Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QQqGbI28oDvbexhzbPA46ZQlKMg.roa
File: QQqGbI28oDvbexhzbPA46ZQlKMg.roa (raw, json)
Hash identifier: +PfCIKAJYfnBvlppahdNJgB+/qG8rBCxIOzFGG5se5o=
Subject key identifier: 41:0A:86:6C:8D:BC:A0:3B:DB:7B:18:73:6C:F0:38:E9:94:25:28:C8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4FF9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QQqGbI28oDvbexhzbPA46ZQlKMg.roa
Signing time: Sun 05 May 2024 05:24:05 +0000
ROA not before: Sun 05 May 2024 05:24:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20473 (0x4ff9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 05:24:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=410A866C8DBCA03BDB7B18736CF038E9942528C8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:48:3a:19:76:d9:85:33:2f:86:a1:b1:ba:7d:
60:91:32:a9:fa:03:89:ad:bf:98:15:8d:89:05:8b:
6d:13:ea:6a:07:66:5a:9d:51:ca:5c:a0:c6:14:19:
47:39:e1:be:46:0b:d8:da:c7:e6:42:93:ef:b2:02:
f3:cf:fa:2e:44:7d:b6:ea:ec:f1:7f:c3:54:67:bc:
53:8b:79:21:21:58:d0:dc:29:b4:59:75:c7:4f:68:
d2:6a:e2:4e:11:15:84:44:ed:7d:3c:ad:e9:9c:c7:
4c:6c:6e:19:76:62:9f:ec:98:9f:d6:4e:39:83:a9:
c4:6d:56:28:cd:5c:a9:a2:64:d6:81:54:ce:aa:b3:
c9:b4:ac:78:bc:ad:52:80:03:46:bc:82:79:c5:53:
fc:1e:74:5f:af:8f:3f:8d:49:0a:4e:fa:92:e8:74:
6e:d4:bd:ea:e1:62:5e:ca:d3:c3:d7:e2:2d:ad:86:
1d:6c:d6:65:b3:8d:f9:fb:9e:5f:8e:a4:b1:a6:ef:
ac:a2:b4:c3:99:c4:f7:14:a2:de:db:7d:a8:91:6a:
fc:59:72:6a:a2:4c:3e:b4:68:13:48:b7:04:24:55:
60:d6:c8:1d:1a:fe:cc:ca:4d:8c:81:9d:6c:8b:cb:
ce:d6:a8:dd:df:8f:38:7a:ff:e0:d7:71:a7:7d:0f:
94:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:0A:86:6C:8D:BC:A0:3B:DB:7B:18:73:6C:F0:38:E9:94:25:28:C8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QQqGbI28oDvbexhzbPA46ZQlKMg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
a8:6f:b0:ee:96:16:3d:c0:33:6d:8d:35:38:08:ee:d1:40:c2:
05:b3:af:a0:d7:18:e0:c8:dd:f3:c6:69:67:dd:0d:67:72:dd:
e8:1c:79:70:23:e6:34:3a:70:04:75:46:71:a0:f8:33:0c:53:
8e:e7:7b:19:21:16:7d:a1:dc:95:18:4b:9f:c3:d5:c5:f8:8e:
d6:92:4c:4a:94:5e:d1:42:b3:88:db:c6:fe:c0:03:92:e6:e6:
d7:be:bd:fd:2e:24:83:e4:8b:81:f7:3b:39:3c:da:34:03:4c:
e4:a3:1d:d4:7b:4e:ff:dd:84:c8:eb:df:09:cd:0f:66:cf:63:
b3:21:c2:68:9f:5f:ba:5c:bc:08:dc:11:94:fe:d8:1a:f3:21:
27:d3:32:2f:d4:47:b8:bb:72:d2:36:0c:ed:38:dc:fa:13:16:
00:31:56:b9:fb:8b:15:58:53:2c:ee:9b:af:c4:36:a6:6a:17:
19:b6:20:9b:fa:26:df:39:aa:2e:f4:19:5e:82:6b:27:e1:c3:
18:f7:5e:a3:77:0c:0f:6a:ba:bd:ff:5f:cf:05:a0:00:a6:c0:
f6:0a:32:7a:ef:09:44:32:38:5c:f1:b9:b9:b6:c6:45:3a:74:
ab:dd:46:de:75:b8:17:90:e6:b0:6a:91:d4:d9:d3:31:b5:84:
a1:cf:66:a8
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICT/kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUw
NTI0MDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQxMEE4NjZDOERCQ0Ew
M0JEQjdCMTg3MzZDRjAzOEU5OTQyNTI4QzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChSDoZdtmFMy+GobG6fWCRMqn6A4mtv5gVjYkFi20T6moHZlqd
UcpcoMYUGUc54b5GC9jax+ZCk++yAvPP+i5Efbbq7PF/w1RnvFOLeSEhWNDcKbRZ
dcdPaNJq4k4RFYRE7X08remcx0xsbhl2Yp/smJ/WTjmDqcRtVijNXKmiZNaBVM6q
s8m0rHi8rVKAA0a8gnnFU/wedF+vjz+NSQpO+pLodG7UverhYl7K08PX4i2thh1s
1mWzjfn7nl+OpLGm76yitMOZxPcUot7bfaiRavxZcmqiTD60aBNItwQkVWDWyB0a
/szKTYyBnWyLy87WqN3fjzh6/+DXcad9D5Q9AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUQQqGbI28oDvbexhzbPA46ZQlKMgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FRcUdiSTI4b0R2YmV4
aHpiUEE0NlpRbEtNZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKhvsO6WFj3AM22N
NTgI7tFAwgWzr6DXGODI3fPGaWfdDWdy3egceXAj5jQ6cAR1RnGg+DMMU47nexkh
Fn2h3JUYS5/D1cX4jtaSTEqUXtFCs4jbxv7AA5Lm5te+vf0uJIPki4H3Ozk82jQD
TOSjHdR7Tv/dhMjr3wnND2bPY7MhwmifX7pcvAjcEZT+2BrzISfTMi/UR7i7ctI2
DO043PoTFgAxVrn7ixVYUyzum6/ENqZqFxm2IJv6Jt85qi70GV6Cayfhwxj3XqN3
DA9qur3/X88FoACmwPYKMnrvCUQyOFzxubm2xkU6dKvdRt51uBeQ5rBqkdTZ0zG1
hKHPZqg=
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:00:07 2025 by rpki-client