Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Y39-qFdjWJaUwzWYBv_Kqxc_7j8.roa
File: Y39-qFdjWJaUwzWYBv_Kqxc_7j8.roa (raw, json)
Hash identifier: HsWM0ztEYQg1OuFtlDmdUpzg9nYlUgBgatjR5uL9fOU=
Subject key identifier: 63:7F:7E:A8:57:63:58:96:94:C3:35:98:06:FF:CA:AB:17:3F:EE:3F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 51AD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Y39-qFdjWJaUwzWYBv_Kqxc_7j8.roa
Signing time: Tue 07 May 2024 11:53:52 +0000
ROA not before: Tue 07 May 2024 11:53:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20909 (0x51ad)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 11:53:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=637F7EA85763589694C3359806FFCAAB173FEE3F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:76:53:28:e0:47:8b:77:bd:5a:3d:f5:f7:a0:
86:2b:5b:30:4c:24:84:4b:04:4f:02:9d:56:de:3e:
2b:1f:a2:4e:3e:45:ad:75:ab:05:ea:c6:de:82:97:
33:e6:bc:b5:0b:51:84:8e:e8:a6:69:f2:09:08:0f:
f5:00:19:ad:47:ed:d1:1c:36:11:64:cf:95:79:10:
16:03:3a:5e:06:b1:22:06:f2:a0:29:3c:e2:9b:2b:
23:62:fa:64:a2:98:f9:16:52:f4:21:0c:5f:b2:69:
dd:49:69:f1:c1:40:47:40:08:e6:c0:f6:c8:44:1d:
6c:f3:00:62:67:d4:1e:49:a7:14:a3:3a:55:89:ee:
af:a7:4b:11:3e:34:d3:dc:a8:3e:84:58:2d:0e:05:
70:72:37:8f:73:2c:90:04:ae:98:75:2c:09:fd:d7:
5f:80:e9:3b:3f:a1:ab:a2:a6:2f:db:40:2d:07:31:
ea:48:b1:29:52:10:b3:fd:c8:71:5d:a7:1c:f8:71:
29:51:a7:50:f5:27:67:94:39:aa:69:46:09:b5:8a:
e2:ab:95:db:1c:f2:7a:4a:94:06:a1:8f:5f:e1:da:
a3:f0:c2:22:b5:57:f9:06:4f:33:4d:0e:e4:fe:97:
b6:f7:70:82:c0:f4:eb:9f:b8:ba:22:e6:b7:ad:a3:
31:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:7F:7E:A8:57:63:58:96:94:C3:35:98:06:FF:CA:AB:17:3F:EE:3F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Y39-qFdjWJaUwzWYBv_Kqxc_7j8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b1:e5:be:64:a1:e9:b9:40:ad:c8:93:b2:99:8e:b3:29:bd:e2:
84:59:0b:a7:b6:6f:e2:0e:61:e8:46:7f:3d:c5:cd:42:57:69:
92:03:cb:02:3f:77:f4:2b:76:09:d3:3e:6c:8e:0a:d6:45:08:
62:a7:2a:db:33:0f:7e:28:bc:d1:81:b2:c4:9f:d9:5c:8a:f4:
bd:06:96:37:8f:e4:54:41:11:5d:3e:2d:62:45:91:d0:ef:5c:
84:41:53:69:4b:12:a8:e7:57:1c:8b:f4:c2:5e:05:46:92:c4:
f0:d8:b0:5d:c1:de:c9:84:a2:cd:33:cd:2b:dd:2a:00:4b:39:
87:03:85:c7:d0:64:b9:88:c1:60:04:5c:be:3e:e3:35:d4:e8:
d2:09:8c:76:b6:93:b3:5c:72:02:dc:75:e3:d4:9f:12:d2:5d:
20:73:5f:e1:e3:f1:00:63:97:fb:5a:f2:a9:bb:f6:a1:c3:fc:
c5:4a:2d:7e:17:4e:b5:d8:ea:2d:9f:71:6e:6e:11:9a:f3:fb:
9a:36:4d:a6:65:06:89:d9:c7:a6:32:63:d6:f4:f6:e0:96:0d:
e4:24:4e:57:58:72:23:88:aa:a9:73:b3:e4:9a:0c:3e:21:f8:
eb:71:c6:17:33:95:0b:f4:f4:57:f5:26:5a:d9:20:fd:a5:76:
77:51:0b:05
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUa0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcx
MTUzNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYzN0Y3RUE4NTc2MzU4
OTY5NEMzMzU5ODA2RkZDQUFCMTczRkVFM0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCddlMo4EeLd71aPfX3oIYrWzBMJIRLBE8CnVbePisfok4+Ra11
qwXqxt6ClzPmvLULUYSO6KZp8gkID/UAGa1H7dEcNhFkz5V5EBYDOl4GsSIG8qAp
POKbKyNi+mSimPkWUvQhDF+yad1JafHBQEdACObA9shEHWzzAGJn1B5JpxSjOlWJ
7q+nSxE+NNPcqD6EWC0OBXByN49zLJAErph1LAn911+A6Ts/oauipi/bQC0HMepI
sSlSELP9yHFdpxz4cSlRp1D1J2eUOappRgm1iuKrldsc8npKlAahj1/h2qPwwiK1
V/kGTzNNDuT+l7b3cILA9OufuLoi5retozHlAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUY39+qFdjWJaUwzWYBv/Kqxc/7j8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1kzOS1xRmRqV0phVXd6
V1lCdl9LcXhjXzdqOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALHlvmSh6blArciT
spmOsym94oRZC6e2b+IOYehGfz3FzUJXaZIDywI/d/QrdgnTPmyOCtZFCGKnKtsz
D34ovNGBssSf2VyK9L0GljeP5FRBEV0+LWJFkdDvXIRBU2lLEqjnVxyL9MJeBUaS
xPDYsF3B3smEos0zzSvdKgBLOYcDhcfQZLmIwWAEXL4+4zXU6NIJjHa2k7NccgLc
dePUnxLSXSBzX+Hj8QBjl/ta8qm79qHD/MVKLX4XTrXY6i2fcW5uEZrz+5o2TaZl
BonZx6YyY9b09uCWDeQkTldYciOIqqlzs+SaDD4h+OtxxhczlQv09Ff1JlrZIP2l
dndRCwU=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:57:06 2025 by rpki-client