Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/JMIFXg-dCb12wMCId06bpsrsB5E.roa
File: JMIFXg-dCb12wMCId06bpsrsB5E.roa (raw, json)
Hash identifier: svVuLjjnYqUvJu4fdyJbKul4SNSCGwMFcpZi0csmmk8=
Subject key identifier: 24:C2:05:5E:0F:9D:09:BD:76:C0:C0:88:77:4E:9B:A6:CA:EC:07:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DBD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JMIFXg-dCb12wMCId06bpsrsB5E.roa
Signing time: Thu 02 May 2024 05:53:42 +0000
ROA not before: Thu 02 May 2024 05:53:42 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19901 (0x4dbd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 05:53:42 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=24C2055E0F9D09BD76C0C088774E9BA6CAEC0791
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:c3:78:5f:3c:79:f8:f6:07:20:09:1b:16:d5:
41:cd:b4:55:b7:1e:b5:f7:8f:89:15:bf:3b:84:51:
41:86:1a:80:43:2b:bd:f8:b3:06:68:41:65:68:6f:
a5:35:a5:72:65:72:bb:26:22:7e:b6:a0:88:dc:d2:
93:c3:42:9b:73:ac:46:99:f0:a0:38:91:18:35:02:
df:f7:fb:ab:44:44:7c:8d:79:15:3b:8c:0f:2a:71:
b7:43:29:59:6b:42:59:e5:84:0a:d6:af:4f:b3:0f:
db:76:4a:97:1d:c4:89:83:7f:23:ff:db:10:0e:bb:
48:69:bf:a1:ef:85:e1:fa:c8:64:6e:6c:a5:1c:34:
6f:2e:49:61:14:2f:c2:ab:25:6f:8d:9d:4c:3b:d5:
b3:0e:5a:0b:39:9d:57:e0:7b:34:d8:96:3a:5d:42:
cb:fc:c4:34:2c:06:f9:9a:8a:05:ab:38:58:2a:d3:
a5:42:89:d6:b7:23:50:f8:f1:aa:a4:28:76:f5:e9:
27:c5:20:04:e0:4a:15:81:b0:58:3a:6d:17:0a:22:
0e:45:d5:7f:8a:59:9d:a1:2c:31:ad:0d:24:11:d2:
8c:f6:3f:9d:b7:d5:c6:cc:b9:05:d7:81:c2:2e:0a:
9d:7c:1e:b0:0c:8c:de:fa:37:d3:1d:36:1a:0c:bd:
3b:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:C2:05:5E:0F:9D:09:BD:76:C0:C0:88:77:4E:9B:A6:CA:EC:07:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JMIFXg-dCb12wMCId06bpsrsB5E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
bb:11:70:86:c7:ae:9f:88:c6:26:30:5e:80:58:7b:f9:12:a1:
17:05:24:6f:e4:37:f4:30:e6:5a:7f:a3:a9:37:60:1e:e9:8c:
7f:20:64:ae:b1:9e:0a:a5:b5:30:77:9f:8d:df:c4:5a:df:fb:
46:04:98:a6:15:ba:a6:a8:b2:fc:65:72:fc:96:a5:0e:1a:2d:
a1:80:93:d0:e8:3e:52:9d:45:45:a1:f1:59:28:50:d0:5b:48:
ac:0b:28:58:f7:c7:e5:0f:f9:f5:bf:89:4d:63:53:3e:a3:d3:
2d:fb:4e:b4:11:61:04:df:79:2a:fd:d1:4e:84:7e:8f:03:09:
68:84:72:9b:34:f8:d4:2c:4a:f2:1b:fc:99:f3:0e:e6:b4:02:
9b:28:85:13:ba:66:db:3d:31:73:12:df:c3:5d:f7:09:4f:2c:
74:37:19:66:aa:93:b9:bd:16:5c:66:07:c0:48:6f:a1:10:42:
0c:09:d9:f6:e8:cd:15:ab:d0:68:7c:08:c5:0a:82:fe:d5:79:
38:24:c5:6f:76:10:56:2b:9c:c9:dd:89:fa:1d:94:3d:6f:0e:
b6:3f:59:87:e5:36:1c:6c:ec:56:51:e2:23:07:1b:54:ab:9a:
10:ce:ea:7e:d8:df:6b:8e:a8:fc:f7:fd:c7:1d:97:80:b9:d7:
a2:b1:c3:0a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTb0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
NTUzNDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI0QzIwNTVFMEY5RDA5
QkQ3NkMwQzA4ODc3NEU5QkE2Q0FFQzA3OTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpw3hfPHn49gcgCRsW1UHNtFW3HrX3j4kVvzuEUUGGGoBDK734
swZoQWVob6U1pXJlcrsmIn62oIjc0pPDQptzrEaZ8KA4kRg1At/3+6tERHyNeRU7
jA8qcbdDKVlrQlnlhArWr0+zD9t2SpcdxImDfyP/2xAOu0hpv6HvheH6yGRubKUc
NG8uSWEUL8KrJW+NnUw71bMOWgs5nVfgezTYljpdQsv8xDQsBvmaigWrOFgq06VC
ida3I1D48aqkKHb16SfFIATgShWBsFg6bRcKIg5F1X+KWZ2hLDGtDSQR0oz2P523
1cbMuQXXgcIuCp18HrAMjN76N9MdNhoMvTsvAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUJMIFXg+dCb12wMCId06bpsrsB5EwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0pNSUZYZy1kQ2IxMndN
Q0lkMDZicHNyc0I1RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALsRcIbHrp+IxiYw
XoBYe/kSoRcFJG/kN/Qw5lp/o6k3YB7pjH8gZK6xngqltTB3n43fxFrf+0YEmKYV
uqaosvxlcvyWpQ4aLaGAk9DoPlKdRUWh8VkoUNBbSKwLKFj3x+UP+fW/iU1jUz6j
0y37TrQRYQTfeSr90U6Efo8DCWiEcps0+NQsSvIb/JnzDua0ApsohRO6Zts9MXMS
38Nd9wlPLHQ3GWaqk7m9FlxmB8BIb6EQQgwJ2fbozRWr0Gh8CMUKgv7VeTgkxW92
EFYrnMndifodlD1vDrY/WYflNhxs7FZR4iMHG1SrmhDO6n7Y32uOqPz3/ccdl4C5
16Kxwwo=
-----END CERTIFICATE-----
Generated at Thu Jun 19 02:39:01 2025 by rpki-client