
File: zvQEWbArpWkiUwrYCm3WT3dp1lg.roa (raw, json)
Hash identifier: VAQ9pMlnUuHEcN2wqceqQgxolX5nKvSGBCXiPBZGSH8=
Subject key identifier: CE:F4:04:59:B0:2B:A5:69:22:53:0A:D8:0A:6D:D6:4F:77:69:D6:58
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3649
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zvQEWbArpWkiUwrYCm3WT3dp1lg.roa
Signing time: Sun 31 Mar 2024 23:22:15 +0000
ROA not before: Sun 31 Mar 2024 23:22:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13897 (0x3649)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 23:22:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CEF40459B02BA56922530AD80A6DD64F7769D658
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:2f:53:c9:32:36:ed:e0:77:6b:70:f4:ee:1d:
95:35:c8:1d:45:ca:0f:b7:25:c8:75:4f:5f:8a:aa:
75:12:b2:86:1d:84:13:23:a2:c5:8e:18:89:fa:a2:
7e:c9:f1:11:1e:f8:f5:55:8b:c0:f8:f7:a7:71:b0:
8c:cf:0f:7d:8d:a1:80:7d:89:7d:0d:19:93:08:fb:
d0:ca:7f:83:54:51:fe:3d:36:93:10:81:09:a9:82:
23:a3:14:c3:e6:22:1f:d5:33:83:03:91:12:25:fa:
26:f3:90:84:aa:b0:ed:ea:91:28:16:6f:e8:6e:67:
00:5f:8a:c8:b5:5b:40:67:9c:77:37:2a:61:e4:16:
72:2e:a5:d9:70:59:f9:fc:29:89:31:b4:c8:62:fd:
ae:69:85:83:60:09:68:bb:23:39:12:36:06:0a:b0:
3b:cf:86:ff:7e:a9:86:1b:ad:bc:d9:7c:10:dd:9f:
13:7a:3d:f0:8c:6a:24:36:3f:c5:50:bf:6f:48:81:
d2:0e:d0:82:39:7e:a9:a6:18:a7:31:7b:95:ae:db:
34:cd:d1:48:2c:6e:c9:ce:60:cb:c7:e0:c2:6a:5f:
ea:eb:8b:9c:c7:26:d3:ca:6c:57:77:f4:f8:f8:95:
60:12:58:9e:05:bf:8d:bd:c8:37:ed:27:31:ba:6e:
37:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:F4:04:59:B0:2B:A5:69:22:53:0A:D8:0A:6D:D6:4F:77:69:D6:58
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zvQEWbArpWkiUwrYCm3WT3dp1lg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
09:5f:d9:3c:fc:4e:18:12:e0:17:1f:4b:da:57:e7:79:5d:25:
12:a3:82:33:ca:79:15:26:9b:45:69:ce:05:5b:5f:e6:1c:0a:
e9:12:78:b9:2d:60:68:0b:7d:d9:f0:f1:88:24:1d:3c:b6:ac:
40:db:bd:b3:75:a6:f6:30:34:b5:2f:6a:73:0e:dc:49:2a:04:
83:97:e7:6e:d6:c8:91:37:02:03:1c:59:78:8f:a8:a3:7a:c3:
c2:60:65:cf:ab:55:ea:1e:ec:17:94:23:57:23:e8:81:42:46:
e9:53:57:a9:8f:fa:c6:16:52:4e:cb:de:0d:1d:ff:8c:a2:f3:
81:a5:a2:c7:9d:7f:08:72:3f:35:dc:45:9b:a4:42:14:1e:2d:
32:96:ca:d7:d2:76:cb:7e:37:65:57:81:15:07:2d:38:ad:7e:
a8:05:35:ff:82:bb:5f:97:25:4a:a1:70:28:10:0d:0b:57:19:
d6:08:45:40:7b:57:c2:48:08:7a:d1:9b:8a:0b:2d:5e:52:78:
3b:eb:b3:6e:45:96:a5:90:96:f6:12:f8:b8:93:db:3b:5a:10:
2d:e2:d0:d3:38:5d:4a:e8:47:18:b3:7d:f3:7f:4b:b0:d5:40:
23:a4:c8:f5:53:35:1c:b1:54:9a:10:0b:46:c8:17:a5:b2:7d:
05:7d:b6:5d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNkkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEy
MzIyMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENFRjQwNDU5QjAyQkE1
NjkyMjUzMEFEODBBNkRENjRGNzc2OUQ2NTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBL1PJMjbt4HdrcPTuHZU1yB1Fyg+3Jch1T1+KqnUSsoYdhBMj
osWOGIn6on7J8REe+PVVi8D496dxsIzPD32NoYB9iX0NGZMI+9DKf4NUUf49NpMQ
gQmpgiOjFMPmIh/VM4MDkRIl+ibzkISqsO3qkSgWb+huZwBfisi1W0BnnHc3KmHk
FnIupdlwWfn8KYkxtMhi/a5phYNgCWi7IzkSNgYKsDvPhv9+qYYbrbzZfBDdnxN6
PfCMaiQ2P8VQv29IgdIO0II5fqmmGKcxe5Wu2zTN0UgsbsnOYMvH4MJqX+rri5zH
JtPKbFd39Pj4lWASWJ4Fv429yDftJzG6bjf7AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUzvQEWbArpWkiUwrYCm3WT3dp1lgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3p2UUVXYkFycFdraVV3
cllDbTNXVDNkcDFsZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAlf2Tz8ThgS4Bcf
S9pX53ldJRKjgjPKeRUmm0VpzgVbX+YcCukSeLktYGgLfdnw8YgkHTy2rEDbvbN1
pvYwNLUvanMO3EkqBIOX527WyJE3AgMcWXiPqKN6w8JgZc+rVeoe7BeUI1cj6IFC
RulTV6mP+sYWUk7L3g0d/4yi84GlosedfwhyPzXcRZukQhQeLTKWytfSdst+N2VX
gRUHLTitfqgFNf+Cu1+XJUqhcCgQDQtXGdYIRUB7V8JICHrRm4oLLV5SeDvrs25F
lqWQlvYS+LiT2ztaEC3i0NM4XUroRxizffN/S7DVQCOkyPVTNRyxVJoQC0bIF6Wy
fQV9tl0=
-----END CERTIFICATE-----
Generated at Sat May 17 23:51:39 2025 by rpki-client