Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Ta67JDd2fsjwV1qBbcA1RY6NtJg.roa
File: Ta67JDd2fsjwV1qBbcA1RY6NtJg.roa (raw, json)
Hash identifier: UvQMn9Bz9UX9UJ6DPlpzVx7+SK4D5ziDzNXq82PLVyo=
Subject key identifier: 4D:AE:BB:24:37:76:7E:C8:F0:57:5A:81:6D:C0:35:45:8E:8D:B4:98
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5181
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ta67JDd2fsjwV1qBbcA1RY6NtJg.roa
Signing time: Tue 07 May 2024 06:24:09 +0000
ROA not before: Tue 07 May 2024 06:24:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20865 (0x5181)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 06:24:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4DAEBB2437767EC8F0575A816DC035458E8DB498
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:1b:69:87:29:15:04:fa:8f:5d:34:93:0c:92:
80:5c:2f:56:c4:31:7b:ec:1d:a2:66:77:7d:38:7c:
3b:95:3b:7e:5b:d6:e1:bf:a6:d3:36:18:1d:7d:4d:
fc:16:a7:53:2e:3f:f1:9b:5a:23:be:18:1e:71:b3:
b9:98:ff:09:e0:5f:3a:66:a6:6c:5e:61:8d:51:28:
78:7d:76:7d:29:96:43:cb:b4:ed:d5:ba:09:9f:db:
66:cb:28:79:0c:17:b6:f1:a6:89:cd:09:db:84:f3:
d1:36:86:6f:69:0d:31:b6:c6:a2:a7:0a:df:00:43:
cd:ee:29:c7:9f:ce:d7:7c:d6:31:77:1c:b3:81:b8:
ad:07:14:60:d6:dc:56:f3:4a:6e:2b:4e:d3:2a:02:
ec:74:57:0f:1d:1e:86:91:49:e0:be:0b:fa:73:38:
de:11:87:90:90:f5:27:77:42:df:6b:2c:24:3a:23:
3c:92:60:e7:d4:12:31:15:20:a6:cc:59:51:50:0b:
a0:33:5e:84:9a:1b:00:2b:e8:1f:c2:eb:16:42:6e:
ee:5f:57:80:4c:11:53:8a:91:d8:b9:e5:0d:80:f2:
31:1f:e5:38:aa:9d:0b:f7:8b:f4:02:bf:a5:27:4d:
2b:8c:30:74:8b:7e:cb:d4:57:06:1d:75:db:08:89:
f0:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:AE:BB:24:37:76:7E:C8:F0:57:5A:81:6D:C0:35:45:8E:8D:B4:98
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ta67JDd2fsjwV1qBbcA1RY6NtJg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
73:81:9a:90:6e:ad:16:7b:98:d7:f5:d0:d5:85:51:bf:07:92:
0c:84:c0:51:35:7a:6a:34:38:fd:f7:01:f6:a6:0a:b0:2a:dc:
a0:90:a3:03:7e:65:1e:6e:93:19:90:03:7f:ee:c0:66:69:20:
44:f3:43:fa:54:86:23:c1:d7:41:c0:11:9d:ac:3a:ae:4e:ff:
25:9a:15:62:17:80:7a:41:8f:f8:8a:ea:fd:3e:18:87:48:10:
cd:2b:54:5e:e4:94:ab:6d:b3:b7:e7:b7:15:f7:63:b3:8a:ce:
94:a4:85:fc:cc:4f:55:a5:bf:b5:b0:84:9b:35:37:e3:5f:8b:
48:14:b0:a0:a1:dd:c2:73:12:31:c3:8c:b1:e8:a2:22:00:94:
04:1d:28:99:69:98:9a:97:e9:d0:6a:dc:6d:e3:25:57:2d:79:
8b:08:1b:a6:dd:2d:f0:a5:d7:7d:40:79:ab:52:2c:44:2d:bb:
13:b0:0d:e5:40:d9:d0:9a:ec:0e:5e:37:4f:fd:24:53:69:02:
b8:d1:56:be:69:7c:f8:77:e2:b6:41:ac:c1:32:fc:25:0e:73:
9c:71:c6:b4:58:80:03:b8:62:45:b8:02:72:32:21:29:f3:f5:
b9:a3:53:cf:25:91:e4:a6:44:d9:7a:e6:36:67:59:f6:db:81:
83:06:f7:d0
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUYEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcw
NjI0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDREQUVCQjI0Mzc3NjdF
QzhGMDU3NUE4MTZEQzAzNTQ1OEU4REI0OTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWG2mHKRUE+o9dNJMMkoBcL1bEMXvsHaJmd304fDuVO35b1uG/
ptM2GB19TfwWp1MuP/GbWiO+GB5xs7mY/wngXzpmpmxeYY1RKHh9dn0plkPLtO3V
ugmf22bLKHkMF7bxponNCduE89E2hm9pDTG2xqKnCt8AQ83uKcefztd81jF3HLOB
uK0HFGDW3FbzSm4rTtMqAux0Vw8dHoaRSeC+C/pzON4Rh5CQ9Sd3Qt9rLCQ6IzyS
YOfUEjEVIKbMWVFQC6AzXoSaGwAr6B/C6xZCbu5fV4BMEVOKkdi55Q2A8jEf5Tiq
nQv3i/QCv6UnTSuMMHSLfsvUVwYdddsIifCZAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUTa67JDd2fsjwV1qBbcA1RY6NtJgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1RhNjdKRGQyZnNqd1Yx
cUJiY0ExUlk2TnRKZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHOBmpBurRZ7mNf1
0NWFUb8HkgyEwFE1emo0OP33AfamCrAq3KCQowN+ZR5ukxmQA3/uwGZpIETzQ/pU
hiPB10HAEZ2sOq5O/yWaFWIXgHpBj/iK6v0+GIdIEM0rVF7klKtts7fntxX3Y7OK
zpSkhfzMT1Wlv7WwhJs1N+Nfi0gUsKCh3cJzEjHDjLHooiIAlAQdKJlpmJqX6dBq
3G3jJVcteYsIG6bdLfCl131AeatSLEQtuxOwDeVA2dCa7A5eN0/9JFNpArjRVr5p
fPh34rZBrMEy/CUOc5xxxrRYgAO4YkW4AnIyISnz9bmjU88lkeSmRNl65jZnWfbb
gYMG99A=
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:06:48 2025 by rpki-client