Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WGjBWWx7u6ehYQrw9PMtrpfVDRw.roa
File: WGjBWWx7u6ehYQrw9PMtrpfVDRw.roa (raw, json)
Hash identifier: 4e3p/GUMWfYd/aCK0ZUbt2U2NhcpKsYhVeLbhE9Lhas=
Subject key identifier: 58:68:C1:59:6C:7B:BB:A7:A1:61:0A:F0:F4:F3:2D:AE:97:D5:0D:1C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5469
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WGjBWWx7u6ehYQrw9PMtrpfVDRw.roa
Signing time: Sat 11 May 2024 03:24:25 +0000
ROA not before: Sat 11 May 2024 03:24:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21609 (0x5469)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 03:24:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5868C1596C7BBBA7A1610AF0F4F32DAE97D50D1C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:cb:b9:2c:5d:2b:a7:5a:59:3f:7c:87:9b:e2:
37:c9:12:05:39:53:dc:c7:24:75:d0:25:0e:49:94:
00:3f:60:36:67:0f:a6:5e:47:9f:b7:8b:f2:4c:c3:
a4:71:ed:0a:23:e4:db:fd:6f:d6:1a:c6:9a:fb:ce:
98:52:3b:ea:48:a5:3c:27:73:d4:54:52:5e:62:d3:
43:d1:10:4a:eb:97:9e:ed:0b:bf:8b:4d:86:8f:92:
16:0b:a0:0a:40:60:0b:e3:03:aa:a5:d2:34:e7:9b:
73:2d:70:06:5a:fb:9c:6f:22:49:49:0c:b1:12:ce:
0c:de:d0:81:5c:ea:28:76:7a:6b:f0:b2:ea:32:ad:
ac:4f:7c:c4:ae:4b:15:42:7f:85:03:dd:31:2b:61:
e8:d0:3a:61:90:8c:2d:cb:e4:40:d0:14:90:62:16:
b0:77:84:7c:b6:59:a1:ac:fc:32:13:88:b9:6a:9d:
24:91:6a:d1:b2:75:3a:00:1e:c5:5e:c9:b0:3b:3f:
f6:e3:4b:27:9f:c5:b7:ea:7b:21:7c:c8:e8:f3:79:
6a:62:8e:07:96:2d:b1:b0:df:6f:62:82:4a:a2:25:
6f:ca:61:0c:d6:ce:fa:01:65:f5:cc:a1:b3:19:6e:
9e:0a:b6:f6:11:8e:f4:60:b9:fb:0f:38:c3:99:a2:
c8:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:68:C1:59:6C:7B:BB:A7:A1:61:0A:F0:F4:F3:2D:AE:97:D5:0D:1C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WGjBWWx7u6ehYQrw9PMtrpfVDRw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
a2:40:80:4d:05:0f:ca:6a:7c:06:b8:2b:52:3c:db:cc:60:4f:
0a:15:03:23:e5:dc:1a:ea:9f:53:03:c4:c9:0f:ae:c6:a0:2d:
af:55:eb:23:8a:0c:d3:4e:7a:62:9c:33:e7:67:d0:e3:4f:36:
59:2d:30:9b:1b:a0:bf:e8:6c:4d:0c:26:8d:cf:b1:12:fa:45:
d3:d6:b4:0e:37:1b:ce:51:ac:7b:38:ff:a0:a1:88:22:44:b8:
1f:8f:b4:7d:96:82:54:7b:d1:ca:e0:90:2e:41:80:c7:33:7d:
66:a0:75:1e:ae:1d:c8:ed:d4:9a:c7:c2:0a:86:57:26:e4:77:
25:f8:89:f0:37:ce:9a:3f:6f:7c:f0:ec:3c:69:f4:66:cc:47:
f9:3b:45:59:b9:45:26:e1:b8:86:1f:79:c3:10:5a:35:8d:70:
54:d1:54:42:88:a8:e5:dd:6b:fc:71:74:b6:3f:18:68:c9:83:
63:42:3e:5c:10:9d:f4:28:d8:1e:c3:f5:eb:29:7c:24:b6:10:
46:74:2c:12:3a:d1:8f:45:52:0d:1a:8b:64:c3:ce:9e:c2:50:
03:09:7e:bc:f7:fe:56:72:dd:43:70:7b:91:4d:f3:dd:7a:69:
4c:05:d6:9a:c4:21:8a:9c:fc:ea:a0:ff:9c:aa:da:e0:91:f7:
27:a8:db:16
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVGkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEw
MzI0MjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU4NjhDMTU5NkM3QkJC
QTdBMTYxMEFGMEY0RjMyREFFOTdENTBEMUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3y7ksXSunWlk/fIeb4jfJEgU5U9zHJHXQJQ5JlAA/YDZnD6Ze
R5+3i/JMw6Rx7Qoj5Nv9b9Yaxpr7zphSO+pIpTwnc9RUUl5i00PREErrl57tC7+L
TYaPkhYLoApAYAvjA6ql0jTnm3MtcAZa+5xvIklJDLESzgze0IFc6ih2emvwsuoy
raxPfMSuSxVCf4UD3TErYejQOmGQjC3L5EDQFJBiFrB3hHy2WaGs/DITiLlqnSSR
atGydToAHsVeybA7P/bjSyefxbfqeyF8yOjzeWpijgeWLbGw329igkqiJW/KYQzW
zvoBZfXMobMZbp4KtvYRjvRgufsPOMOZosirAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUWGjBWWx7u6ehYQrw9PMtrpfVDRwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dHakJXV3g3dTZlaFlR
cnc5UE10cnBmVkRSdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKJAgE0FD8pqfAa4
K1I828xgTwoVAyPl3Brqn1MDxMkPrsagLa9V6yOKDNNOemKcM+dn0ONPNlktMJsb
oL/obE0MJo3PsRL6RdPWtA43G85RrHs4/6ChiCJEuB+PtH2WglR70crgkC5BgMcz
fWagdR6uHcjt1JrHwgqGVybkdyX4ifA3zpo/b3zw7Dxp9GbMR/k7RVm5RSbhuIYf
ecMQWjWNcFTRVEKIqOXda/xxdLY/GGjJg2NCPlwQnfQo2B7D9espfCS2EEZ0LBI6
0Y9FUg0ai2TDzp7CUAMJfrz3/lZy3UNwe5FN8916aUwF1prEIYqc/Oqg/5yq2uCR
9yeo2xY=
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:44:17 2025 by rpki-client