Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3dPkkOCj_HQhBrj-HBQudQa_cz0.roa
File: 3dPkkOCj_HQhBrj-HBQudQa_cz0.roa (raw, json)
Hash identifier: Zt2xMs7fMmj+GefUZKUW9EiaUUnOkiWWCXN7vs7kLoo=
Subject key identifier: DD:D3:E4:90:E0:A3:FC:74:21:06:B8:FE:1C:14:2E:75:06:BF:73:3D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 52B1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3dPkkOCj_HQhBrj-HBQudQa_cz0.roa
Signing time: Wed 08 May 2024 20:23:55 +0000
ROA not before: Wed 08 May 2024 20:23:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21169 (0x52b1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 8 20:23:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DDD3E490E0A3FC742106B8FE1C142E7506BF733D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:13:4e:f5:99:bf:62:1c:1b:65:a2:e4:d8:27:
71:a3:9c:0a:0b:59:dd:8c:ea:a0:89:2e:fc:7d:a5:
b7:d5:c1:06:76:f2:a2:9f:86:d8:2d:8c:db:af:54:
63:11:07:68:c5:34:9a:5d:06:a3:e9:2e:87:9a:a9:
5f:2c:cc:74:db:c3:7e:87:7f:ba:c1:b4:9b:01:69:
b6:41:70:c3:f1:4c:c5:07:49:4a:0c:e6:62:4e:df:
96:54:6b:99:d0:d5:e4:f3:bb:23:1a:8d:69:8a:56:
e2:3a:b3:11:70:88:5c:c6:6a:c6:dd:7c:b3:7d:80:
a8:c3:1d:f4:63:0e:ae:ed:f2:f4:0e:95:cc:cb:16:
5b:a4:d0:0f:02:df:55:34:32:44:53:42:09:aa:e3:
70:6a:ed:69:53:1f:5d:b9:3c:a6:86:8b:43:8e:b3:
bd:bb:e0:bc:ee:7d:af:31:e8:a0:06:01:0d:11:4f:
12:d3:db:99:88:1e:58:1e:ac:97:89:27:3b:b6:97:
6b:8a:4e:73:e7:06:94:ce:68:c3:65:ac:51:3b:0f:
3d:99:d8:c0:90:d8:05:21:d5:56:50:45:1c:4c:70:
89:2f:7d:29:b9:8a:d1:fe:c3:61:45:4a:60:dd:7a:
33:f8:33:13:1d:51:9b:2b:63:b7:14:f3:bd:c4:7d:
25:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:D3:E4:90:E0:A3:FC:74:21:06:B8:FE:1C:14:2E:75:06:BF:73:3D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3dPkkOCj_HQhBrj-HBQudQa_cz0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
38:2d:79:09:3e:03:d5:83:cf:af:28:78:c1:05:8c:1f:c2:5a:
71:bc:e3:7a:ee:88:c3:df:85:f1:7c:74:3c:2c:60:e1:12:04:
cc:0b:ee:18:72:5d:04:7a:61:ea:75:72:e7:0f:a7:6e:99:3a:
a2:99:1b:7c:9a:b2:ed:b1:41:38:47:ce:69:ed:09:db:c7:ae:
cd:d6:05:20:15:7f:c5:f0:9e:48:06:13:2e:5d:03:12:6c:1c:
52:78:00:68:ef:e4:2d:84:76:d6:74:48:fd:83:6e:93:f8:fa:
0c:54:d5:0d:b3:eb:16:41:82:61:70:d1:68:f1:e5:b7:47:12:
bc:73:55:34:78:b2:4e:5e:1e:4a:64:0e:9d:0e:d6:75:f4:1b:
4d:eb:e5:2d:bb:84:99:fd:63:bc:16:bb:ae:1a:34:ce:22:80:
e0:e2:f2:a6:93:37:48:46:87:4d:a3:98:1d:4b:25:27:b7:6f:
3b:87:fd:7f:86:f8:70:13:36:f7:08:1d:97:32:d3:4a:13:1e:
53:8d:00:2a:a3:d3:99:90:67:68:a8:88:0a:60:bb:0a:d9:68:
de:20:99:59:7b:15:9d:12:49:4f:43:cd:e1:82:0b:74:93:7b:
32:74:64:b2:5e:eb:0b:b3:21:bc:3c:fb:5d:bd:69:eb:85:4b:
ec:09:09:bd
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUrEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDgy
MDIzNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERERDNFNDkwRTBBM0ZD
NzQyMTA2QjhGRTFDMTQyRTc1MDZCRjczM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2E071mb9iHBtlouTYJ3GjnAoLWd2M6qCJLvx9pbfVwQZ28qKf
htgtjNuvVGMRB2jFNJpdBqPpLoeaqV8szHTbw36Hf7rBtJsBabZBcMPxTMUHSUoM
5mJO35ZUa5nQ1eTzuyMajWmKVuI6sxFwiFzGasbdfLN9gKjDHfRjDq7t8vQOlczL
Fluk0A8C31U0MkRTQgmq43Bq7WlTH125PKaGi0OOs7274Lzufa8x6KAGAQ0RTxLT
25mIHlgerJeJJzu2l2uKTnPnBpTOaMNlrFE7Dz2Z2MCQ2AUh1VZQRRxMcIkvfSm5
itH+w2FFSmDdejP4MxMdUZsrY7cU873EfSWRAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU3dPkkOCj/HQhBrj+HBQudQa/cz0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzNkUGtrT0NqX0hRaEJy
ai1IQlF1ZFFhX2N6MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADgteQk+A9WDz68o
eMEFjB/CWnG843ruiMPfhfF8dDwsYOESBMwL7hhyXQR6Yep1cucPp26ZOqKZG3ya
su2xQThHzmntCdvHrs3WBSAVf8XwnkgGEy5dAxJsHFJ4AGjv5C2EdtZ0SP2DbpP4
+gxU1Q2z6xZBgmFw0Wjx5bdHErxzVTR4sk5eHkpkDp0O1nX0G03r5S27hJn9Y7wW
u64aNM4igODi8qaTN0hGh02jmB1LJSe3bzuH/X+G+HATNvcIHZcy00oTHlONACqj
05mQZ2ioiApguwrZaN4gmVl7FZ0SSU9DzeGCC3STezJ0ZLJe6wuzIbw8+129aeuF
S+wJCb0=
-----END CERTIFICATE-----
Generated at Sun Jun 22 22:39:51 2025 by rpki-client