Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_SnieDH82WZWx62L4vmCUNyIJHs.roa
File: _SnieDH82WZWx62L4vmCUNyIJHs.roa (raw, json)
Hash identifier: h8ZchnvWhWvnJWub64oVBpesNZd09w5iIOwfUW+WNm8=
Subject key identifier: FD:29:E2:78:31:FC:D9:66:56:C7:AD:8B:E2:F9:82:50:DC:88:24:7B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 56A1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_SnieDH82WZWx62L4vmCUNyIJHs.roa
Signing time: Tue 14 May 2024 02:28:02 +0000
ROA not before: Tue 14 May 2024 02:28:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22177 (0x56a1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 02:28:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FD29E27831FCD96656C7AD8BE2F98250DC88247B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:2c:89:8f:1d:b2:00:d8:0f:66:e6:f7:cf:7b:
80:fa:67:31:46:79:20:4c:8f:53:5c:42:bf:79:4d:
d1:78:02:89:0f:e9:35:48:66:a5:c5:4b:83:4d:9f:
13:7a:2b:58:97:38:ee:d0:01:4f:df:cc:28:0b:fc:
ea:14:7a:ea:b0:f3:b2:26:dd:65:02:83:4a:67:6a:
34:63:95:6e:81:cb:90:86:7f:20:07:ec:7c:64:27:
71:e9:e3:f4:ef:bb:86:46:70:5d:4f:91:cb:11:de:
a2:5a:c3:d9:f6:26:a7:d6:27:1b:af:74:82:cb:11:
d5:52:14:b9:9d:3d:40:e4:23:22:9d:8f:5a:83:31:
ec:bc:cd:24:fa:41:30:ed:c7:be:bb:b1:1c:98:27:
20:2b:b3:08:af:78:41:66:af:86:43:9c:c0:bb:4c:
91:82:a7:13:9f:4c:6d:f6:2d:6a:85:02:b3:dd:65:
c9:6a:85:72:d3:1c:55:7c:1f:7b:91:a8:97:f3:54:
36:9a:dc:2f:f7:4a:98:2f:f0:84:3a:14:c1:bd:43:
a1:ee:8c:4e:45:26:1d:26:f6:a5:c0:92:18:8f:08:
d8:05:69:f6:bd:05:7f:65:a9:52:75:94:0b:97:bf:
71:67:75:d3:ba:21:09:88:07:30:89:b6:56:c0:67:
e5:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:29:E2:78:31:FC:D9:66:56:C7:AD:8B:E2:F9:82:50:DC:88:24:7B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_SnieDH82WZWx62L4vmCUNyIJHs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
50:a3:73:c1:46:63:a7:4f:03:f9:56:a6:08:3a:69:43:6a:0d:
18:32:77:2e:ea:fc:b1:7f:a6:30:b8:63:0b:73:2e:22:6b:1e:
1b:96:67:bf:ee:1a:5b:b2:7f:80:d4:6e:04:43:74:0f:0e:b0:
52:4e:33:5a:ab:f6:b8:fc:15:b2:03:40:f1:d7:88:c5:65:7c:
b9:e3:65:d6:7b:61:f4:46:60:59:7f:8b:42:62:f2:58:03:0e:
e0:f8:5a:cc:6f:0c:f3:c2:aa:da:f1:c0:08:71:d9:a4:04:7d:
32:00:b1:92:c4:92:60:a4:1f:8a:97:d1:0d:c6:85:c7:93:2f:
b6:53:59:72:73:a1:99:7a:18:0a:62:c0:43:96:1a:b5:70:e0:
a4:35:12:53:45:43:c8:57:8f:27:cb:ea:4f:50:c6:20:91:06:
a7:a6:b5:5d:b5:91:46:9c:57:34:fe:ec:20:f9:c8:fe:94:65:
c1:9b:af:80:e1:55:0d:79:8e:db:55:18:0a:85:f2:7a:dc:77:
38:89:52:d7:cd:73:7c:e7:17:11:ac:1c:33:39:4e:a1:be:1a:
13:91:24:d8:0c:44:6f:4d:44:14:c9:e9:60:3f:da:d2:89:22:
31:42:97:1c:e8:1d:9d:7a:de:81:f9:76:b2:92:5d:7b:ed:3d:
93:4a:99:6b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVqEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQw
MjI4MDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZEMjlFMjc4MzFGQ0Q5
NjY1NkM3QUQ4QkUyRjk4MjUwREM4ODI0N0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3LImPHbIA2A9m5vfPe4D6ZzFGeSBMj1NcQr95TdF4AokP6TVI
ZqXFS4NNnxN6K1iXOO7QAU/fzCgL/OoUeuqw87Im3WUCg0pnajRjlW6By5CGfyAH
7HxkJ3Hp4/Tvu4ZGcF1PkcsR3qJaw9n2JqfWJxuvdILLEdVSFLmdPUDkIyKdj1qD
Mey8zST6QTDtx767sRyYJyArswiveEFmr4ZDnMC7TJGCpxOfTG32LWqFArPdZclq
hXLTHFV8H3uRqJfzVDaa3C/3Spgv8IQ6FMG9Q6HujE5FJh0m9qXAkhiPCNgFafa9
BX9lqVJ1lAuXv3FnddO6IQmIBzCJtlbAZ+W/AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU/SnieDH82WZWx62L4vmCUNyIJHswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19TbmllREg4MldaV3g2
Mkw0dm1DVU55SUpIcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFCjc8FGY6dPA/lW
pgg6aUNqDRgydy7q/LF/pjC4YwtzLiJrHhuWZ7/uGluyf4DUbgRDdA8OsFJOM1qr
9rj8FbIDQPHXiMVlfLnjZdZ7YfRGYFl/i0Ji8lgDDuD4WsxvDPPCqtrxwAhx2aQE
fTIAsZLEkmCkH4qX0Q3GhceTL7ZTWXJzoZl6GApiwEOWGrVw4KQ1ElNFQ8hXjyfL
6k9QxiCRBqemtV21kUacVzT+7CD5yP6UZcGbr4DhVQ15jttVGAqF8nrcdziJUtfN
c3znFxGsHDM5TqG+GhORJNgMRG9NRBTJ6WA/2tKJIjFClxzoHZ163oH5drKSXXvt
PZNKmWs=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:35:14 2025 by rpki-client