Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WSN7V7MUR9H4nAfCf1N7_QsY9ck.roa
File: WSN7V7MUR9H4nAfCf1N7_QsY9ck.roa (raw, json)
Hash identifier: jEfxCwyInm5aRX4Zn/Hz55M2ZDCZnZxNY+mJHrrRJrA=
Subject key identifier: 59:23:7B:57:B3:14:47:D1:F8:9C:07:C2:7F:53:7B:FD:0B:18:F5:C9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 476D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WSN7V7MUR9H4nAfCf1N7_QsY9ck.roa
Signing time: Tue 23 Apr 2024 19:53:12 +0000
ROA not before: Tue 23 Apr 2024 19:53:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18285 (0x476d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 23 19:53:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=59237B57B31447D1F89C07C27F537BFD0B18F5C9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:82:1e:b9:88:25:fa:ac:9e:fb:dc:8d:79:3d:
e5:ad:e2:81:8b:58:7a:03:2c:1f:19:33:8d:95:fe:
94:3b:fd:9b:d6:8f:c0:53:7f:8d:ad:78:92:19:31:
45:09:67:93:3b:09:6d:16:c7:b6:13:8d:52:68:b1:
f8:22:1e:63:8d:33:c4:20:3f:a5:32:b6:8d:7e:a0:
0c:7c:a8:41:55:f7:69:f3:98:ac:b5:ba:bc:7a:9d:
a5:bc:5b:74:00:ec:7a:12:fb:6e:ef:61:7f:af:8a:
c8:a6:5d:07:e7:cb:72:dc:47:bb:c9:33:06:42:90:
67:20:3f:df:01:e3:f8:26:d1:ec:8d:eb:08:d9:b0:
37:2e:38:81:99:4d:20:ed:8d:46:f0:04:89:16:75:
36:b5:fd:9b:9c:be:af:99:b9:dc:b8:b9:cb:29:01:
c1:b9:b4:fd:2d:28:ae:c9:12:1d:05:0d:43:e0:99:
96:90:f0:20:25:aa:09:d2:eb:0e:f2:65:3c:c8:66:
3d:60:86:18:e9:d6:a5:b7:c7:ec:f1:29:96:e4:0f:
2c:c8:7f:0d:61:89:a1:3e:58:0f:ee:f0:4b:2a:4b:
90:73:90:45:4f:64:53:4a:b6:7c:fd:fe:73:64:e5:
73:c0:a5:28:b4:86:e3:d0:d5:7c:40:e2:dc:08:20:
64:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:23:7B:57:B3:14:47:D1:F8:9C:07:C2:7F:53:7B:FD:0B:18:F5:C9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WSN7V7MUR9H4nAfCf1N7_QsY9ck.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b3:d3:6d:f8:58:93:10:cd:b3:b2:5e:8a:c3:ca:ee:ff:11:92:
ec:a5:c7:c1:18:4f:d4:ba:87:d9:2d:7e:8c:7b:78:e5:50:e6:
21:21:57:ae:c1:3a:61:93:57:d4:a2:da:38:40:9e:00:c8:55:
56:cb:fc:70:de:0d:d8:e3:85:e6:ff:7b:e0:a9:c3:2e:97:38:
ce:77:34:3c:d7:dd:78:0d:1a:16:df:51:9f:8d:94:6e:f5:69:
fc:ad:15:89:4b:3f:87:89:51:3e:2f:36:cc:9a:80:91:a4:35:
7b:f5:b9:df:1d:04:e9:de:8e:bd:67:1e:e3:19:04:27:e2:8b:
5c:d9:fc:17:87:40:96:82:d8:49:64:6f:06:8b:72:0d:a8:22:
af:00:d6:db:16:50:a6:67:6b:52:d4:22:60:9c:ce:b3:f5:00:
dd:24:ca:a2:fa:b5:ff:f3:64:bd:79:0e:e4:0c:24:f3:fa:2d:
c3:3e:99:86:21:b6:9a:58:72:e8:da:f0:89:a8:03:f3:64:71:
0e:a1:91:76:00:a2:56:b3:a6:aa:f5:6e:58:f8:77:99:88:2f:
1a:45:8f:4f:8f:a2:d9:98:7e:48:d2:88:7a:79:f6:a2:05:a0:
9d:3c:0c:24:ac:21:c3:f6:ed:f7:b1:15:4f:52:7a:a7:8e:0c:
69:20:25:43
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICR20wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjMx
OTUzMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU5MjM3QjU3QjMxNDQ3
RDFGODlDMDdDMjdGNTM3QkZEMEIxOEY1QzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqgh65iCX6rJ773I15PeWt4oGLWHoDLB8ZM42V/pQ7/ZvWj8BT
f42teJIZMUUJZ5M7CW0Wx7YTjVJosfgiHmONM8QgP6Uyto1+oAx8qEFV92nzmKy1
urx6naW8W3QA7HoS+27vYX+visimXQfny3LcR7vJMwZCkGcgP98B4/gm0eyN6wjZ
sDcuOIGZTSDtjUbwBIkWdTa1/Zucvq+Zudy4ucspAcG5tP0tKK7JEh0FDUPgmZaQ
8CAlqgnS6w7yZTzIZj1ghhjp1qW3x+zxKZbkDyzIfw1hiaE+WA/u8EsqS5BzkEVP
ZFNKtnz9/nNk5XPApSi0huPQ1XxA4twIIGQfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUWSN7V7MUR9H4nAfCf1N7/QsY9ckwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dTTjdWN01VUjlING5B
ZkNmMU43X1FzWTljay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALPTbfhYkxDNs7Je
isPK7v8Rkuylx8EYT9S6h9ktfox7eOVQ5iEhV67BOmGTV9Si2jhAngDIVVbL/HDe
Ddjjheb/e+Cpwy6XOM53NDzX3XgNGhbfUZ+NlG71afytFYlLP4eJUT4vNsyagJGk
NXv1ud8dBOnejr1nHuMZBCfii1zZ/BeHQJaC2ElkbwaLcg2oIq8A1tsWUKZna1LU
ImCczrP1AN0kyqL6tf/zZL15DuQMJPP6LcM+mYYhtppYcuja8ImoA/NkcQ6hkXYA
olazpqr1blj4d5mILxpFj0+PotmYfkjSiHp59qIFoJ08DCSsIcP27fexFU9SeqeO
DGkgJUM=
-----END CERTIFICATE-----
Generated at Fri Jun 20 20:53:14 2025 by rpki-client