Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Z8VnD3Osl_MXEYIVTTv-0HTQDjI.roa
File: Z8VnD3Osl_MXEYIVTTv-0HTQDjI.roa (raw, json)
Hash identifier: QHC4yltPayMH15QUtxqpIa+EQ5PYn+h896yDGwRX4dE=
Subject key identifier: 67:C5:67:0F:73:AC:97:F3:17:11:82:15:4D:3B:FE:D0:74:D0:0E:32
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 349D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Z8VnD3Osl_MXEYIVTTv-0HTQDjI.roa
Signing time: Fri 29 Mar 2024 17:52:05 +0000
ROA not before: Fri 29 Mar 2024 17:52:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13469 (0x349d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 17:52:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=67C5670F73AC97F3171182154D3BFED074D00E32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:f9:24:76:8a:a9:dd:5a:52:ab:16:d4:b4:43:
fd:97:22:f7:d6:84:55:94:51:7f:06:56:42:f6:cc:
30:5c:17:5c:14:a3:94:b9:51:76:ec:49:83:d2:36:
58:3f:15:a7:9e:fc:a9:51:92:a9:df:e8:d0:21:f4:
84:58:24:13:3b:17:f6:b5:2f:27:aa:4c:92:7a:30:
5f:d2:1f:22:32:d3:b8:48:34:78:aa:d5:e1:b9:2b:
fc:f3:57:8a:84:56:9e:e1:17:10:51:16:d6:30:3f:
08:b5:d9:2d:ea:9d:b1:2c:16:18:9e:60:89:b9:3b:
96:19:b2:de:ca:f7:1c:16:cb:ab:45:18:f7:5a:59:
9c:12:97:e2:51:ad:80:55:7c:79:56:d6:70:ce:6b:
b9:83:6c:ea:8b:fd:1f:19:4c:a5:63:fd:f7:80:de:
9b:b5:68:79:f6:83:16:4e:f2:70:90:6e:c6:d0:81:
53:3c:e5:62:e2:bc:57:db:8f:87:c4:bf:0d:f3:4d:
f3:43:3a:16:af:dd:27:81:8e:40:ca:99:7f:29:01:
55:15:ab:ad:9c:a7:77:3f:9c:f4:6e:35:a5:25:9a:
20:5f:df:c2:84:2b:de:fe:15:e2:bd:4e:74:47:8a:
d7:9a:b7:f8:4e:03:31:ad:97:d0:31:54:b6:b4:01:
4e:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:C5:67:0F:73:AC:97:F3:17:11:82:15:4D:3B:FE:D0:74:D0:0E:32
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Z8VnD3Osl_MXEYIVTTv-0HTQDjI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
88:52:cc:76:cf:0b:d1:9f:2a:1e:5c:b5:13:f9:d4:c9:52:92:
8a:de:2b:8e:64:67:b0:ed:6e:60:5b:50:5e:b0:d5:38:14:38:
a0:2e:4b:1e:58:f8:0c:21:44:f4:41:16:9a:57:92:0a:a4:2f:
3f:7d:ac:db:f5:9c:fc:29:79:5d:db:d8:48:20:2f:b5:56:e3:
e0:6e:cc:16:5d:be:7c:d8:39:f7:9d:99:d8:74:a4:3e:9b:72:
fc:1e:b7:6f:e1:1f:8d:84:2c:1b:b9:0a:04:e3:57:f6:97:ff:
19:48:f4:45:8f:7d:2c:f4:6b:37:62:18:fc:83:11:a7:df:18:
f2:96:0e:2c:72:1e:c4:f2:0e:e4:cc:ee:05:2c:d4:6e:da:db:
f6:d3:3d:85:82:df:e9:35:d0:f6:e3:b7:26:dc:a1:6b:b6:af:
f4:60:04:ba:ae:29:0c:00:1c:60:68:8b:dd:3c:40:a2:5b:0f:
89:55:f2:46:4f:12:73:fb:b5:4d:e9:45:05:d6:51:bc:7f:db:
7e:33:eb:f5:3d:05:2e:a8:15:fa:f9:9e:f8:75:a1:ec:4a:07:
43:1b:f2:61:7f:6c:4a:a7:8a:24:91:97:6c:2f:b9:4f:a6:4a:
7e:79:59:c0:44:9b:8a:c5:17:99:a1:64:fc:a6:50:f2:f4:9a:
81:81:58:a5
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNJ0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkx
NzUyMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY3QzU2NzBGNzNBQzk3
RjMxNzExODIxNTREM0JGRUQwNzREMDBFMzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCm+SR2iqndWlKrFtS0Q/2XIvfWhFWUUX8GVkL2zDBcF1wUo5S5
UXbsSYPSNlg/Faee/KlRkqnf6NAh9IRYJBM7F/a1LyeqTJJ6MF/SHyIy07hINHiq
1eG5K/zzV4qEVp7hFxBRFtYwPwi12S3qnbEsFhieYIm5O5YZst7K9xwWy6tFGPda
WZwSl+JRrYBVfHlW1nDOa7mDbOqL/R8ZTKVj/feA3pu1aHn2gxZO8nCQbsbQgVM8
5WLivFfbj4fEvw3zTfNDOhav3SeBjkDKmX8pAVUVq62cp3c/nPRuNaUlmiBf38KE
K97+FeK9TnRHiteat/hOAzGtl9AxVLa0AU67AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUZ8VnD3Osl/MXEYIVTTv+0HTQDjIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1o4Vm5EM09zbF9NWEVZ
SVZUVHYtMEhUUURqSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIhSzHbPC9GfKh5c
tRP51MlSkoreK45kZ7DtbmBbUF6w1TgUOKAuSx5Y+AwhRPRBFppXkgqkLz99rNv1
nPwpeV3b2EggL7VW4+BuzBZdvnzYOfedmdh0pD6bcvwet2/hH42ELBu5CgTjV/aX
/xlI9EWPfSz0azdiGPyDEaffGPKWDixyHsTyDuTM7gUs1G7a2/bTPYWC3+k10Pbj
tybcoWu2r/RgBLquKQwAHGBoi908QKJbD4lV8kZPEnP7tU3pRQXWUbx/234z6/U9
BS6oFfr5nvh1oexKB0Mb8mF/bEqniiSRl2wvuU+mSn55WcBEm4rFF5mhZPymUPL0
moGBWKU=
-----END CERTIFICATE-----
Generated at Sat Jun 21 06:45:28 2025 by rpki-client