Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZHqpr0j2qh4_qrAw3rZFwM-kaBA.roa
File: ZHqpr0j2qh4_qrAw3rZFwM-kaBA.roa (raw, json)
Hash identifier: UzbQolEeiJc9LyJOUCqcAnNrA9yzfn2Li6uoAwXTEOc=
Subject key identifier: 64:7A:A9:AF:48:F6:AA:1E:3F:AA:B0:30:DE:B6:45:C0:CF:A4:68:10
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 55D1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZHqpr0j2qh4_qrAw3rZFwM-kaBA.roa
Signing time: Mon 13 May 2024 00:24:04 +0000
ROA not before: Mon 13 May 2024 00:24:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21969 (0x55d1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 00:24:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=647AA9AF48F6AA1E3FAAB030DEB645C0CFA46810
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:17:25:b8:b8:83:14:3e:e2:60:7d:15:4b:96:
58:44:1d:e3:c0:76:6b:50:3c:f1:ba:74:7e:65:4b:
2e:6b:35:db:a0:8f:43:46:e5:cd:b1:8c:bf:61:6a:
34:ad:84:d5:cb:c4:35:ce:58:19:15:06:3e:6a:33:
5f:f4:ba:f2:ac:73:71:d3:65:7f:e0:f3:ea:39:b8:
5d:dd:7e:b7:ec:4e:c7:45:fd:ff:d5:f0:aa:c3:86:
86:85:ac:dc:c2:9c:07:6b:40:c0:3e:31:2a:3e:e0:
c7:f6:e9:e3:56:2b:45:ef:d6:2e:8c:7f:3f:a4:2f:
20:37:ab:68:33:49:71:97:61:c2:78:bd:7d:f7:a7:
7e:57:87:80:7d:27:aa:80:6b:a5:28:80:1d:bd:ac:
f8:2b:f1:1d:7f:bd:7c:9b:c1:cf:0d:b9:c0:46:e2:
dd:62:7c:ef:65:79:c7:35:4a:f3:c7:da:49:c4:f1:
11:49:96:54:b6:74:82:49:fc:5a:88:2e:c6:aa:b2:
b2:35:78:09:d8:ee:76:07:e9:da:2f:a1:ec:a5:a4:
e1:55:f0:51:53:27:49:87:00:ce:c4:95:dd:b3:ee:
9f:f3:73:74:69:f6:0f:91:1e:5b:7d:5f:74:a3:a7:
0b:c7:8c:ae:24:01:2d:ed:79:d7:bc:e8:b7:68:80:
8d:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:7A:A9:AF:48:F6:AA:1E:3F:AA:B0:30:DE:B6:45:C0:CF:A4:68:10
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZHqpr0j2qh4_qrAw3rZFwM-kaBA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
61:a4:b3:85:21:7a:1d:a7:06:79:ef:8c:33:2e:28:a9:3f:95:
1d:97:2b:62:56:40:1f:9e:fd:66:26:5b:70:22:f9:8c:a4:c9:
d6:94:24:3a:9a:25:f9:9e:2e:e2:15:ef:12:1c:3a:1e:9a:2e:
94:d4:b9:c3:81:a7:cb:b1:96:d0:80:e1:2d:02:be:ed:55:53:
fa:c0:b9:d9:14:3d:d4:fb:67:c9:f6:a0:c6:8e:cc:8f:fa:ee:
19:ab:36:53:ca:44:c7:6e:9c:58:22:ed:6d:e9:42:50:c8:21:
fe:c2:7b:68:7e:72:6b:7c:87:ed:a7:3c:84:99:87:c4:22:ae:
52:24:12:91:f7:18:82:4e:07:ef:41:af:b9:82:c3:27:f8:4e:
5f:31:12:cc:0f:4c:da:63:fd:e7:69:be:c3:c0:f6:57:7e:d6:
1c:39:71:a3:47:01:d0:6b:74:d6:59:f3:2f:5d:4b:13:a6:6d:
10:2d:d3:f9:d6:09:aa:d1:bd:e8:0b:02:23:cf:56:5c:84:ae:
48:3d:5d:9f:6c:d4:bd:95:c1:96:2c:e8:59:7d:c3:2e:5f:4f:
79:8e:b9:01:1e:2d:09:d5:a5:25:cd:ec:ef:d5:7d:99:a7:98:
b7:af:53:10:31:35:4b:1e:59:ab:a5:61:32:e7:76:bf:28:ea:
35:9b:29:34
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVdEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMw
MDI0MDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY0N0FBOUFGNDhGNkFB
MUUzRkFBQjAzMERFQjY0NUMwQ0ZBNDY4MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2FyW4uIMUPuJgfRVLllhEHePAdmtQPPG6dH5lSy5rNdugj0NG
5c2xjL9hajSthNXLxDXOWBkVBj5qM1/0uvKsc3HTZX/g8+o5uF3dfrfsTsdF/f/V
8KrDhoaFrNzCnAdrQMA+MSo+4Mf26eNWK0Xv1i6Mfz+kLyA3q2gzSXGXYcJ4vX33
p35Xh4B9J6qAa6UogB29rPgr8R1/vXybwc8NucBG4t1ifO9lecc1SvPH2knE8RFJ
llS2dIJJ/FqILsaqsrI1eAnY7nYH6dovoeylpOFV8FFTJ0mHAM7Eld2z7p/zc3Rp
9g+RHlt9X3SjpwvHjK4kAS3tede86LdogI19AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUZHqpr0j2qh4/qrAw3rZFwM+kaBAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pIcXByMGoycWg0X3Fy
QXczclpGd00ta2FCQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGGks4Uheh2nBnnv
jDMuKKk/lR2XK2JWQB+e/WYmW3Ai+YykydaUJDqaJfmeLuIV7xIcOh6aLpTUucOB
p8uxltCA4S0Cvu1VU/rAudkUPdT7Z8n2oMaOzI/67hmrNlPKRMdunFgi7W3pQlDI
If7Ce2h+cmt8h+2nPISZh8QirlIkEpH3GIJOB+9Br7mCwyf4Tl8xEswPTNpj/edp
vsPA9ld+1hw5caNHAdBrdNZZ8y9dSxOmbRAt0/nWCarRvegLAiPPVlyErkg9XZ9s
1L2VwZYs6Fl9wy5fT3mOuQEeLQnVpSXN7O/VfZmnmLevUxAxNUseWaulYTLndr8o
6jWbKTQ=
-----END CERTIFICATE-----
Generated at Fri Jun 20 08:11:40 2025 by rpki-client