Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_zuKsyEbwvah6VX5K0hN5vZ-D6U.roa
File: _zuKsyEbwvah6VX5K0hN5vZ-D6U.roa (raw, json)
Hash identifier: Iu+I48vMaLGs1RpgVO05oCKLUwV+zEmxG+3mn5jjqvU=
Subject key identifier: FF:3B:8A:B3:21:1B:C2:F6:A1:E9:55:F9:2B:48:4D:E6:F6:7E:0F:A5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 53FD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_zuKsyEbwvah6VX5K0hN5vZ-D6U.roa
Signing time: Fri 10 May 2024 13:54:01 +0000
ROA not before: Fri 10 May 2024 13:54:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21501 (0x53fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 13:54:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FF3B8AB3211BC2F6A1E955F92B484DE6F67E0FA5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:76:0a:bc:8a:9c:91:b0:71:e7:a8:e0:fe:e2:
8d:98:33:b1:f5:1f:27:20:58:f9:d1:e5:8b:f6:f8:
0a:7d:6c:4d:3a:47:8f:f2:dd:74:5f:9c:ee:52:2e:
d7:cd:56:f0:48:f0:82:03:bf:5d:5e:5e:12:8d:fa:
15:83:7b:c5:6b:50:14:df:f2:8e:44:6b:b4:70:d1:
05:ae:09:91:34:fe:a0:9f:79:54:5e:60:b4:c3:d4:
80:2f:dc:04:0e:6d:fb:14:b5:02:e7:9f:75:b8:01:
64:dc:1b:4b:64:a6:ca:ff:de:f0:25:00:e1:4d:65:
12:52:af:f3:b5:31:4a:78:73:ad:38:d0:c5:58:be:
83:da:30:63:8b:82:88:24:9d:45:8b:15:e4:ee:ae:
eb:cd:9f:d1:e8:1a:07:3f:83:98:ce:a8:43:1b:45:
5e:93:46:a2:53:f5:59:d2:36:fd:6f:94:61:b3:84:
51:6b:c8:57:3a:a9:11:94:ee:be:1a:cf:61:5f:25:
80:b8:62:d2:1f:a8:b8:73:39:a6:2d:09:be:61:c9:
c1:f7:f0:f6:fc:ed:1a:cf:cc:3e:34:b6:54:08:50:
16:80:79:82:b9:04:a3:22:67:8d:ce:30:59:80:95:
6f:56:70:2b:59:4f:b7:c8:b8:e4:ab:bb:47:d4:6f:
ef:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:3B:8A:B3:21:1B:C2:F6:A1:E9:55:F9:2B:48:4D:E6:F6:7E:0F:A5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_zuKsyEbwvah6VX5K0hN5vZ-D6U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
5d:04:74:cf:50:2e:89:09:06:a7:05:47:29:34:0d:25:67:74:
94:07:c0:07:e4:0d:67:59:80:65:a8:86:41:02:7a:3b:a8:9e:
a5:01:ef:7c:f2:33:20:80:31:77:7a:cf:e6:4e:b8:56:52:eb:
04:c5:cf:25:63:f5:3d:19:05:02:ef:99:a6:61:1a:42:c7:d1:
af:84:4d:dc:96:e5:1d:cb:2a:26:07:eb:4f:15:6d:29:1f:f2:
f1:f8:87:c5:95:71:3d:fc:db:4d:28:a3:6c:5a:ef:7e:26:e8:
a0:c0:81:5d:75:f6:fc:a1:c8:4d:44:bf:10:d8:53:22:92:f7:
bf:36:a9:07:c2:82:11:40:a6:87:0d:cf:45:ba:ae:62:66:6c:
36:6a:ff:f7:44:78:3c:8a:76:a0:7d:2f:9c:a0:a1:1c:ef:f0:
14:94:6a:c2:b5:34:d8:67:a2:b5:9a:fd:dc:4b:fc:ec:d3:cf:
a1:8a:03:1d:42:07:60:c8:f6:93:2a:41:8c:8d:68:65:e1:ac:
78:f3:87:87:26:15:84:e2:5a:3b:be:c9:75:3b:69:8f:c7:f1:
6d:9a:06:b8:6f:13:da:9e:8f:73:c3:6a:4d:75:c7:5f:be:0b:
3f:91:ef:c1:96:f7:e2:02:56:3d:ba:a6:15:88:25:04:48:b4:
e7:43:10:7b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICU/0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAx
MzU0MDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZGM0I4QUIzMjExQkMy
RjZBMUU5NTVGOTJCNDg0REU2RjY3RTBGQTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2dgq8ipyRsHHnqOD+4o2YM7H1HycgWPnR5Yv2+Ap9bE06R4/y
3XRfnO5SLtfNVvBI8IIDv11eXhKN+hWDe8VrUBTf8o5Ea7Rw0QWuCZE0/qCfeVRe
YLTD1IAv3AQObfsUtQLnn3W4AWTcG0tkpsr/3vAlAOFNZRJSr/O1MUp4c6040MVY
voPaMGOLgogknUWLFeTuruvNn9HoGgc/g5jOqEMbRV6TRqJT9VnSNv1vlGGzhFFr
yFc6qRGU7r4az2FfJYC4YtIfqLhzOaYtCb5hycH38Pb87RrPzD40tlQIUBaAeYK5
BKMiZ43OMFmAlW9WcCtZT7fIuOSru0fUb+9XAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU/zuKsyEbwvah6VX5K0hN5vZ+D6UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L196dUtzeUVid3ZhaDZW
WDVLMGhONXZaLUQ2VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAF0EdM9QLokJBqcF
Ryk0DSVndJQHwAfkDWdZgGWohkECejuonqUB73zyMyCAMXd6z+ZOuFZS6wTFzyVj
9T0ZBQLvmaZhGkLH0a+ETdyW5R3LKiYH608VbSkf8vH4h8WVcT38200oo2xa734m
6KDAgV119vyhyE1EvxDYUyKS9782qQfCghFApocNz0W6rmJmbDZq//dEeDyKdqB9
L5ygoRzv8BSUasK1NNhnorWa/dxL/OzTz6GKAx1CB2DI9pMqQYyNaGXhrHjzh4cm
FYTiWju+yXU7aY/H8W2aBrhvE9qej3PDak11x1++Cz+R78GW9+ICVj26phWIJQRI
tOdDEHs=
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:59:04 2025 by rpki-client