Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/cqzzuzQOt7PHzyAnqmuTHGlvJmA.roa
File: cqzzuzQOt7PHzyAnqmuTHGlvJmA.roa (raw, json)
Hash identifier: Ti5YKMSiyS2UxjBKb1QcrP1oQgz9GdLIu6bm+SwxaVo=
Subject key identifier: 72:AC:F3:BB:34:0E:B7:B3:C7:CF:20:27:AA:6B:93:1C:69:6F:26:60
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 439D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cqzzuzQOt7PHzyAnqmuTHGlvJmA.roa
Signing time: Thu 18 Apr 2024 17:53:25 +0000
ROA not before: Thu 18 Apr 2024 17:53:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17309 (0x439d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 17:53:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=72ACF3BB340EB7B3C7CF2027AA6B931C696F2660
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:16:89:b2:3b:3a:20:79:80:98:39:bf:81:02:
94:97:0c:28:73:a3:98:6f:72:50:d7:70:5f:cc:38:
38:97:bf:18:00:80:80:02:d8:c9:a3:61:95:e3:a6:
9d:81:46:16:5a:5d:e8:2e:61:b3:59:d8:34:8a:e6:
70:7d:23:77:6e:b3:8c:17:1c:1f:0f:47:26:f0:d6:
cd:ed:36:f4:ec:46:66:07:f2:d7:1d:30:c7:59:ec:
8a:d4:72:be:a4:d9:0d:7d:40:ce:52:95:b6:7a:d1:
c0:c4:e1:2a:c9:f1:02:f6:52:97:46:e0:e9:5f:5b:
c2:d0:f9:7b:32:6e:e6:f5:06:ab:8c:9e:a3:8a:03:
fd:40:1a:14:d3:7e:a4:9b:85:a9:3e:09:8b:c2:05:
63:d7:7d:f8:2b:a6:b7:54:82:1a:48:f7:e6:8f:5b:
18:e9:10:43:61:ec:49:14:04:31:76:62:b9:0e:a3:
06:41:ea:bb:d2:98:ce:ba:25:d3:1b:b2:33:11:93:
96:8c:d5:a9:38:97:91:9c:f1:2a:e7:76:e4:10:5b:
e2:d9:e1:69:21:c7:95:8c:96:85:61:2c:bc:da:38:
c0:03:3c:53:8d:ff:18:91:9e:28:c7:68:19:fe:8c:
e0:5d:fe:96:56:a2:ce:84:32:86:b9:84:f7:cd:b7:
5d:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:AC:F3:BB:34:0E:B7:B3:C7:CF:20:27:AA:6B:93:1C:69:6F:26:60
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cqzzuzQOt7PHzyAnqmuTHGlvJmA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
72:f6:79:d9:cf:92:e0:11:eb:f1:6a:a2:77:c2:c2:b3:f8:74:
5d:57:a4:a4:4c:68:76:e1:58:b1:c2:54:42:91:a6:d3:25:08:
23:db:b4:bc:94:05:2e:ea:a3:bc:90:95:9a:07:07:81:2b:43:
a8:51:2b:c1:ed:fa:35:f1:6c:42:a6:dc:06:30:9e:e2:f1:c0:
e0:67:e8:41:c2:60:fe:6b:80:68:b3:0d:1d:49:39:31:52:ae:
34:74:6a:66:f4:da:86:0e:4a:68:65:70:a9:83:01:2a:a2:4b:
a1:f3:5e:8c:0d:2c:c3:4c:b8:a4:db:3a:9a:c1:f6:43:4a:e5:
1d:2b:80:76:1f:0d:93:8d:8b:fc:74:8f:61:b3:27:ca:76:87:
0c:11:dc:e8:e0:da:b3:93:54:c6:a0:b2:ba:3d:cb:ef:15:87:
8d:2c:3c:82:aa:3e:54:86:4b:3b:0b:81:8b:6e:f8:d9:bb:da:
ac:5e:c5:92:7c:9b:c3:eb:79:40:98:77:78:5a:93:b6:94:1d:
21:8a:17:5a:de:77:13:38:5f:3d:fb:32:37:0d:b0:59:2a:ac:
3e:0d:15:7d:15:4b:f8:77:c0:47:86:29:3e:29:ac:54:63:fc:
94:f9:1d:f9:fd:ea:ae:fe:0d:36:50:e9:53:c9:60:a2:8b:96:
b6:c1:c3:c5
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQ50wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgx
NzUzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDcyQUNGM0JCMzQwRUI3
QjNDN0NGMjAyN0FBNkI5MzFDNjk2RjI2NjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDrFomyOzogeYCYOb+BApSXDChzo5hvclDXcF/MODiXvxgAgIAC
2MmjYZXjpp2BRhZaXeguYbNZ2DSK5nB9I3dus4wXHB8PRybw1s3tNvTsRmYH8tcd
MMdZ7IrUcr6k2Q19QM5SlbZ60cDE4SrJ8QL2UpdG4OlfW8LQ+Xsybub1BquMnqOK
A/1AGhTTfqSbhak+CYvCBWPXffgrprdUghpI9+aPWxjpEENh7EkUBDF2YrkOowZB
6rvSmM66JdMbsjMRk5aM1ak4l5Gc8SrnduQQW+LZ4Wkhx5WMloVhLLzaOMADPFON
/xiRnijHaBn+jOBd/pZWos6EMoa5hPfNt13/AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUcqzzuzQOt7PHzyAnqmuTHGlvJmAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2Nxenp1elFPdDdQSHp5
QW5xbXVUSEdsdkptQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHL2ednPkuAR6/Fq
onfCwrP4dF1XpKRMaHbhWLHCVEKRptMlCCPbtLyUBS7qo7yQlZoHB4ErQ6hRK8Ht
+jXxbEKm3AYwnuLxwOBn6EHCYP5rgGizDR1JOTFSrjR0amb02oYOSmhlcKmDASqi
S6HzXowNLMNMuKTbOprB9kNK5R0rgHYfDZONi/x0j2GzJ8p2hwwR3Ojg2rOTVMag
sro9y+8Vh40sPIKqPlSGSzsLgYtu+Nm72qxexZJ8m8PreUCYd3hak7aUHSGKF1re
dxM4Xz37MjcNsFkqrD4NFX0VS/h3wEeGKT4prFRj/JT5Hfn96q7+DTZQ6VPJYKKL
lrbBw8U=
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:14:08 2025 by rpki-client