Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZrZaECO3OzomZ21go_v0wOOYrdw.roa
File: ZrZaECO3OzomZ21go_v0wOOYrdw.roa (raw, json)
Hash identifier: fNqJcnJHAzT2B6xEhoclRSodty04gpJqISGpPk44z+U=
Subject key identifier: 66:B6:5A:10:23:B7:3B:3A:26:67:6D:60:A3:FB:F4:C0:E3:98:AD:DC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 573D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZrZaECO3OzomZ21go_v0wOOYrdw.roa
Signing time: Tue 14 May 2024 21:54:11 +0000
ROA not before: Tue 14 May 2024 21:54:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22333 (0x573d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 21:54:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=66B65A1023B73B3A26676D60A3FBF4C0E398ADDC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:86:13:a0:6f:ae:f4:f4:93:54:33:24:ca:4a:
bf:a0:b9:8d:3b:fc:91:02:4d:ec:90:03:12:9e:9b:
d0:0f:92:99:88:f2:b4:ce:c5:c4:4f:1f:dc:f6:18:
bb:ba:2e:99:e6:19:6d:f5:cb:6b:cc:be:db:da:c4:
fc:fe:18:c1:c3:1e:d5:4a:a9:66:57:a7:95:23:58:
dd:45:ab:d8:1c:62:77:35:60:b2:f7:8e:e4:38:ce:
dc:1c:40:66:fc:10:37:2d:f9:7c:5e:37:6a:4d:17:
34:41:26:83:b7:de:2d:a7:40:e5:e9:a5:bc:1f:62:
c0:cf:b5:98:64:63:7b:e2:dd:6e:ca:62:ed:44:45:
13:cf:07:5d:b0:0d:b4:85:eb:18:0c:93:8b:4f:de:
6a:8a:86:fb:ad:38:5b:13:cc:8c:17:46:96:f5:dc:
b8:ba:62:17:51:d5:9f:57:91:2d:8b:5d:bc:2d:42:
ec:22:24:54:ec:5c:9e:37:aa:c6:f9:ae:c2:b8:3f:
11:b1:67:f5:56:e0:65:e4:c8:62:a3:59:0e:b2:e5:
09:13:38:81:fa:d6:34:09:33:63:62:c7:20:fe:08:
65:2d:45:5e:c8:66:e5:7d:e5:08:c0:0a:69:9f:81:
fe:85:6f:c5:32:8a:0e:67:bf:73:b7:a3:f8:b6:d1:
86:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:B6:5A:10:23:B7:3B:3A:26:67:6D:60:A3:FB:F4:C0:E3:98:AD:DC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZrZaECO3OzomZ21go_v0wOOYrdw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
29:2f:95:17:4f:f5:4e:3f:d7:52:64:3f:cb:9b:12:16:6a:22:
c0:eb:88:de:f4:9a:76:8b:fb:b1:18:81:eb:2a:aa:39:78:f2:
65:ec:65:e9:f4:ee:c5:3d:9d:b8:71:fc:21:8a:8d:94:1e:09:
d4:34:f3:51:87:3d:8d:06:11:42:5e:8d:11:d1:e6:c8:a8:38:
80:af:6c:ed:0f:ee:46:c3:47:1f:06:73:8a:dd:7b:d6:98:ff:
10:82:e5:36:87:8c:14:6b:fc:39:e9:5e:0a:84:48:12:5c:42:
c7:37:ab:81:43:18:0b:fc:0a:b3:00:ec:6d:cb:4a:07:df:f0:
46:d9:0e:0e:98:39:67:e7:ba:de:f4:e4:d0:e3:29:d8:87:4f:
58:02:01:ea:10:5e:dc:05:6d:47:1d:c5:e6:a3:fb:77:74:f8:
b1:51:6a:04:ce:a4:e3:c8:d6:e4:17:28:8e:01:7f:07:1f:cf:
97:8e:de:ff:d4:6f:18:09:7a:22:3c:38:78:2c:0a:bd:57:14:
15:11:ae:e0:48:13:bf:dd:68:a1:53:c4:57:bb:19:8c:0d:6d:
5a:04:f9:98:1f:e2:a8:bd:81:f2:ce:b8:53:33:61:8e:38:3f:
73:d3:95:4c:bf:8e:14:25:f8:af:35:39:e4:49:29:aa:3f:64:
bf:e5:e3:ea
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVz0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQy
MTU0MTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY2QjY1QTEwMjNCNzNC
M0EyNjY3NkQ2MEEzRkJGNEMwRTM5OEFEREMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDkhhOgb6709JNUMyTKSr+guY07/JECTeyQAxKem9APkpmI8rTO
xcRPH9z2GLu6LpnmGW31y2vMvtvaxPz+GMHDHtVKqWZXp5UjWN1Fq9gcYnc1YLL3
juQ4ztwcQGb8EDct+XxeN2pNFzRBJoO33i2nQOXppbwfYsDPtZhkY3vi3W7KYu1E
RRPPB12wDbSF6xgMk4tP3mqKhvutOFsTzIwXRpb13Li6YhdR1Z9XkS2LXbwtQuwi
JFTsXJ43qsb5rsK4PxGxZ/VW4GXkyGKjWQ6y5QkTOIH61jQJM2NixyD+CGUtRV7I
ZuV95QjACmmfgf6Fb8Uyig5nv3O3o/i20YabAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUZrZaECO3OzomZ21go/v0wOOYrdwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pyWmFFQ08zT3pvbVoy
MWdvX3Ywd09PWXJkdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACkvlRdP9U4/11Jk
P8ubEhZqIsDriN70mnaL+7EYgesqqjl48mXsZen07sU9nbhx/CGKjZQeCdQ081GH
PY0GEUJejRHR5sioOICvbO0P7kbDRx8Gc4rde9aY/xCC5TaHjBRr/DnpXgqESBJc
Qsc3q4FDGAv8CrMA7G3LSgff8EbZDg6YOWfnut705NDjKdiHT1gCAeoQXtwFbUcd
xeaj+3d0+LFRagTOpOPI1uQXKI4Bfwcfz5eO3v/UbxgJeiI8OHgsCr1XFBURruBI
E7/daKFTxFe7GYwNbVoE+Zgf4qi9gfLOuFMzYY44P3PTlUy/jhQl+K81OeRJKao/
ZL/l4+o=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:20:47 2025 by rpki-client