Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Mzlup5IMxRk5T2xvFvlnxBwlrn4.roa
File: Mzlup5IMxRk5T2xvFvlnxBwlrn4.roa (raw, json)
Hash identifier: 1l3xRRV3Sn3+wEdjZzBwe81y3gy1B8KJ+YbToppL8jE=
Subject key identifier: 33:39:6E:A7:92:0C:C5:19:39:4F:6C:6F:16:F9:67:C4:1C:25:AE:7E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C01
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Mzlup5IMxRk5T2xvFvlnxBwlrn4.roa
Signing time: Mon 08 Apr 2024 14:22:34 +0000
ROA not before: Mon 08 Apr 2024 14:22:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15361 (0x3c01)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 14:22:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=33396EA7920CC519394F6C6F16F967C41C25AE7E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:07:b1:03:8b:e1:33:60:c3:0c:e1:c5:5b:38:
81:f5:2c:81:69:86:a4:02:16:b3:af:73:53:aa:8a:
2c:cc:2e:b5:3b:78:3a:5c:2b:34:c4:d7:9c:df:13:
63:5b:30:00:15:ed:a1:1f:d1:e2:29:e1:c1:fb:bd:
23:4a:66:b4:73:84:78:ef:99:b5:68:f8:b3:be:41:
b8:28:c6:5b:68:43:2b:61:e7:9f:e6:e8:b6:67:2a:
30:09:14:e5:ea:36:fb:73:09:a7:70:5a:ea:4a:54:
9b:24:3d:3b:85:c7:d1:d8:8c:01:d6:04:5b:e8:fa:
e8:00:bc:62:87:60:6a:3e:61:63:bc:a7:9a:05:75:
63:0f:cb:9f:d7:75:fb:2d:e4:62:43:f5:f2:3a:9d:
a7:cf:43:8c:be:e5:5a:29:16:48:f6:d5:57:ef:50:
b7:ad:fd:af:d2:19:f6:2b:cd:25:78:5d:73:96:4a:
06:3a:96:6a:78:64:d2:ff:70:c1:52:22:3f:e8:14:
9b:ff:d1:df:de:20:d6:b8:5b:0c:d8:89:9f:df:9f:
28:31:c4:33:64:17:75:b4:78:0c:11:33:13:c2:73:
76:b7:65:71:91:c4:61:64:8c:6c:6a:50:16:3e:87:
b7:5a:b0:f2:9b:05:6a:64:e3:49:fc:c0:56:e8:3f:
18:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:39:6E:A7:92:0C:C5:19:39:4F:6C:6F:16:F9:67:C4:1C:25:AE:7E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Mzlup5IMxRk5T2xvFvlnxBwlrn4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
18:04:fc:b5:71:6f:d9:7b:89:8e:bd:57:50:80:f0:99:39:d4:
fe:f6:73:02:0b:2a:84:06:1a:9f:e4:19:de:e4:3d:a7:82:4b:
b2:40:da:7a:32:b5:0c:0a:cc:0f:00:5d:d3:42:7a:81:02:af:
84:4d:47:81:0f:fc:a5:40:11:fc:0d:8f:42:3d:c0:7a:33:3d:
85:b7:65:50:63:35:ac:2a:57:df:27:b2:16:d4:45:dd:65:d6:
3e:94:0b:28:a0:1b:dc:92:dd:f8:9f:a4:75:a0:31:82:e3:5c:
79:bd:1e:0b:4e:76:72:81:62:50:82:c8:ba:d2:00:c2:79:0c:
de:fb:58:35:c0:4c:0d:18:8c:2d:9d:c8:9b:ae:e1:96:b3:d5:
54:e1:21:d7:93:73:a2:ee:7b:28:e9:50:0e:82:15:fe:da:71:
70:b1:b2:ad:88:0f:34:57:e1:02:52:af:c3:d4:c6:a1:85:f4:
a2:14:19:70:15:3e:85:65:80:65:cb:72:81:b3:14:6e:eb:50:
ea:e4:94:ce:05:da:0c:a4:92:6b:fc:e6:1b:85:24:c1:46:ac:
ee:c2:bc:51:69:11:68:c5:45:53:66:a3:b8:6f:a4:bc:3e:1a:
2f:96:42:40:c0:6d:49:0d:86:3c:1a:46:74:c1:6c:98:82:3f:
17:2d:13:c4
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPAEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgx
NDIyMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDMzMzk2RUE3OTIwQ0M1
MTkzOTRGNkM2RjE2Rjk2N0M0MUMyNUFFN0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7B7EDi+EzYMMM4cVbOIH1LIFphqQCFrOvc1OqiizMLrU7eDpc
KzTE15zfE2NbMAAV7aEf0eIp4cH7vSNKZrRzhHjvmbVo+LO+QbgoxltoQyth55/m
6LZnKjAJFOXqNvtzCadwWupKVJskPTuFx9HYjAHWBFvo+ugAvGKHYGo+YWO8p5oF
dWMPy5/Xdfst5GJD9fI6nafPQ4y+5VopFkj21VfvULet/a/SGfYrzSV4XXOWSgY6
lmp4ZNL/cMFSIj/oFJv/0d/eINa4WwzYiZ/fnygxxDNkF3W0eAwRMxPCc3a3ZXGR
xGFkjGxqUBY+h7dasPKbBWpk40n8wFboPxi3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUMzlup5IMxRk5T2xvFvlnxBwlrn4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L016bHVwNUlNeFJrNVQy
eHZGdmxueEJ3bHJuNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABgE/LVxb9l7iY69
V1CA8Jk51P72cwILKoQGGp/kGd7kPaeCS7JA2noytQwKzA8AXdNCeoECr4RNR4EP
/KVAEfwNj0I9wHozPYW3ZVBjNawqV98nshbURd1l1j6UCyigG9yS3fifpHWgMYLj
XHm9HgtOdnKBYlCCyLrSAMJ5DN77WDXATA0YjC2dyJuu4Zaz1VThIdeTc6Lueyjp
UA6CFf7acXCxsq2IDzRX4QJSr8PUxqGF9KIUGXAVPoVlgGXLcoGzFG7rUOrklM4F
2gykkmv85huFJMFGrO7CvFFpEWjFRVNmo7hvpLw+Gi+WQkDAbUkNhjwaRnTBbJiC
PxctE8Q=
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:08:35 2025 by rpki-client