Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WONa_bSFFgSCMjFvni8aKXzKgAs.roa
File: WONa_bSFFgSCMjFvni8aKXzKgAs.roa (raw, json)
Hash identifier: OYO/pRVtjEF3ohIxkSKog0Swl/MgKYOgP+A5Lp3Uyvo=
Subject key identifier: 58:E3:5A:FD:B4:85:16:04:82:32:31:6F:9E:2F:1A:29:7C:CA:80:0B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 549D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WONa_bSFFgSCMjFvni8aKXzKgAs.roa
Signing time: Sat 11 May 2024 09:54:02 +0000
ROA not before: Sat 11 May 2024 09:54:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21661 (0x549d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 09:54:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=58E35AFDB48516048232316F9E2F1A297CCA800B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:6e:19:ab:2b:33:5a:b8:4d:5f:61:17:bd:46:
32:68:1d:41:70:cd:ce:46:c7:38:bd:7c:34:39:15:
eb:9d:38:71:9d:1c:2f:ae:cb:4c:0c:f1:bf:35:57:
68:91:26:25:aa:04:ca:00:77:95:a6:1f:8c:66:e6:
82:fb:a8:15:75:df:5d:c8:f0:5a:80:3f:af:97:94:
b7:20:32:8c:70:51:50:3f:c5:9a:75:c0:a5:a8:8a:
cb:c6:38:6f:41:6b:7c:d5:af:7d:30:5d:a3:f0:6d:
0d:a0:33:f5:0c:d6:df:62:0a:b6:e3:f5:6c:38:4b:
2c:bf:5f:13:e5:6a:02:ad:d3:7e:53:aa:da:cc:33:
5b:ac:21:62:d9:e4:f9:07:9a:3a:74:4e:f7:c4:5f:
b1:e2:57:04:98:52:4f:28:9f:fd:9f:98:17:ac:51:
9e:17:ef:a0:63:d8:81:80:c8:3b:b0:b1:41:34:5a:
83:70:08:85:39:47:fb:f1:27:25:da:fe:76:fd:d1:
0b:1d:cb:0c:f5:c3:38:e4:c2:76:19:06:1f:40:7d:
b1:4b:22:4a:a1:e2:c0:d1:0b:16:ce:db:db:98:e7:
24:a9:f5:42:c8:e8:d3:1a:d4:46:df:7e:9e:0b:23:
e8:a4:39:f0:bd:3e:68:86:36:67:40:c0:f9:f0:82:
0a:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:E3:5A:FD:B4:85:16:04:82:32:31:6F:9E:2F:1A:29:7C:CA:80:0B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WONa_bSFFgSCMjFvni8aKXzKgAs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b6:1a:ff:de:16:ee:4b:e2:e4:d9:f9:66:28:ae:78:06:52:08:
e5:2f:ac:54:44:e9:13:60:45:b2:27:e1:5e:04:41:d8:a6:8c:
07:c3:83:22:9b:b2:bc:75:db:2f:9a:ff:f7:fe:13:2e:e2:c8:
91:5f:e2:f4:38:67:3c:4f:1c:47:96:e9:ea:23:8f:6b:c8:96:
a2:b6:e9:04:85:e2:7e:83:3e:2e:38:38:f4:a0:05:c1:41:5d:
bd:b8:ea:ab:b1:8b:50:28:b7:93:7a:37:ae:c0:e1:d7:8c:8e:
dc:c3:2e:2f:f2:88:9d:56:d7:06:f8:ee:83:3e:c9:29:3d:0a:
60:83:d9:b2:3a:81:dd:a5:e1:62:3f:df:b4:33:c0:6c:ef:f3:
42:4d:fd:ed:c6:f4:12:94:8a:96:ef:ea:79:29:45:e7:28:91:
2c:1a:2f:60:83:dc:86:e6:c4:f4:4a:02:9a:e0:1b:af:b4:3a:
31:79:03:7b:77:83:62:4b:dd:17:75:94:b9:82:2e:6c:8b:83:
df:f4:f1:63:24:38:92:13:c7:fc:62:fd:b7:81:94:df:42:75:
83:fb:ab:d7:e9:ad:d3:9b:7e:e2:ec:32:17:c3:3a:b9:44:f7:
dd:5c:58:fa:85:cb:c6:44:33:fc:ca:16:33:b3:28:60:4f:dd:
2d:32:32:b4
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVJ0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEw
OTU0MDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU4RTM1QUZEQjQ4NTE2
MDQ4MjMyMzE2RjlFMkYxQTI5N0NDQTgwMEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPbhmrKzNauE1fYRe9RjJoHUFwzc5Gxzi9fDQ5FeudOHGdHC+u
y0wM8b81V2iRJiWqBMoAd5WmH4xm5oL7qBV1313I8FqAP6+XlLcgMoxwUVA/xZp1
wKWoisvGOG9Ba3zVr30wXaPwbQ2gM/UM1t9iCrbj9Ww4Syy/XxPlagKt035TqtrM
M1usIWLZ5PkHmjp0TvfEX7HiVwSYUk8on/2fmBesUZ4X76Bj2IGAyDuwsUE0WoNw
CIU5R/vxJyXa/nb90Qsdywz1wzjkwnYZBh9AfbFLIkqh4sDRCxbO29uY5ySp9ULI
6NMa1Ebffp4LI+ikOfC9PmiGNmdAwPnwggrxAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUWONa/bSFFgSCMjFvni8aKXzKgAswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dPTmFfYlNGRmdTQ01q
RnZuaThhS1h6S2dBcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALYa/94W7kvi5Nn5
ZiiueAZSCOUvrFRE6RNgRbIn4V4EQdimjAfDgyKbsrx12y+a//f+Ey7iyJFf4vQ4
ZzxPHEeW6eojj2vIlqK26QSF4n6DPi44OPSgBcFBXb246quxi1Aot5N6N67A4deM
jtzDLi/yiJ1W1wb47oM+ySk9CmCD2bI6gd2l4WI/37QzwGzv80JN/e3G9BKUipbv
6nkpRecokSwaL2CD3IbmxPRKAprgG6+0OjF5A3t3g2JL3Rd1lLmCLmyLg9/08WMk
OJITx/xi/beBlN9CdYP7q9fprdObfuLsMhfDOrlE991cWPqFy8ZEM/zKFjOzKGBP
3S0yMrQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:50:07 2025 by rpki-client