Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rO6EX8R24V2Q7iSapQZR-9yFI4M.roa
File: rO6EX8R24V2Q7iSapQZR-9yFI4M.roa (raw, json)
Hash identifier: zP6QEZ1BmDyNeak/qWbpB6mVGrHASIOyS3fXWJzZTcc=
Subject key identifier: AC:EE:84:5F:C4:76:E1:5D:90:EE:24:9A:A5:06:51:FB:DC:85:23:83
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 50BD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rO6EX8R24V2Q7iSapQZR-9yFI4M.roa
Signing time: Mon 06 May 2024 05:54:06 +0000
ROA not before: Mon 06 May 2024 05:54:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20669 (0x50bd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 05:54:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ACEE845FC476E15D90EE249AA50651FBDC852383
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:8b:d4:8d:b2:bf:b8:b7:2a:b6:8a:6e:fa:c6:
68:8c:a0:af:68:f5:24:1c:ba:27:d6:e5:3e:21:d5:
03:76:6e:f6:c1:5c:87:19:e5:17:b9:70:fb:41:cf:
52:55:ae:f0:8b:e5:83:e0:5f:98:fa:bd:e3:ef:ef:
d2:28:88:80:bd:22:3e:90:eb:eb:c8:f1:14:ba:d5:
8d:4b:51:00:88:ec:ce:a7:75:0b:4a:1c:8c:aa:e1:
7b:c5:57:3e:a1:d3:b6:f4:39:ba:df:43:da:ff:b2:
91:dc:a4:bd:ff:18:ef:b5:91:be:2d:3b:8c:16:f9:
c0:33:65:bb:e3:52:88:4c:2f:cc:95:d9:2c:6f:de:
b9:30:e7:0e:12:b1:a6:06:0b:8b:3e:5f:a2:67:b9:
7d:f0:dd:34:38:a6:6f:9d:38:24:01:71:d7:f8:aa:
25:8e:8f:ab:16:e7:2b:fa:70:41:53:85:20:88:6e:
18:72:a1:f9:15:3b:86:c5:0a:f5:3f:53:da:c7:ae:
ac:f3:14:13:04:88:fd:0b:4b:ba:0c:ad:cc:05:43:
e8:05:27:3d:d3:69:89:38:f1:ee:93:d8:e1:1e:1f:
e8:33:1a:6d:74:ef:30:77:b1:d2:93:a0:9d:7d:ba:
1f:ce:58:11:c2:f3:63:7f:a3:be:b2:0f:86:95:25:
15:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:EE:84:5F:C4:76:E1:5D:90:EE:24:9A:A5:06:51:FB:DC:85:23:83
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rO6EX8R24V2Q7iSapQZR-9yFI4M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
97:8b:ae:bb:cd:fb:c1:32:c6:99:a4:a6:25:30:bf:b4:e2:b9:
dd:5c:9c:f3:b0:9b:a3:e4:ad:6b:63:ce:15:69:d6:f4:ae:08:
39:db:7c:4f:aa:27:ef:7b:3f:88:6e:96:e8:f5:92:3b:0f:69:
f0:bb:97:dc:d6:11:bc:e1:9b:c4:63:b9:a7:04:d5:d9:4d:f1:
9c:66:f7:ce:77:92:d5:90:9d:d6:f9:19:f0:a3:75:41:e6:da:
f3:5d:a6:da:e0:c2:17:f7:fa:e9:1c:3d:0b:df:43:58:6e:6e:
39:67:43:5c:33:37:d0:4e:b6:cc:1a:88:c9:89:aa:d9:78:ac:
b4:7b:ff:55:68:b6:b2:af:2f:05:18:15:38:af:3f:3d:7b:66:
6c:dc:70:e7:b5:76:31:7a:e0:f8:61:43:0e:0e:bc:be:ff:7c:
ba:45:57:5d:51:76:73:8d:6d:3a:53:0b:22:3c:cc:c5:07:72:
72:ce:c5:1b:10:12:41:33:29:f9:32:02:0e:7c:c2:39:d0:2f:
8d:d2:40:b0:46:e6:c3:1d:a9:94:7e:12:fb:67:49:1d:fa:70:
5f:3d:7e:63:47:b7:3c:7f:61:b9:b9:f4:e4:71:dc:a6:42:11:
af:dd:66:a2:bc:a2:9c:3c:a2:ee:d1:65:26:3d:ed:db:33:a6:
c4:2b:91:60
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUL0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYw
NTU0MDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFDRUU4NDVGQzQ3NkUx
NUQ5MEVFMjQ5QUE1MDY1MUZCREM4NTIzODMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCti9SNsr+4tyq2im76xmiMoK9o9SQcuifW5T4h1QN2bvbBXIcZ
5Re5cPtBz1JVrvCL5YPgX5j6vePv79IoiIC9Ij6Q6+vI8RS61Y1LUQCI7M6ndQtK
HIyq4XvFVz6h07b0ObrfQ9r/spHcpL3/GO+1kb4tO4wW+cAzZbvjUohML8yV2Sxv
3rkw5w4SsaYGC4s+X6JnuX3w3TQ4pm+dOCQBcdf4qiWOj6sW5yv6cEFThSCIbhhy
ofkVO4bFCvU/U9rHrqzzFBMEiP0LS7oMrcwFQ+gFJz3TaYk48e6T2OEeH+gzGm10
7zB3sdKToJ19uh/OWBHC82N/o76yD4aVJRWTAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUrO6EX8R24V2Q7iSapQZR+9yFI4MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JPNkVYOFIyNFYyUTdp
U2FwUVpSLTl5Rkk0TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJeLrrvN+8Eyxpmk
piUwv7Tiud1cnPOwm6PkrWtjzhVp1vSuCDnbfE+qJ+97P4huluj1kjsPafC7l9zW
Ebzhm8RjuacE1dlN8Zxm9853ktWQndb5GfCjdUHm2vNdptrgwhf3+ukcPQvfQ1hu
bjlnQ1wzN9BOtswaiMmJqtl4rLR7/1VotrKvLwUYFTivPz17ZmzccOe1djF64Phh
Qw4OvL7/fLpFV11RdnONbTpTCyI8zMUHcnLOxRsQEkEzKfkyAg58wjnQL43SQLBG
5sMdqZR+EvtnSR36cF89fmNHtzx/Ybm59ORx3KZCEa/dZqK8opw8ou7RZSY97dsz
psQrkWA=
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:13:08 2025 by rpki-client