Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/cQy310HaHOzZ6dq-RuXRU195izI.roa
File: cQy310HaHOzZ6dq-RuXRU195izI.roa (raw, json)
Hash identifier: l8NQsj4TcCkXqGYShuCpzFrHSWY4xlAvy82ZQhtvRvw=
Subject key identifier: 71:0C:B7:D7:41:DA:1C:EC:D9:E9:DA:BE:46:E5:D1:53:5F:79:8B:32
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DA9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cQy310HaHOzZ6dq-RuXRU195izI.roa
Signing time: Thu 02 May 2024 03:23:41 +0000
ROA not before: Thu 02 May 2024 03:23:41 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19881 (0x4da9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 03:23:41 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=710CB7D741DA1CECD9E9DABE46E5D1535F798B32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:55:bf:1b:cf:26:94:e0:18:b6:c4:04:74:fe:
5f:8e:46:8a:4d:2b:6f:c5:ca:96:de:a2:99:b5:86:
2a:b2:07:c9:f9:fc:e1:94:da:55:03:7e:50:83:d2:
26:d9:e6:2e:5a:30:03:f2:09:52:fa:dc:8b:49:45:
f7:97:d0:e4:e2:87:e1:57:4d:42:9e:c1:c4:f5:83:
83:95:50:9c:8c:68:e8:04:5d:96:67:a7:9e:e5:11:
6e:97:22:32:86:e3:51:05:d9:4d:07:f9:04:66:69:
9a:56:03:4b:00:07:00:10:47:28:c6:a4:22:8a:d7:
df:b5:79:c0:28:91:2f:8c:6e:5b:10:a4:24:57:46:
f1:10:cb:d5:03:7b:fc:c1:03:89:54:f7:df:58:a3:
5b:aa:1b:a7:19:61:92:49:1a:e4:ed:84:e2:65:49:
4e:8d:26:a7:08:86:4e:f0:3e:48:1a:e3:7f:b3:74:
de:bd:9c:56:30:50:8f:be:45:c3:73:1c:f1:25:74:
4e:53:9f:d5:b9:66:34:b7:91:4e:ab:b4:a7:ae:77:
1b:75:64:f7:f0:1f:f0:da:bc:42:46:77:0b:82:f0:
38:68:5d:18:10:77:4e:a9:83:4b:11:ac:55:d8:43:
5f:fb:64:6d:04:dc:3c:e0:fe:5f:65:c2:ec:69:12:
ce:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:0C:B7:D7:41:DA:1C:EC:D9:E9:DA:BE:46:E5:D1:53:5F:79:8B:32
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cQy310HaHOzZ6dq-RuXRU195izI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
24:00:d2:b1:45:65:2e:ac:0e:3a:66:85:11:14:82:d3:88:5c:
61:b5:aa:d9:34:6d:f0:ed:d1:ac:e8:00:fc:2f:98:5e:81:e6:
7b:32:86:38:fc:cd:23:3f:93:58:85:79:61:02:f0:e4:28:17:
e9:ae:91:d6:c0:0f:49:74:8f:d1:68:19:4c:fb:66:05:43:c3:
02:d4:1e:57:5f:5f:5b:e7:49:61:0b:37:ac:c9:5e:ff:ca:aa:
c9:3c:de:e3:da:cb:6f:7a:ad:fb:5d:d6:65:4c:b4:0b:3a:06:
ed:e3:96:55:e1:d7:e8:8a:0b:4d:a7:59:e0:d7:33:bf:4b:ba:
64:82:85:d3:89:88:b3:d9:f6:c5:57:04:12:32:2a:9d:5b:c2:
ff:4a:2e:e3:f9:2d:8e:c4:3a:d4:90:f8:4a:83:f0:4d:49:42:
06:86:4e:21:aa:5e:73:82:d1:54:17:6d:b9:47:0d:00:91:3a:
6c:2f:90:ad:37:99:03:23:a9:de:54:ab:01:87:db:c6:67:29:
58:10:a4:cf:ac:f4:85:50:e0:0c:c6:09:db:c8:7f:b0:13:2b:
99:2e:a7:31:65:0e:89:6d:2e:1b:f6:d6:4e:5e:94:e0:e3:7f:
91:fd:56:7c:97:40:dd:d7:73:73:e5:70:86:22:75:7c:34:10:
ee:e5:e8:e9
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTakwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
MzIzNDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDcxMENCN0Q3NDFEQTFD
RUNEOUU5REFCRTQ2RTVEMTUzNUY3OThCMzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNVb8bzyaU4Bi2xAR0/l+ORopNK2/Fypbeopm1hiqyB8n5/OGU
2lUDflCD0ibZ5i5aMAPyCVL63ItJRfeX0OTih+FXTUKewcT1g4OVUJyMaOgEXZZn
p57lEW6XIjKG41EF2U0H+QRmaZpWA0sABwAQRyjGpCKK19+1ecAokS+MblsQpCRX
RvEQy9UDe/zBA4lU999Yo1uqG6cZYZJJGuTthOJlSU6NJqcIhk7wPkga43+zdN69
nFYwUI++RcNzHPEldE5Tn9W5ZjS3kU6rtKeudxt1ZPfwH/DavEJGdwuC8DhoXRgQ
d06pg0sRrFXYQ1/7ZG0E3Dzg/l9lwuxpEs55AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUcQy310HaHOzZ6dq+RuXRU195izIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2NReTMxMEhhSE96WjZk
cS1SdVhSVTE5NWl6SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACQA0rFFZS6sDjpm
hREUgtOIXGG1qtk0bfDt0azoAPwvmF6B5nsyhjj8zSM/k1iFeWEC8OQoF+mukdbA
D0l0j9FoGUz7ZgVDwwLUHldfX1vnSWELN6zJXv/Kqsk83uPay296rftd1mVMtAs6
Bu3jllXh1+iKC02nWeDXM79LumSChdOJiLPZ9sVXBBIyKp1bwv9KLuP5LY7EOtSQ
+EqD8E1JQgaGTiGqXnOC0VQXbblHDQCROmwvkK03mQMjqd5UqwGH28ZnKVgQpM+s
9IVQ4AzGCdvIf7ATK5kupzFlDoltLhv21k5elODjf5H9VnyXQN3Xc3PlcIYidXw0
EO7l6Ok=
-----END CERTIFICATE-----
Generated at Sun Jun 22 09:29:28 2025 by rpki-client