Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QOwDuDt8sMopFUrw4eCkXl-AnyU.roa
File: QOwDuDt8sMopFUrw4eCkXl-AnyU.roa (raw, json)
Hash identifier: 21jene/UjuGTLoxqADXOfk0vOHzBDpb4zmRMSGlszdg=
Subject key identifier: 40:EC:03:B8:3B:7C:B0:CA:29:15:4A:F0:E1:E0:A4:5E:5F:80:9F:25
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 50E9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QOwDuDt8sMopFUrw4eCkXl-AnyU.roa
Signing time: Mon 06 May 2024 11:23:51 +0000
ROA not before: Mon 06 May 2024 11:23:51 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20713 (0x50e9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 11:23:51 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=40EC03B83B7CB0CA29154AF0E1E0A45E5F809F25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:6a:e4:54:05:07:c5:f9:2f:75:d2:bd:c0:dd:
01:26:17:5c:af:9e:87:d2:88:d3:b3:70:31:3f:e4:
2f:77:0a:e1:1d:ef:cd:00:dd:1c:9e:e6:b0:78:4b:
83:9d:6f:fa:13:7f:25:34:e5:88:c6:18:13:19:3d:
b1:50:63:d1:63:93:10:dc:24:66:3b:f8:38:cd:7d:
23:ec:98:34:95:2a:47:0e:6d:8a:b2:db:11:79:52:
9b:33:d5:de:38:cd:0e:e4:ab:85:70:d0:82:4f:7e:
97:0b:4a:4e:ad:30:d3:51:4c:81:00:30:af:20:86:
80:48:fd:02:9a:e3:ac:69:dc:b8:c3:ba:66:8b:f9:
07:16:e3:19:dd:e0:bc:b4:2c:9f:a0:44:c6:94:c8:
cf:7b:ff:31:95:c3:3a:ff:ce:14:be:99:43:e5:1f:
ac:21:3e:84:d8:98:24:9c:c2:66:4c:06:24:0a:b6:
ab:23:45:da:a7:29:3c:2b:10:95:f9:aa:e1:a6:46:
42:ed:db:5c:e3:af:a7:26:83:cf:64:0f:d2:f6:58:
fc:c9:4f:48:79:91:45:bb:a4:ea:e9:ba:02:b7:0d:
ad:35:82:d2:8b:7e:d5:fa:79:9e:42:cd:07:f3:61:
76:9b:a4:7b:84:9a:77:f5:c1:a1:23:91:25:70:50:
75:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:EC:03:B8:3B:7C:B0:CA:29:15:4A:F0:E1:E0:A4:5E:5F:80:9F:25
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QOwDuDt8sMopFUrw4eCkXl-AnyU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
51:a3:ae:79:30:f5:3f:6b:3a:5e:29:de:05:a8:1d:a4:70:c2:
c8:18:14:93:a2:0f:e7:f7:14:e6:bf:4b:75:b3:60:9d:4a:60:
12:96:04:97:b6:13:6f:57:c9:10:1f:4c:a7:b0:f0:ea:29:82:
bd:db:f4:20:a3:fe:b5:27:d5:70:14:6b:c1:a6:80:cd:9a:e7:
0d:b0:05:a8:87:98:58:a0:fe:7a:db:47:80:e9:52:53:d1:92:
4b:8a:92:d6:c7:e2:0e:be:56:06:e1:78:a8:d9:ac:72:3b:a1:
4a:64:a1:9c:f7:7e:3a:2d:50:d9:6f:50:b9:bc:23:ff:1b:6c:
6e:af:7a:dd:34:c8:75:e9:6a:e4:73:ad:39:c9:8a:8f:6c:47:
85:c5:be:16:f8:8d:0d:b0:80:6e:14:e9:84:2b:66:f8:31:84:
9a:6b:99:56:85:a0:d9:f8:91:68:23:fd:93:d2:69:dd:eb:4d:
51:b5:5b:90:5d:71:cc:74:48:31:62:12:16:b4:cd:fe:e6:ff:
59:0b:07:2c:42:52:b8:95:95:20:85:de:54:d1:e5:f6:00:1e:
e2:20:2a:2d:cd:c3:cb:e3:cb:8e:05:3f:fc:97:30:37:c0:19:
f7:ca:c4:c8:be:2b:57:d7:2f:e0:9b:af:6b:da:20:47:f3:10:
5c:78:17:cf
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUOkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYx
MTIzNTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQwRUMwM0I4M0I3Q0Iw
Q0EyOTE1NEFGMEUxRTBBNDVFNUY4MDlGMjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/auRUBQfF+S910r3A3QEmF1yvnofSiNOzcDE/5C93CuEd780A
3Rye5rB4S4Odb/oTfyU05YjGGBMZPbFQY9FjkxDcJGY7+DjNfSPsmDSVKkcObYqy
2xF5Upsz1d44zQ7kq4Vw0IJPfpcLSk6tMNNRTIEAMK8ghoBI/QKa46xp3LjDumaL
+QcW4xnd4Ly0LJ+gRMaUyM97/zGVwzr/zhS+mUPlH6whPoTYmCScwmZMBiQKtqsj
RdqnKTwrEJX5quGmRkLt21zjr6cmg89kD9L2WPzJT0h5kUW7pOrpugK3Da01gtKL
ftX6eZ5CzQfzYXabpHuEmnf1waEjkSVwUHW9AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUQOwDuDt8sMopFUrw4eCkXl+AnyUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FPd0R1RHQ4c01vcEZV
cnc0ZUNrWGwtQW55VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFGjrnkw9T9rOl4p
3gWoHaRwwsgYFJOiD+f3FOa/S3WzYJ1KYBKWBJe2E29XyRAfTKew8Oopgr3b9CCj
/rUn1XAUa8GmgM2a5w2wBaiHmFig/nrbR4DpUlPRkkuKktbH4g6+VgbheKjZrHI7
oUpkoZz3fjotUNlvULm8I/8bbG6vet00yHXpauRzrTnJio9sR4XFvhb4jQ2wgG4U
6YQrZvgxhJprmVaFoNn4kWgj/ZPSad3rTVG1W5Bdccx0SDFiEha0zf7m/1kLByxC
UriVlSCF3lTR5fYAHuIgKi3Nw8vjy44FP/yXMDfAGffKxMi+K1fXL+Cbr2vaIEfz
EFx4F88=
-----END CERTIFICATE-----
Generated at Fri Jun 20 22:49:08 2025 by rpki-client