Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fDtmQH17lbFEhdCCjQawNC5NkBs.roa
File: fDtmQH17lbFEhdCCjQawNC5NkBs.roa (raw, json)
Hash identifier: lB6+K0xiS8PhfQyIDTd72/4I0DgVZb1vtcJsOG4BhDQ=
Subject key identifier: 7C:3B:66:40:7D:7B:95:B1:44:85:D0:82:8D:06:B0:34:2E:4D:90:1B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 47A1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fDtmQH17lbFEhdCCjQawNC5NkBs.roa
Signing time: Wed 24 Apr 2024 02:23:15 +0000
ROA not before: Wed 24 Apr 2024 02:23:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18337 (0x47a1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 02:23:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7C3B66407D7B95B14485D0828D06B0342E4D901B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fd:37:8d:aa:32:64:15:73:af:da:1e:04:97:90:
3c:49:eb:f1:8b:7e:b4:09:c9:3f:bc:f9:fb:37:cc:
1d:f4:0d:46:15:fb:cf:b1:df:70:c2:68:11:de:62:
6f:3d:9c:d5:f8:65:c0:26:18:64:fb:7c:b7:e0:45:
56:b8:b7:d0:67:c3:e3:66:bb:99:d6:5b:13:7c:d2:
3c:4f:90:32:d5:9e:5d:78:83:32:c9:ca:78:95:97:
82:4c:1d:2d:90:5c:ba:43:f2:83:fd:5c:ee:3a:83:
e5:ed:c3:c0:ab:3c:ef:51:4d:5f:77:3d:99:63:52:
fc:86:92:72:99:f4:b7:e9:46:82:01:b6:28:5b:f5:
f1:4d:e7:da:3f:ae:c8:92:85:00:0c:d2:79:e7:a3:
7f:66:c6:5e:11:0c:c5:e1:b9:84:e1:26:84:b7:39:
0e:61:b8:f4:49:2c:ff:98:63:c7:3f:3b:33:bf:6f:
3a:6a:61:8b:f6:4f:f4:15:9d:ef:9e:95:f0:c0:71:
fb:57:e8:74:a2:6b:b4:22:5f:53:dd:d4:a1:ff:a9:
8c:91:5a:5b:b4:72:1d:a0:22:d5:d3:fa:d7:42:bc:
79:dd:da:2a:6f:90:33:6b:fb:1f:35:61:4c:32:f2:
4d:fc:50:7a:ad:1c:3f:4d:60:08:63:35:7e:b2:b4:
82:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:3B:66:40:7D:7B:95:B1:44:85:D0:82:8D:06:B0:34:2E:4D:90:1B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fDtmQH17lbFEhdCCjQawNC5NkBs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
28:5c:15:6e:06:c9:ea:59:02:3a:b9:c1:26:e5:bf:29:51:44:
cc:e6:86:29:e2:7b:c8:52:58:63:a9:c0:19:5f:0d:00:94:2f:
5d:6e:b7:29:49:12:25:46:9a:95:41:38:7a:05:b8:eb:bb:c1:
07:43:bc:f6:0a:ee:4c:81:28:66:db:5f:65:ce:ed:fd:c9:1e:
1e:8e:9c:71:59:64:22:1e:53:aa:25:e8:11:e2:56:f1:eb:ec:
9e:d8:52:c4:d5:86:55:44:15:95:96:57:ec:ae:7d:a9:0f:f7:
95:6b:d9:80:a4:11:54:76:ee:26:25:75:15:d7:6b:d1:a6:77:
27:6c:f8:1c:ff:04:fb:12:db:7e:ec:37:fd:dc:92:c3:70:96:
bd:d5:14:bf:a6:06:3a:12:da:8a:c5:60:f7:0f:d9:b1:21:56:
59:13:20:2f:97:26:d2:0d:eb:7d:11:00:b4:a6:6f:c8:3e:94:
f7:6e:d9:9c:99:c4:ae:c5:88:2e:ed:bd:a9:0c:6d:03:af:7b:
92:26:41:a1:be:8a:72:5c:13:1e:8c:48:4d:7e:b2:ea:3c:f7:
5d:f8:a2:22:25:bf:93:2c:89:51:ef:92:94:69:27:07:16:12:
a4:81:fd:a5:22:9b:94:9e:86:11:10:96:98:a1:1c:c2:b5:5e:
32:e6:4e:e7
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICR6EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQw
MjIzMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdDM0I2NjQwN0Q3Qjk1
QjE0NDg1RDA4MjhEMDZCMDM0MkU0RDkwMUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD9N42qMmQVc6/aHgSXkDxJ6/GLfrQJyT+8+fs3zB30DUYV+8+x
33DCaBHeYm89nNX4ZcAmGGT7fLfgRVa4t9Bnw+Nmu5nWWxN80jxPkDLVnl14gzLJ
yniVl4JMHS2QXLpD8oP9XO46g+Xtw8CrPO9RTV93PZljUvyGknKZ9LfpRoIBtihb
9fFN59o/rsiShQAM0nnno39mxl4RDMXhuYThJoS3OQ5huPRJLP+YY8c/OzO/bzpq
YYv2T/QVne+elfDAcftX6HSia7QiX1Pd1KH/qYyRWlu0ch2gItXT+tdCvHnd2ipv
kDNr+x81YUwy8k38UHqtHD9NYAhjNX6ytIJfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUfDtmQH17lbFEhdCCjQawNC5NkBswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZEdG1RSDE3bGJGRWhk
Q0NqUWF3TkM1TmtCcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAChcFW4GyepZAjq5
wSblvylRRMzmhinie8hSWGOpwBlfDQCUL11utylJEiVGmpVBOHoFuOu7wQdDvPYK
7kyBKGbbX2XO7f3JHh6OnHFZZCIeU6ol6BHiVvHr7J7YUsTVhlVEFZWWV+yufakP
95Vr2YCkEVR27iYldRXXa9Gmdyds+Bz/BPsS237sN/3cksNwlr3VFL+mBjoS2orF
YPcP2bEhVlkTIC+XJtIN630RALSmb8g+lPdu2ZyZxK7FiC7tvakMbQOve5ImQaG+
inJcEx6MSE1+suo89134oiIlv5MsiVHvkpRpJwcWEqSB/aUim5SehhEQlpihHMK1
XjLmTuc=
-----END CERTIFICATE-----
Generated at Sun Jun 22 23:58:04 2025 by rpki-client