Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7FtBLmyUvgX_FEWqNqiBId-ssDk.roa
File: 7FtBLmyUvgX_FEWqNqiBId-ssDk.roa (raw, json)
Hash identifier: a9ED2QHmOCvLrYvehljgeJkwoaUjBddE+DGZzvmNrew=
Subject key identifier: EC:5B:41:2E:6C:94:BE:05:FF:14:45:AA:36:A8:81:21:DF:AC:B0:39
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 409D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7FtBLmyUvgX_FEWqNqiBId-ssDk.roa
Signing time: Sun 14 Apr 2024 17:52:53 +0000
ROA not before: Sun 14 Apr 2024 17:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16541 (0x409d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 17:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EC5B412E6C94BE05FF1445AA36A88121DFACB039
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:3a:74:93:7f:97:2e:31:39:cf:d5:57:bf:85:
c4:a3:46:a4:f0:a5:3d:ff:7c:94:d7:e6:ee:d6:ad:
0e:66:9b:53:f2:66:3b:1c:2c:9d:93:a0:7b:59:af:
30:3e:60:3a:7b:dc:00:d6:9c:29:e5:43:32:63:c4:
06:57:64:13:d7:81:b6:20:c4:ae:a3:03:e1:3c:59:
ab:cf:5e:fd:11:2d:77:15:6a:da:a9:ce:63:55:97:
17:4c:84:57:df:c2:a6:06:dc:19:e8:47:94:68:63:
1a:14:9c:fa:62:1c:aa:f4:0d:2f:6f:5c:08:b5:8d:
03:63:00:6d:33:90:7f:c8:6e:8e:6a:14:27:6f:1e:
fc:97:49:1b:4b:6b:ba:9f:61:f5:44:98:e8:34:80:
6e:45:37:30:94:65:f4:07:f1:5d:ab:e3:cb:80:b2:
bc:f8:94:73:aa:f3:ed:8a:f2:cb:24:f8:a9:9a:3b:
5f:ac:1a:b0:6a:f3:1b:75:f9:a2:53:c8:9e:21:a7:
dd:50:2e:33:26:a9:20:4a:22:6a:67:af:c8:4e:c8:
c0:db:d1:e3:4f:c3:1b:e8:4a:46:c8:67:73:fe:d7:
a2:30:aa:6d:25:0f:db:e6:61:50:8f:0a:7f:96:73:
47:a1:11:62:d2:b6:d7:14:5b:a6:aa:78:d9:6a:c3:
2a:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:5B:41:2E:6C:94:BE:05:FF:14:45:AA:36:A8:81:21:DF:AC:B0:39
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7FtBLmyUvgX_FEWqNqiBId-ssDk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
01:af:5d:19:71:1c:08:9c:57:d6:99:00:2d:f8:e7:b4:c1:69:
18:13:79:e6:2d:19:33:64:63:97:6a:b7:4e:0d:8e:ab:42:fc:
94:bf:f2:6d:4f:6f:5c:61:fc:cb:cd:73:88:56:65:64:1f:1f:
e0:03:1f:03:ec:ba:a9:f7:ba:12:da:e0:d5:5d:02:e5:66:b0:
92:52:3b:8f:77:46:32:88:e8:a8:45:77:57:40:06:b5:87:f5:
12:f8:f1:d6:02:fa:df:d4:aa:de:59:eb:6f:cd:e3:c9:f1:1e:
b4:da:ea:37:da:c0:e5:0b:14:24:ce:1a:65:34:fa:d1:e5:ce:
e1:25:26:26:51:f6:9b:27:eb:85:a0:59:64:1d:81:f3:a9:61:
60:39:b4:57:03:16:91:e0:e9:1f:6c:77:af:46:9c:b8:2b:04:
d7:a6:ca:7f:3c:f6:d8:9b:8d:bb:b5:ef:ed:a3:b5:89:6c:26:
fe:ec:8a:20:4c:a1:c5:68:9f:ca:1e:a4:37:41:4c:d1:a5:05:
a4:74:ea:1b:63:05:0a:8b:60:9b:0c:c7:a0:19:0d:54:12:d7:
66:cd:ee:fc:3a:6f:b8:e0:1d:fb:af:21:7a:3a:e9:ae:cd:23:
2e:b3:d5:d9:f2:72:c0:34:40:7d:2a:de:af:96:a8:df:7e:dc:
b2:ae:2c:c9
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQJ0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQx
NzUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVDNUI0MTJFNkM5NEJF
MDVGRjE0NDVBQTM2QTg4MTIxREZBQ0IwMzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbOnSTf5cuMTnP1Ve/hcSjRqTwpT3/fJTX5u7WrQ5mm1PyZjsc
LJ2ToHtZrzA+YDp73ADWnCnlQzJjxAZXZBPXgbYgxK6jA+E8WavPXv0RLXcVatqp
zmNVlxdMhFffwqYG3BnoR5RoYxoUnPpiHKr0DS9vXAi1jQNjAG0zkH/Ibo5qFCdv
HvyXSRtLa7qfYfVEmOg0gG5FNzCUZfQH8V2r48uAsrz4lHOq8+2K8ssk+KmaO1+s
GrBq8xt1+aJTyJ4hp91QLjMmqSBKImpnr8hOyMDb0eNPwxvoSkbIZ3P+16Iwqm0l
D9vmYVCPCn+Wc0ehEWLSttcUW6aqeNlqwyqBAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU7FtBLmyUvgX/FEWqNqiBId+ssDkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdGdEJMbXlVdmdYX0ZF
V3FOcWlCSWQtc3NEay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAGvXRlxHAicV9aZ
AC3457TBaRgTeeYtGTNkY5dqt04NjqtC/JS/8m1Pb1xh/MvNc4hWZWQfH+ADHwPs
uqn3uhLa4NVdAuVmsJJSO493RjKI6KhFd1dABrWH9RL48dYC+t/Uqt5Z62/N48nx
HrTa6jfawOULFCTOGmU0+tHlzuElJiZR9psn64WgWWQdgfOpYWA5tFcDFpHg6R9s
d69GnLgrBNemyn889tibjbu17+2jtYlsJv7siiBMocVon8oepDdBTNGlBaR06htj
BQqLYJsMx6AZDVQS12bN7vw6b7jgHfuvIXo66a7NIy6z1dnycsA0QH0q3q+WqN9+
3LKuLMk=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:33:35 2025 by rpki-client