Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YMJRcz6rMTvpY_wdw69QPi6EAcM.roa
File: YMJRcz6rMTvpY_wdw69QPi6EAcM.roa (raw, json)
Hash identifier: 2691tQQUiPKfHIJwvtHCAaHUuYrRgKWkTo3Ik4Rr004=
Subject key identifier: 60:C2:51:73:3E:AB:31:3B:E9:63:FC:1D:C3:AF:50:3E:2E:84:01:C3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5055
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YMJRcz6rMTvpY_wdw69QPi6EAcM.roa
Signing time: Sun 05 May 2024 16:53:49 +0000
ROA not before: Sun 05 May 2024 16:53:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20565 (0x5055)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 16:53:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=60C251733EAB313BE963FC1DC3AF503E2E8401C3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:cc:8e:d7:fe:50:9c:aa:c9:cf:51:6d:ef:88:
3f:23:22:70:1b:38:f0:a7:d0:48:85:4c:85:3d:32:
38:77:0d:54:ea:b4:21:8e:c2:bd:22:4a:54:e9:6a:
5f:74:0e:d7:6e:21:39:1f:32:c0:3f:4a:4c:f6:70:
a9:f6:b7:50:4f:fe:5a:1f:f2:1e:9c:21:f5:c5:dd:
ef:d9:01:c8:49:5d:c8:16:4d:67:35:bf:8d:9f:2a:
04:69:ee:1d:2c:cb:2a:8b:af:11:03:b4:06:06:01:
1b:44:0f:2a:80:eb:81:4f:1e:f5:a4:0c:8c:1e:8f:
2e:32:2d:68:1b:68:06:54:c3:2f:f4:b8:7a:fa:9d:
38:ed:32:a4:b4:53:c7:45:0b:b3:aa:b1:e8:66:b3:
c5:f9:ea:be:bf:86:d8:16:66:43:3f:ad:fc:9e:f0:
ea:2e:0e:97:8c:49:f7:6a:be:75:dc:99:8e:59:e2:
74:c6:a6:50:28:1f:18:4b:e6:ea:4c:5e:62:9b:04:
67:cd:9e:f2:0c:8c:38:92:eb:79:02:29:08:dc:c2:
7d:04:3e:0a:cb:f6:c5:6b:68:2e:77:18:55:7b:3b:
b5:35:2d:75:38:67:c7:61:e3:55:d9:72:a0:11:05:
1c:cb:11:c5:80:b0:22:d8:14:2f:8d:42:68:2d:2f:
e9:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:C2:51:73:3E:AB:31:3B:E9:63:FC:1D:C3:AF:50:3E:2E:84:01:C3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YMJRcz6rMTvpY_wdw69QPi6EAcM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
79:03:44:af:c2:2e:4e:3d:7e:ee:0c:dc:5c:e5:ea:45:5d:7b:
6f:f6:9a:e6:2e:ff:b6:bf:86:91:58:15:b0:0c:e5:96:6f:f6:
04:18:bc:c7:cf:b4:38:28:44:11:fb:2d:f1:9c:94:f5:eb:1c:
d8:e7:a0:34:a4:59:5c:cb:9e:81:8f:6e:d0:88:24:2d:bf:3a:
de:c9:aa:7d:ea:57:d6:f8:39:07:13:fd:1e:dc:7f:1a:04:3d:
dd:97:67:3f:77:da:04:e2:6f:9c:49:17:f7:84:56:9e:34:2a:
37:0d:23:90:ab:6e:74:2b:f1:74:87:cf:b3:d6:cb:52:5e:12:
ae:0c:61:58:a0:9c:cd:c6:29:fc:7d:39:18:5a:a0:c3:1c:e3:
01:bc:26:be:25:1c:8b:ae:82:57:fa:05:c0:58:f2:64:da:9b:
34:a5:25:7e:3a:09:3c:78:3a:da:31:99:50:ff:b3:59:be:ee:
5e:ed:25:f1:ab:b5:15:d9:85:f3:ce:1b:ff:60:88:3d:15:ef:
d3:d5:1f:3a:c5:71:fe:bc:1c:c1:65:dc:cf:cc:35:f8:ff:38:
79:5b:bd:a2:de:2d:e2:15:28:d8:e4:22:3b:19:41:d6:e6:3a:
2b:75:2e:15:d2:86:80:04:8f:c2:30:bf:83:68:64:dd:c6:14:
1c:2a:3f:76
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUFUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUx
NjUzNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYwQzI1MTczM0VBQjMx
M0JFOTYzRkMxREMzQUY1MDNFMkU4NDAxQzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDozI7X/lCcqsnPUW3viD8jInAbOPCn0EiFTIU9Mjh3DVTqtCGO
wr0iSlTpal90DtduITkfMsA/Skz2cKn2t1BP/lof8h6cIfXF3e/ZAchJXcgWTWc1
v42fKgRp7h0syyqLrxEDtAYGARtEDyqA64FPHvWkDIwejy4yLWgbaAZUwy/0uHr6
nTjtMqS0U8dFC7Oqsehms8X56r6/htgWZkM/rfye8OouDpeMSfdqvnXcmY5Z4nTG
plAoHxhL5upMXmKbBGfNnvIMjDiS63kCKQjcwn0EPgrL9sVraC53GFV7O7U1LXU4
Z8dh41XZcqARBRzLEcWAsCLYFC+NQmgtL+nLAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUYMJRcz6rMTvpY/wdw69QPi6EAcMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lNSlJjejZyTVR2cFlf
d2R3NjlRUGk2RUFjTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHkDRK/CLk49fu4M
3Fzl6kVde2/2muYu/7a/hpFYFbAM5ZZv9gQYvMfPtDgoRBH7LfGclPXrHNjnoDSk
WVzLnoGPbtCIJC2/Ot7Jqn3qV9b4OQcT/R7cfxoEPd2XZz932gTib5xJF/eEVp40
KjcNI5CrbnQr8XSHz7PWy1JeEq4MYVignM3GKfx9ORhaoMMc4wG8Jr4lHIuuglf6
BcBY8mTamzSlJX46CTx4OtoxmVD/s1m+7l7tJfGrtRXZhfPOG/9giD0V79PVHzrF
cf68HMFl3M/MNfj/OHlbvaLeLeIVKNjkIjsZQdbmOit1LhXShoAEj8Iwv4NoZN3G
FBwqP3Y=
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:18:32 2025 by rpki-client