Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/FZOtaDZ1829EWX-WWThMWSgsB2Q.roa
File: FZOtaDZ1829EWX-WWThMWSgsB2Q.roa (raw, json)
Hash identifier: d9X6UpdXOTYox2lEsD1w/gkd4s1RAL4c+9API5GDkHI=
Subject key identifier: 15:93:AD:68:36:75:F3:6F:44:59:7F:96:59:38:4C:59:28:2C:07:64
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4BBD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FZOtaDZ1829EWX-WWThMWSgsB2Q.roa
Signing time: Mon 29 Apr 2024 13:53:51 +0000
ROA not before: Mon 29 Apr 2024 13:53:51 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19389 (0x4bbd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 13:53:51 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1593AD683675F36F44597F9659384C59282C0764
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:1a:d5:42:cf:6b:28:11:e9:01:2a:8b:bd:e6:
5c:9d:0a:2e:0b:64:dc:d9:08:60:2e:90:49:93:20:
af:27:0f:0b:f7:a5:cc:28:72:4a:7c:3b:7a:72:fb:
5c:df:e3:8d:ce:b8:b1:d7:bb:94:07:77:9f:44:18:
5d:ff:9a:f1:fd:0a:e6:48:19:23:8a:98:8b:c5:8b:
61:53:92:9a:9e:4d:f2:14:b0:e6:ab:c5:b0:48:51:
63:8d:a6:42:30:81:b3:3c:8c:a6:a1:30:1d:41:96:
4e:17:3e:4d:a9:7d:76:4d:82:0e:33:60:3e:93:86:
5a:e9:9f:ef:24:f8:2e:f8:85:2a:d7:63:38:b7:8a:
73:9c:51:6b:1f:29:42:05:36:79:3d:ae:0e:b0:1d:
25:10:13:b7:3c:54:e0:1e:ff:66:6b:7d:ed:30:85:
f0:2d:f0:c5:e1:8c:4f:0c:36:fe:0b:10:ad:ba:d6:
47:6f:2a:76:04:e9:9a:76:7e:6d:40:6e:48:76:eb:
91:b9:6c:c1:e6:e8:1d:68:08:e3:c6:6c:62:de:59:
03:1d:f8:bf:d1:ef:0c:db:43:8b:67:59:12:63:08:
70:73:cc:ba:3a:f4:00:4f:d4:02:87:d0:e3:31:68:
54:a9:29:81:e4:36:16:b4:3d:f6:af:8a:f4:34:54:
ac:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:93:AD:68:36:75:F3:6F:44:59:7F:96:59:38:4C:59:28:2C:07:64
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FZOtaDZ1829EWX-WWThMWSgsB2Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
69:65:b6:26:70:72:48:3a:83:d7:fd:c8:73:30:ab:08:a8:94:
48:0c:3c:f3:05:65:f7:0d:0c:a0:13:ef:8e:b6:2b:47:47:5d:
e1:b2:ec:05:06:44:7b:77:89:81:ee:1e:c1:4c:ec:a5:b5:4a:
78:bd:d9:5c:05:4a:ad:c8:70:94:66:0c:1e:ff:48:3e:0e:17:
af:68:2a:15:1b:b1:fd:0e:f3:a1:34:e3:04:42:1d:00:3a:a6:
e4:57:e2:9d:b4:d9:0e:27:fc:db:c0:4c:b4:5e:48:4c:15:dc:
54:46:6a:a9:4e:4e:81:ae:50:dd:ca:63:1e:a7:76:a4:fe:af:
26:07:92:34:2a:7a:6c:64:f1:e3:70:07:23:b5:65:62:8a:fb:
ff:e7:53:0d:c6:4a:a6:e0:96:a9:63:13:c4:a3:96:73:92:c4:
a6:3d:c7:d8:94:8e:bd:9b:c8:e6:59:50:00:0c:e8:02:5e:a1:
9d:62:8f:fe:72:54:a9:e7:12:55:b5:46:72:46:85:3e:17:ec:
8f:e9:80:e3:e8:c8:5e:b8:e1:05:a4:1e:43:d0:71:17:7f:2a:
45:c4:4c:3c:d3:5a:15:9b:b6:ef:5c:8d:c9:e0:31:9f:e7:36:
4e:c4:3f:de:be:91:4f:cb:b5:90:75:ed:e6:bb:7d:4b:23:12:
04:45:82:fd
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICS70wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkx
MzUzNTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE1OTNBRDY4MzY3NUYz
NkY0NDU5N0Y5NjU5Mzg0QzU5MjgyQzA3NjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRGtVCz2soEekBKou95lydCi4LZNzZCGAukEmTIK8nDwv3pcwo
ckp8O3py+1zf443OuLHXu5QHd59EGF3/mvH9CuZIGSOKmIvFi2FTkpqeTfIUsOar
xbBIUWONpkIwgbM8jKahMB1Blk4XPk2pfXZNgg4zYD6Thlrpn+8k+C74hSrXYzi3
inOcUWsfKUIFNnk9rg6wHSUQE7c8VOAe/2Zrfe0whfAt8MXhjE8MNv4LEK261kdv
KnYE6Zp2fm1Abkh265G5bMHm6B1oCOPGbGLeWQMd+L/R7wzbQ4tnWRJjCHBzzLo6
9ABP1AKH0OMxaFSpKYHkNha0PfavivQ0VKwpAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUFZOtaDZ1829EWX+WWThMWSgsB2QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ZaT3RhRFoxODI5RVdY
LVdXVGhNV1Nnc0IyUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGlltiZwckg6g9f9
yHMwqwiolEgMPPMFZfcNDKAT7462K0dHXeGy7AUGRHt3iYHuHsFM7KW1Sni92VwF
Sq3IcJRmDB7/SD4OF69oKhUbsf0O86E04wRCHQA6puRX4p202Q4n/NvATLReSEwV
3FRGaqlOToGuUN3KYx6ndqT+ryYHkjQqemxk8eNwByO1ZWKK+//nUw3GSqbglqlj
E8SjlnOSxKY9x9iUjr2byOZZUAAM6AJeoZ1ij/5yVKnnElW1RnJGhT4X7I/pgOPo
yF644QWkHkPQcRd/KkXETDzTWhWbtu9cjcngMZ/nNk7EP96+kU/LtZB17ea7fUsj
EgRFgv0=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:00:37 2025 by rpki-client