Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hqlZZ5-u9TgqufHd4jPa9QPp4Zs.roa
File: hqlZZ5-u9TgqufHd4jPa9QPp4Zs.roa (raw, json)
Hash identifier: z0GY8gziBlYZ76nuV3SvgZx5yfw6AffMKlFSw8jFHVs=
Subject key identifier: 86:A9:59:67:9F:AE:F5:38:2A:B9:F1:DD:E2:33:DA:F5:03:E9:E1:9B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3375
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hqlZZ5-u9TgqufHd4jPa9QPp4Zs.roa
Signing time: Thu 28 Mar 2024 04:52:01 +0000
ROA not before: Thu 28 Mar 2024 04:52:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13173 (0x3375)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 04:52:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=86A959679FAEF5382AB9F1DDE233DAF503E9E19B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:ab:42:98:a4:03:63:02:64:84:f2:4e:06:21:
2f:58:d1:9f:e9:e3:ed:2b:eb:50:a1:2e:09:99:4d:
3a:33:2f:27:b6:73:cf:89:60:77:12:18:68:8e:1c:
0b:fe:c5:ee:5e:29:10:51:e5:1b:5e:3c:c0:5a:cd:
48:9d:1e:43:f5:e5:c6:1b:00:5e:6a:33:f9:ef:61:
a3:ad:e7:8e:6c:5c:99:2d:30:dd:f7:58:ab:f5:a6:
02:66:bf:16:7e:e7:64:22:cd:6d:28:25:ac:41:ee:
59:67:ce:bb:10:7f:cf:e7:6a:90:40:ec:31:7a:0f:
25:8a:2d:f5:7c:b6:9a:9f:ad:b8:ed:8f:09:e1:95:
fa:30:07:7b:bf:4f:07:10:78:f5:af:05:fa:ad:17:
d7:08:9e:a1:99:8a:3c:fc:6d:7c:fb:23:c9:a4:4d:
e7:9e:d6:88:49:78:04:9a:15:2a:ef:c3:53:2e:b3:
2a:e5:12:2d:1f:67:fc:f6:35:e7:e8:24:27:24:90:
83:a8:ce:09:d8:75:c2:1a:2e:67:2d:5f:2e:55:2d:
c8:77:b7:bb:ec:71:5e:95:51:78:0c:7b:ea:70:55:
60:e6:5e:79:a9:26:6f:57:4e:37:59:7b:15:b0:7e:
a9:dd:b4:9e:da:a5:fe:dc:77:83:ac:89:f4:65:75:
dd:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:A9:59:67:9F:AE:F5:38:2A:B9:F1:DD:E2:33:DA:F5:03:E9:E1:9B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hqlZZ5-u9TgqufHd4jPa9QPp4Zs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
5a:ba:af:ea:29:6b:f1:ae:6f:d1:36:4d:06:12:e0:91:b2:a3:
da:5a:28:b4:3f:ec:46:9e:0b:16:c7:0b:1d:fa:a7:11:ef:06:
3a:f0:2c:77:79:a7:b9:80:bc:0e:24:ad:ef:13:be:49:38:29:
c5:25:4a:4d:db:1f:85:29:84:a1:ce:80:da:95:d5:6f:b0:51:
7e:e0:4f:00:fd:12:71:5b:85:c2:8a:26:cb:ff:06:1f:08:45:
33:a7:72:79:19:98:57:69:22:3a:65:20:21:e6:ef:b6:9d:91:
38:39:c7:58:81:10:84:a7:9a:14:c8:8d:41:87:44:f5:e4:25:
b6:42:4f:53:8c:59:31:53:46:35:12:b5:50:a2:1f:0c:20:cc:
f6:bc:05:99:db:9c:2b:81:17:d3:cc:de:54:d6:4b:f7:7f:27:
d3:fb:d9:e0:90:d6:d8:13:8a:a7:bf:f3:1c:45:ef:d2:d9:4b:
eb:a4:d0:6b:29:b3:d4:be:78:cd:ef:c2:cf:2f:ad:b3:50:64:
98:7b:77:07:7b:e9:d2:e9:a5:31:0c:af:34:07:05:ea:1c:11:
1b:9f:54:f6:6e:d8:40:1c:76:44:96:fc:7c:20:bf:5d:bf:f1:
e0:71:83:99:6e:ee:34:37:0c:89:06:bc:00:68:dc:d5:4c:0b:
83:46:34:b3
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICM3UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgw
NDUyMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg2QTk1OTY3OUZBRUY1
MzgyQUI5RjFEREUyMzNEQUY1MDNFOUUxOUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfq0KYpANjAmSE8k4GIS9Y0Z/p4+0r61ChLgmZTTozLye2c8+J
YHcSGGiOHAv+xe5eKRBR5RtePMBazUidHkP15cYbAF5qM/nvYaOt545sXJktMN33
WKv1pgJmvxZ+52QizW0oJaxB7llnzrsQf8/napBA7DF6DyWKLfV8tpqfrbjtjwnh
lfowB3u/TwcQePWvBfqtF9cInqGZijz8bXz7I8mkTeee1ohJeASaFSrvw1Musyrl
Ei0fZ/z2NefoJCckkIOozgnYdcIaLmctXy5VLch3t7vscV6VUXgMe+pwVWDmXnmp
Jm9XTjdZexWwfqndtJ7apf7cd4OsifRldd0rAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUhqlZZ5+u9TgqufHd4jPa9QPp4ZswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hxbFpaNS11OVRncXVm
SGQ0alBhOVFQcDRacy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFq6r+opa/Gub9E2
TQYS4JGyo9paKLQ/7EaeCxbHCx36pxHvBjrwLHd5p7mAvA4kre8Tvkk4KcUlSk3b
H4UphKHOgNqV1W+wUX7gTwD9EnFbhcKKJsv/Bh8IRTOncnkZmFdpIjplICHm77ad
kTg5x1iBEISnmhTIjUGHRPXkJbZCT1OMWTFTRjUStVCiHwwgzPa8BZnbnCuBF9PM
3lTWS/d/J9P72eCQ1tgTiqe/8xxF79LZS+uk0Gsps9S+eM3vws8vrbNQZJh7dwd7
6dLppTEMrzQHBeocERufVPZu2EAcdkSW/Hwgv12/8eBxg5lu7jQ3DIkGvABo3NVM
C4NGNLM=
-----END CERTIFICATE-----
Generated at Fri Jun 20 19:37:44 2025 by rpki-client