Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/pZxUW6EjN-LPyiR4BDkdc42leI0.roa
File: pZxUW6EjN-LPyiR4BDkdc42leI0.roa (raw, json)
Hash identifier: TcH+owdjnY3PCSGqKERBHeRJYUuf0yqdVY+a2t5QPtM=
Subject key identifier: A5:9C:54:5B:A1:23:37:E2:CF:CA:24:78:04:39:1D:73:8D:A5:78:8D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F39
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pZxUW6EjN-LPyiR4BDkdc42leI0.roa
Signing time: Fri 12 Apr 2024 21:22:48 +0000
ROA not before: Fri 12 Apr 2024 21:22:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16185 (0x3f39)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 21:22:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A59C545BA12337E2CFCA247804391D738DA5788D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:7e:9b:4b:93:6f:14:96:12:69:f9:f1:f0:ac:
ad:f9:77:3b:66:94:1a:9d:03:41:ee:c1:35:e0:62:
f8:37:55:76:be:89:2b:ea:aa:61:ba:a4:50:b5:8e:
b6:0d:d6:76:73:c8:cd:63:7f:ff:a9:91:a3:6f:46:
73:3d:55:b1:6a:71:2b:10:c8:52:8c:21:f2:63:48:
4c:d6:77:4d:0b:8a:0f:82:9d:85:8a:6e:bb:35:c4:
cb:7b:a4:a8:2c:1e:12:dc:05:38:62:79:51:29:f6:
c1:13:e8:d4:cf:04:12:07:3a:a2:9f:89:30:c7:3a:
34:de:b7:4a:05:9b:fd:c0:ec:79:2e:41:cf:69:33:
c5:20:b3:e6:18:35:5a:a6:8a:4b:35:03:82:c2:56:
03:7e:6d:f9:ba:46:49:95:0d:25:57:f5:b1:8f:c0:
6d:ff:99:7f:12:ac:31:c4:88:cc:97:d0:2a:cc:fe:
d4:9c:df:bb:a3:08:fe:b8:6a:ee:38:17:27:31:88:
48:d6:c4:fd:ea:77:16:c0:f6:42:e7:66:8a:75:29:
b1:6e:9a:ed:74:a2:c9:46:d8:fb:e0:f4:65:cd:5e:
cc:32:d1:a7:e2:fc:79:6d:70:a5:4e:95:5a:18:c7:
bb:f2:d9:33:22:da:0b:cd:0c:d8:87:7c:a2:a4:3c:
c4:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:9C:54:5B:A1:23:37:E2:CF:CA:24:78:04:39:1D:73:8D:A5:78:8D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pZxUW6EjN-LPyiR4BDkdc42leI0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
14:57:bc:0f:01:f7:63:f5:4a:c0:8d:77:36:e1:38:43:7f:9a:
3b:8a:71:a9:0a:ff:94:4d:d2:3e:04:50:ca:9a:58:8e:01:87:
09:21:d6:de:22:e6:e7:59:6f:13:24:c8:8d:34:b2:5b:cc:d2:
7b:77:d6:35:c8:ed:74:ea:8e:46:8a:23:43:96:b9:e4:4d:36:
4f:99:12:1e:99:53:53:44:94:ed:72:6c:1d:b2:d5:8c:16:a1:
78:e6:d0:7e:a2:59:2b:2a:60:10:3e:46:d2:4a:19:98:78:73:
76:c7:c6:91:c0:d3:0e:24:38:0e:c3:96:e7:f0:46:c9:cb:d4:
04:e5:2c:31:9c:9e:f0:a6:7b:e5:f1:20:48:78:4c:51:55:ac:
e7:e1:0b:06:5a:c7:4e:4d:f6:92:7a:58:0a:67:48:9e:80:96:
28:3b:f3:8a:72:e9:69:ad:7e:3a:b5:25:dd:4b:58:62:32:99:
fb:3b:84:21:34:50:16:ad:ea:e7:9d:4f:79:db:38:3a:37:5e:
73:6b:46:83:73:91:d0:07:4c:3b:14:32:c7:96:fa:20:77:a9:
92:65:41:54:52:a2:20:25:f9:8b:5d:36:7a:0b:8d:fd:74:4e:
dc:22:01:49:69:88:2a:11:93:9f:72:49:19:9a:1e:7f:35:11:
da:1b:68:9c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPzkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIy
MTIyNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE1OUM1NDVCQTEyMzM3
RTJDRkNBMjQ3ODA0MzkxRDczOERBNTc4OEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFfptLk28UlhJp+fHwrK35dztmlBqdA0HuwTXgYvg3VXa+iSvq
qmG6pFC1jrYN1nZzyM1jf/+pkaNvRnM9VbFqcSsQyFKMIfJjSEzWd00Lig+CnYWK
brs1xMt7pKgsHhLcBThieVEp9sET6NTPBBIHOqKfiTDHOjTet0oFm/3A7HkuQc9p
M8Ugs+YYNVqmiks1A4LCVgN+bfm6RkmVDSVX9bGPwG3/mX8SrDHEiMyX0CrM/tSc
37ujCP64au44FycxiEjWxP3qdxbA9kLnZop1KbFumu10oslG2Pvg9GXNXswy0afi
/HltcKVOlVoYx7vy2TMi2gvNDNiHfKKkPMQDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUpZxUW6EjN+LPyiR4BDkdc42leI0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BaeFVXNkVqTi1MUHlp
UjRCRGtkYzQybGVJMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABRXvA8B92P1SsCN
dzbhOEN/mjuKcakK/5RN0j4EUMqaWI4Bhwkh1t4i5udZbxMkyI00slvM0nt31jXI
7XTqjkaKI0OWueRNNk+ZEh6ZU1NElO1ybB2y1YwWoXjm0H6iWSsqYBA+RtJKGZh4
c3bHxpHA0w4kOA7DlufwRsnL1ATlLDGcnvCme+XxIEh4TFFVrOfhCwZax05N9pJ6
WApnSJ6Alig784py6Wmtfjq1Jd1LWGIymfs7hCE0UBat6uedT3nbODo3XnNrRoNz
kdAHTDsUMseW+iB3qZJlQVRSoiAl+YtdNnoLjf10TtwiAUlpiCoRk59ySRmaHn81
EdobaJw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:16:24 2025 by rpki-client