Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dqkEWO-FA1uzvwTp0w_cdmnO2iM.roa
File: dqkEWO-FA1uzvwTp0w_cdmnO2iM.roa (raw, json)
Hash identifier: fV+BDOpXHhnwB+l2HwGqlkX2jHC+baIbnTHUT48IBO8=
Subject key identifier: 76:A9:04:58:EF:85:03:5B:B3:BF:04:E9:D3:0F:DC:76:69:CE:DA:23
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54F9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dqkEWO-FA1uzvwTp0w_cdmnO2iM.roa
Signing time: Sat 11 May 2024 21:24:03 +0000
ROA not before: Sat 11 May 2024 21:24:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21753 (0x54f9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 21:24:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=76A90458EF85035BB3BF04E9D30FDC7669CEDA23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:e3:00:82:e7:c4:1f:8e:40:87:21:a5:aa:66:
53:67:37:83:4b:52:cc:05:94:32:30:a4:e9:a5:e5:
82:ab:c9:73:ef:18:89:b8:60:cd:aa:c9:37:67:25:
ec:fb:8a:76:04:21:7f:db:c7:38:f0:f4:f8:37:ca:
a1:b0:50:fc:57:a5:23:f6:48:95:c4:3f:0d:67:9d:
fd:9e:d2:10:b9:a2:02:84:87:99:0e:3c:4c:2a:3e:
43:4e:a5:07:c7:1b:65:53:38:c4:11:a0:8e:72:f6:
12:78:21:ee:53:5e:73:d6:26:bc:45:e2:11:95:fe:
77:99:d2:b5:9f:dc:18:44:f9:bb:e7:a6:eb:4b:80:
e8:66:68:e4:10:b2:ee:a3:6d:40:d5:14:a3:77:39:
b2:df:4c:73:05:5a:a1:86:6c:b6:7e:cf:22:12:a1:
13:2a:38:a6:0c:e1:97:65:49:06:5a:0e:09:ae:53:
d2:93:54:9c:86:04:86:04:5b:0a:04:c9:06:ac:a2:
65:e2:76:44:f8:d6:55:17:d3:4e:fa:61:49:5b:f2:
8e:7d:b3:63:99:b9:0c:85:cb:77:30:52:d1:af:14:
8d:58:2f:13:f0:e6:12:48:bd:ec:6d:9b:76:b4:a2:
0f:c6:12:28:ac:eb:47:21:d2:f3:27:39:44:b1:1a:
32:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:A9:04:58:EF:85:03:5B:B3:BF:04:E9:D3:0F:DC:76:69:CE:DA:23
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dqkEWO-FA1uzvwTp0w_cdmnO2iM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
7d:57:f7:7e:8a:51:e3:a4:68:78:be:c6:33:f9:14:ab:6f:be:
a8:be:f3:45:cb:b2:05:18:34:33:35:35:48:65:5a:70:00:5f:
56:1f:d6:99:e4:dd:ac:18:b3:71:d5:37:bd:34:da:5a:30:64:
aa:0d:10:04:2c:f2:37:ac:66:2a:0c:69:a8:84:57:de:c3:2f:
43:d1:84:e2:8f:88:ec:dd:01:c4:a1:e5:83:57:9e:2e:37:89:
a8:80:f8:2e:f8:2d:b9:9b:b4:b8:6b:d4:cc:c6:7d:2a:cd:07:
76:c4:06:0f:3e:b3:5c:0c:cd:2b:e2:17:dd:68:13:8a:93:dd:
f3:49:fe:2e:9d:68:86:dd:85:37:a8:5e:6f:93:72:39:71:44:
99:92:33:66:78:d0:47:22:94:32:86:4d:ef:a7:40:0a:41:8e:
a7:8a:cc:82:c1:15:de:d8:09:a1:06:c6:72:10:ae:9d:24:fb:
be:62:61:5b:d5:8c:76:68:20:13:74:2c:b8:29:fd:9b:75:30:
5e:bb:e4:e6:31:35:d8:e5:86:92:80:91:ff:84:43:fe:35:df:
fc:df:c5:bc:1d:f0:a8:f8:eb:d8:18:3a:81:f0:fe:08:c0:31:
88:56:25:d6:aa:37:eb:4e:3e:4a:b6:80:fb:e9:b7:cf:3e:c3:
1f:9a:bb:c6
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVPkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEy
MTI0MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc2QTkwNDU4RUY4NTAz
NUJCM0JGMDRFOUQzMEZEQzc2NjlDRURBMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC34wCC58QfjkCHIaWqZlNnN4NLUswFlDIwpOml5YKryXPvGIm4
YM2qyTdnJez7inYEIX/bxzjw9Pg3yqGwUPxXpSP2SJXEPw1nnf2e0hC5ogKEh5kO
PEwqPkNOpQfHG2VTOMQRoI5y9hJ4Ie5TXnPWJrxF4hGV/neZ0rWf3BhE+bvnputL
gOhmaOQQsu6jbUDVFKN3ObLfTHMFWqGGbLZ+zyISoRMqOKYM4ZdlSQZaDgmuU9KT
VJyGBIYEWwoEyQasomXidkT41lUX0076YUlb8o59s2OZuQyFy3cwUtGvFI1YLxPw
5hJIvextm3a0og/GEiis60ch0vMnOUSxGjLfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUdqkEWO+FA1uzvwTp0w/cdmnO2iMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2Rxa0VXTy1GQTF1enZ3
VHAwd19jZG1uTzJpTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAH1X936KUeOkaHi+
xjP5FKtvvqi+80XLsgUYNDM1NUhlWnAAX1Yf1pnk3awYs3HVN7002lowZKoNEAQs
8jesZioMaaiEV97DL0PRhOKPiOzdAcSh5YNXni43iaiA+C74LbmbtLhr1MzGfSrN
B3bEBg8+s1wMzSviF91oE4qT3fNJ/i6daIbdhTeoXm+TcjlxRJmSM2Z40EcilDKG
Te+nQApBjqeKzILBFd7YCaEGxnIQrp0k+75iYVvVjHZoIBN0LLgp/Zt1MF675OYx
NdjlhpKAkf+EQ/413/zfxbwd8Kj469gYOoHw/gjAMYhWJdaqN+tOPkq2gPvpt88+
wx+au8Y=
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:51:09 2025 by rpki-client