Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/otd33URGNwKEqn2JQtduNX_ZRV4.roa
File: otd33URGNwKEqn2JQtduNX_ZRV4.roa (raw, json)
Hash identifier: mUSThWLVkTVVZCnw6NkoBocBm5tEuEy4DVAvi4Hi1ZY=
Subject key identifier: A2:D7:77:DD:44:46:37:02:84:AA:7D:89:42:D7:6E:35:7F:D9:45:5E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34C1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/otd33URGNwKEqn2JQtduNX_ZRV4.roa
Signing time: Fri 29 Mar 2024 22:22:15 +0000
ROA not before: Fri 29 Mar 2024 22:22:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13505 (0x34c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 22:22:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A2D777DD4446370284AA7D8942D76E357FD9455E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:58:94:a1:f1:dc:94:fc:f0:55:13:12:4f:48:
b0:c3:e9:08:2f:25:7c:ac:01:e5:4d:16:a6:05:bb:
5c:91:34:2a:32:e3:ce:a8:a1:4b:ea:27:1b:fc:1b:
36:5f:53:27:9f:f8:d7:fc:fd:ed:68:ea:d5:a5:50:
42:8a:55:a0:3d:5d:7f:8c:35:40:aa:e1:d1:0a:74:
2f:9b:67:d6:2e:d7:33:a0:77:e1:f0:a5:68:7a:69:
71:3a:aa:61:50:35:e9:f6:07:09:66:25:8a:9c:df:
fa:56:35:f8:d5:e4:5a:fa:67:a8:0f:f8:92:b0:89:
0b:91:84:2a:13:62:51:82:a1:2a:a0:56:54:e5:cf:
46:cc:bf:9b:da:5e:78:17:8d:94:16:ec:06:3a:2d:
6e:cc:bc:29:e9:2a:8a:0e:ea:df:e3:52:3f:af:07:
d4:2c:11:30:7e:2a:94:11:8b:96:bc:88:ac:e2:e3:
d8:47:c1:f9:90:d4:15:f1:dc:cd:88:6d:7d:23:67:
bb:9f:f2:3d:f9:44:16:21:5e:3d:99:59:b8:50:ca:
34:63:50:cf:f5:3e:c0:b6:79:35:e5:60:f1:26:f1:
c3:f6:88:4e:93:1b:73:91:c3:aa:eb:b6:f0:2a:6b:
85:f2:49:4e:8c:b9:98:c2:5f:83:0b:97:39:8f:2f:
ed:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:D7:77:DD:44:46:37:02:84:AA:7D:89:42:D7:6E:35:7F:D9:45:5E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/otd33URGNwKEqn2JQtduNX_ZRV4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
65:51:c4:0d:cb:d0:42:a8:db:86:b8:51:b8:71:d0:8c:43:bb:
97:be:85:82:83:2b:cf:0f:63:25:d6:1d:b4:7d:f5:ce:9c:ec:
99:37:80:5c:1c:b9:c7:ad:58:1c:42:b1:4a:42:23:ed:c8:d1:
4a:8a:c3:52:aa:54:b3:05:66:b7:d9:62:25:bb:ed:7a:d4:90:
a1:ff:a4:2e:20:6d:46:4e:35:e3:57:0d:4d:ee:a0:97:84:75:
ad:b1:b9:0f:61:10:6a:7f:0b:1a:33:02:5d:db:67:47:5f:10:
d5:55:bd:7f:d7:4c:01:6c:ce:d0:de:c9:d5:ee:e4:86:55:ea:
5a:53:69:ed:5e:18:b7:80:77:33:b9:fb:fc:dd:f8:86:0e:c0:
78:c2:20:ad:7d:bc:a8:d1:ce:cb:c6:a9:35:c1:13:51:71:48:
26:2e:c3:a3:ba:2f:c9:9f:a7:ce:c7:9b:99:91:03:17:3b:88:
39:5d:a9:df:e2:ca:b3:d4:4f:f6:4e:81:74:ba:b2:bf:bb:fb:
27:95:57:4a:77:2f:4a:ec:89:3d:ed:23:c4:ea:5b:f9:de:36:
20:f5:9f:69:06:33:e3:a3:14:4f:b0:d1:fd:57:d9:8e:86:e1:
83:cb:80:83:ab:fd:f6:1b:9b:4e:a9:d7:8f:40:63:54:be:3d:
1d:e5:38:b2
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNMEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjky
MjIyMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEyRDc3N0RENDQ0NjM3
MDI4NEFBN0Q4OTQyRDc2RTM1N0ZEOTQ1NUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDuWJSh8dyU/PBVExJPSLDD6QgvJXysAeVNFqYFu1yRNCoy486o
oUvqJxv8GzZfUyef+Nf8/e1o6tWlUEKKVaA9XX+MNUCq4dEKdC+bZ9Yu1zOgd+Hw
pWh6aXE6qmFQNen2BwlmJYqc3/pWNfjV5Fr6Z6gP+JKwiQuRhCoTYlGCoSqgVlTl
z0bMv5vaXngXjZQW7AY6LW7MvCnpKooO6t/jUj+vB9QsETB+KpQRi5a8iKzi49hH
wfmQ1BXx3M2IbX0jZ7uf8j35RBYhXj2ZWbhQyjRjUM/1PsC2eTXlYPEm8cP2iE6T
G3ORw6rrtvAqa4XySU6MuZjCX4MLlzmPL+39AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUotd33URGNwKEqn2JQtduNX/ZRV4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L290ZDMzVVJHTndLRXFu
MkpRdGR1TlhfWlJWNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGVRxA3L0EKo24a4
Ubhx0IxDu5e+hYKDK88PYyXWHbR99c6c7Jk3gFwcucetWBxCsUpCI+3I0UqKw1Kq
VLMFZrfZYiW77XrUkKH/pC4gbUZONeNXDU3uoJeEda2xuQ9hEGp/CxozAl3bZ0df
ENVVvX/XTAFsztDeydXu5IZV6lpTae1eGLeAdzO5+/zd+IYOwHjCIK19vKjRzsvG
qTXBE1FxSCYuw6O6L8mfp87Hm5mRAxc7iDldqd/iyrPUT/ZOgXS6sr+7+yeVV0p3
L0rsiT3tI8TqW/neNiD1n2kGM+OjFE+w0f1X2Y6G4YPLgIOr/fYbm06p149AY1S+
PR3lOLI=
-----END CERTIFICATE-----
Generated at Fri Jun 20 20:55:18 2025 by rpki-client