Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AgvDreRDwyxuO7GQ88YshyaV_TU.roa
File: AgvDreRDwyxuO7GQ88YshyaV_TU.roa (raw, json)
Hash identifier: VxQ0UOqdvac5kA4A+WrpsTAVRavrHxvUppGi25gs0k8=
Subject key identifier: 02:0B:C3:AD:E4:43:C3:2C:6E:3B:B1:90:F3:C6:2C:87:26:95:FD:35
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54F1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AgvDreRDwyxuO7GQ88YshyaV_TU.roa
Signing time: Sat 11 May 2024 20:24:03 +0000
ROA not before: Sat 11 May 2024 20:24:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21745 (0x54f1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 20:24:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=020BC3ADE443C32C6E3BB190F3C62C872695FD35
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:e4:4f:79:18:6c:de:cd:9c:7b:34:64:3d:e2:
74:74:97:43:54:fa:47:94:f3:42:72:1a:ff:37:10:
ce:ee:c0:4f:c9:44:e5:75:6f:85:8c:08:d7:ff:ca:
78:8f:f9:30:31:02:85:3c:18:85:79:27:45:c7:f3:
06:36:f9:bb:ce:c2:59:9e:a6:2a:09:cc:05:f5:32:
3b:58:92:d6:6c:86:8f:66:bc:21:80:f2:22:2a:db:
f0:4c:cb:ef:1a:2d:57:16:7b:7e:55:65:22:39:31:
1a:57:5b:97:b0:a4:75:6b:06:dc:90:ba:b6:b0:79:
3a:ed:f4:3a:75:a1:bc:c0:de:1d:b2:3a:e4:5d:d2:
93:ea:fd:4f:40:7a:27:b3:a2:57:6d:ec:de:13:c8:
a3:85:ed:76:22:44:41:fb:25:36:f6:bf:be:40:cf:
85:f7:a7:9c:a9:d9:d2:e6:88:0d:ba:7b:e4:c5:20:
3e:22:4d:bc:75:9a:e5:99:c6:98:71:cc:3a:e9:72:
62:01:7a:91:bf:cd:9f:20:ca:ff:a6:04:fc:d8:0f:
08:7a:32:72:78:23:a1:0b:d3:c3:dd:a5:be:e0:2e:
f8:ea:f1:9a:9f:1f:e9:ae:da:00:88:99:b7:15:ae:
38:1b:9d:bf:bd:e5:6e:c2:29:44:5d:bc:79:9c:eb:
e1:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:0B:C3:AD:E4:43:C3:2C:6E:3B:B1:90:F3:C6:2C:87:26:95:FD:35
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AgvDreRDwyxuO7GQ88YshyaV_TU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
0b:18:3b:7b:c8:01:e2:d3:c9:1c:fc:73:a1:2b:14:51:2c:ff:
14:2e:ad:84:a1:f9:b8:97:a5:56:3f:3d:0d:a3:9d:3c:10:27:
34:a9:f8:16:81:b4:f1:c3:84:29:69:1f:e6:1a:ec:d5:a3:9b:
9b:04:18:77:4a:9c:9c:02:d3:da:c7:68:76:cd:c0:2c:17:64:
3a:13:5c:54:7a:9f:e3:a7:9c:31:92:22:a9:51:a0:01:26:4e:
fb:86:4b:5f:69:2d:34:96:6c:0f:55:ba:f5:9e:c9:c5:25:32:
08:83:13:39:d6:b5:ed:e9:ce:10:b8:d4:01:22:20:ec:c1:f9:
04:25:94:33:f9:67:ea:31:b8:72:7c:6d:13:27:56:5c:1c:ba:
37:a4:3a:c1:83:d6:3f:84:52:cd:3f:99:1c:46:8b:bd:b7:3b:
a6:f8:9c:a8:13:b5:48:fe:98:35:5a:35:f8:3d:a3:70:e2:32:
29:87:48:d5:c6:25:6b:30:37:1a:bf:0d:a0:0f:84:21:dc:29:
ef:8d:b2:42:b2:06:68:32:38:ea:10:f4:a9:23:81:c9:0f:8f:
d5:7a:6a:a5:26:ab:4a:81:b9:8e:4c:ef:26:1d:10:57:84:5a:
50:3e:85:2e:69:f3:4c:88:16:a9:f1:fc:23:3b:08:17:c1:d4:
79:18:5c:31
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVPEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEy
MDI0MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAyMEJDM0FERTQ0M0Mz
MkM2RTNCQjE5MEYzQzYyQzg3MjY5NUZEMzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDS5E95GGzezZx7NGQ94nR0l0NU+keU80JyGv83EM7uwE/JROV1
b4WMCNf/yniP+TAxAoU8GIV5J0XH8wY2+bvOwlmepioJzAX1MjtYktZsho9mvCGA
8iIq2/BMy+8aLVcWe35VZSI5MRpXW5ewpHVrBtyQuraweTrt9Dp1obzA3h2yOuRd
0pPq/U9Aeiezoldt7N4TyKOF7XYiREH7JTb2v75Az4X3p5yp2dLmiA26e+TFID4i
Tbx1muWZxphxzDrpcmIBepG/zZ8gyv+mBPzYDwh6MnJ4I6EL08Pdpb7gLvjq8Zqf
H+mu2gCImbcVrjgbnb+95W7CKURdvHmc6+EZAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUAgvDreRDwyxuO7GQ88YshyaV/TUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FndkRyZVJEd3l4dU83
R1E4OFlzaHlhVl9UVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAsYO3vIAeLTyRz8
c6ErFFEs/xQurYSh+biXpVY/PQ2jnTwQJzSp+BaBtPHDhClpH+Ya7NWjm5sEGHdK
nJwC09rHaHbNwCwXZDoTXFR6n+OnnDGSIqlRoAEmTvuGS19pLTSWbA9VuvWeycUl
MgiDEznWte3pzhC41AEiIOzB+QQllDP5Z+oxuHJ8bRMnVlwcujekOsGD1j+EUs0/
mRxGi723O6b4nKgTtUj+mDVaNfg9o3DiMimHSNXGJWswNxq/DaAPhCHcKe+NskKy
BmgyOOoQ9KkjgckPj9V6aqUmq0qBuY5M7yYdEFeEWlA+hS5p80yIFqnx/CM7CBfB
1HkYXDE=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:12:26 2025 by rpki-client