Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gzTcS24E5JtBFTCFep0LX_OToDg.roa
File: gzTcS24E5JtBFTCFep0LX_OToDg.roa (raw, json)
Hash identifier: zu42Wezyv4T4nlA3NhBbVwOfHAWapmMfc8Pe772wAxw=
Subject key identifier: 83:34:DC:4B:6E:04:E4:9B:41:15:30:85:7A:9D:0B:5F:F3:93:A0:38
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3971
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gzTcS24E5JtBFTCFep0LX_OToDg.roa
Signing time: Fri 05 Apr 2024 04:22:53 +0000
ROA not before: Fri 05 Apr 2024 04:22:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14705 (0x3971)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 5 04:22:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8334DC4B6E04E49B411530857A9D0B5FF393A038
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:45:68:9b:be:e8:cf:bd:77:05:8b:0c:86:20:
6a:57:6e:fc:79:0f:4e:5b:7b:ee:ce:03:2b:e9:75:
cc:f3:9f:01:76:73:d4:47:fc:9d:a4:4b:a8:cd:fb:
63:7e:5f:80:e6:96:0c:5b:62:f7:dc:9e:fa:b7:32:
bf:d5:96:e1:84:14:07:1f:90:29:b5:16:60:fb:4e:
cf:a7:bc:b4:57:84:0d:16:a9:0b:79:aa:e2:c0:fa:
90:df:10:a6:34:e2:49:22:03:90:4b:ae:28:d5:e4:
94:03:c3:e7:65:20:25:af:2d:fb:db:6a:c7:12:de:
13:1e:97:d9:35:dc:9d:79:89:e7:39:39:5b:fa:a4:
bd:8e:6f:d4:b3:ac:17:f5:6b:ef:7b:4f:9f:f7:6a:
10:3d:82:f9:5a:7b:f2:1b:20:b1:9c:4f:73:d6:4e:
fe:0e:86:87:97:1f:0a:48:0c:c1:eb:2b:49:76:a8:
bd:49:a0:e2:60:65:89:d6:c1:a2:69:0d:f3:00:d2:
6f:56:a4:25:8d:b3:ad:9f:d1:42:37:33:6e:0a:28:
07:15:6a:42:42:7f:0c:36:e1:66:5f:43:20:73:70:
75:6d:8d:dd:cb:2d:64:9c:0d:56:26:bf:04:0a:81:
87:4e:e4:7a:47:36:62:8a:4e:33:64:7c:89:cd:86:
ed:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:34:DC:4B:6E:04:E4:9B:41:15:30:85:7A:9D:0B:5F:F3:93:A0:38
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gzTcS24E5JtBFTCFep0LX_OToDg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
30:3d:ff:a0:68:cd:3a:a4:9d:7b:62:f4:3a:c4:a5:af:0d:1c:
c8:1f:59:5d:7f:07:fa:4a:b2:a6:25:7d:53:16:1b:60:ed:5e:
74:9e:7f:df:25:44:d3:31:e4:f9:32:84:ec:8d:c8:19:49:ed:
22:02:5e:63:4e:0a:9e:66:8c:2d:4b:63:51:ef:00:7f:b8:05:
bc:b0:d6:76:69:6c:a3:28:4f:b7:4f:87:7f:38:7b:78:10:5a:
dd:db:b7:d7:bc:44:3b:d9:e5:03:98:e0:03:ad:5b:03:05:ea:
b9:55:be:3c:da:cc:37:1a:2f:34:aa:02:e5:b4:7d:ba:d4:dd:
aa:3c:f1:e1:f8:5c:b2:0b:ba:e6:df:e5:79:0c:37:e3:1b:ed:
e0:45:50:4e:84:dd:ea:42:dc:c7:10:6d:92:64:22:b8:0e:1d:
2c:66:5b:de:c9:3a:07:db:e4:97:66:28:85:76:cc:ae:1c:c2:
c1:c1:8e:0a:01:e8:35:27:8a:d6:b4:a7:d3:37:73:aa:66:6b:
da:b1:73:1c:00:49:9f:3f:28:cc:e2:f1:e8:02:ac:cc:76:85:
ca:37:8c:46:70:9e:4d:16:10:73:92:87:79:97:8e:0c:9a:4c:
6e:d0:d6:0c:57:3b:97:31:70:ea:4f:c9:5a:1a:a5:4c:12:a3:
24:54:95:74
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOXEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDUw
NDIyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgzMzREQzRCNkUwNEU0
OUI0MTE1MzA4NTdBOUQwQjVGRjM5M0EwMzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDARWibvujPvXcFiwyGIGpXbvx5D05be+7OAyvpdczznwF2c9RH
/J2kS6jN+2N+X4DmlgxbYvfcnvq3Mr/VluGEFAcfkCm1FmD7Ts+nvLRXhA0WqQt5
quLA+pDfEKY04kkiA5BLrijV5JQDw+dlICWvLfvbascS3hMel9k13J15iec5OVv6
pL2Ob9SzrBf1a+97T5/3ahA9gvlae/IbILGcT3PWTv4OhoeXHwpIDMHrK0l2qL1J
oOJgZYnWwaJpDfMA0m9WpCWNs62f0UI3M24KKAcVakJCfww24WZfQyBzcHVtjd3L
LWScDVYmvwQKgYdO5HpHNmKKTjNkfInNhu1hAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUgzTcS24E5JtBFTCFep0LX/OToDgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2d6VGNTMjRFNUp0QkZU
Q0ZlcDBMWF9PVG9EZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADA9/6BozTqknXti
9DrEpa8NHMgfWV1/B/pKsqYlfVMWG2DtXnSef98lRNMx5PkyhOyNyBlJ7SICXmNO
Cp5mjC1LY1HvAH+4Bbyw1nZpbKMoT7dPh384e3gQWt3bt9e8RDvZ5QOY4AOtWwMF
6rlVvjzazDcaLzSqAuW0fbrU3ao88eH4XLILuubf5XkMN+Mb7eBFUE6E3epC3McQ
bZJkIrgOHSxmW97JOgfb5JdmKIV2zK4cwsHBjgoB6DUnita0p9M3c6pma9qxcxwA
SZ8/KMzi8egCrMx2hco3jEZwnk0WEHOSh3mXjgyaTG7Q1gxXO5cxcOpPyVoapUwS
oyRUlXQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:36:03 2025 by rpki-client