Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/swJzyKmtaaVb5j8Z0RABnYKV8tk.roa
File: swJzyKmtaaVb5j8Z0RABnYKV8tk.roa (raw, json)
Hash identifier: PNr6uLJMGx31M+79v0UuXW6D+LCif5Q3EyHrbBtOQco=
Subject key identifier: B3:02:73:C8:A9:AD:69:A5:5B:E6:3F:19:D1:10:01:9D:82:95:F2:D9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 533D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/swJzyKmtaaVb5j8Z0RABnYKV8tk.roa
Signing time: Thu 09 May 2024 13:53:57 +0000
ROA not before: Thu 09 May 2024 13:53:57 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21309 (0x533d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 13:53:57 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B30273C8A9AD69A55BE63F19D110019D8295F2D9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:e6:3b:77:ef:dd:88:fa:d4:b9:ca:11:b6:0f:
4f:4e:ec:de:08:95:c7:0d:46:cf:4b:3f:bc:16:63:
d8:1b:62:fe:37:6c:33:5a:c8:a7:a1:96:a0:19:0f:
7d:75:e7:39:08:a7:9f:86:3e:ca:2b:85:0d:79:8f:
24:f5:2a:59:80:7e:b7:df:92:f8:a7:73:1f:63:87:
93:79:98:fb:5d:d9:4b:7a:56:2a:07:11:07:98:d5:
34:56:6e:12:39:06:28:29:56:51:68:66:96:dd:c8:
75:66:c6:27:94:9e:56:87:b7:d7:6f:92:79:d9:c2:
98:ef:31:81:97:c2:a4:69:02:50:2f:23:c5:ec:cb:
be:9b:db:75:57:9f:41:79:ad:7b:b8:be:f6:e8:56:
e1:fe:15:d3:6a:25:7a:f0:83:be:1e:44:26:9e:b8:
e7:b7:82:fe:52:23:f5:71:b0:05:27:c5:17:fd:a7:
c8:86:0c:78:09:bd:a4:13:de:a0:45:c9:23:56:89:
6f:75:bf:a8:1d:b2:36:98:a4:6f:ce:7a:3d:4b:60:
69:07:f5:fb:4f:0d:d5:45:d5:85:1b:8c:14:35:d2:
08:f9:b1:30:ea:68:0b:ec:d8:39:c8:53:4c:d2:e4:
89:06:d8:27:78:cb:6b:49:9e:d4:27:88:07:1b:1c:
e0:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:02:73:C8:A9:AD:69:A5:5B:E6:3F:19:D1:10:01:9D:82:95:F2:D9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/swJzyKmtaaVb5j8Z0RABnYKV8tk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
9a:48:a1:e7:64:fa:2f:f7:4b:30:11:88:60:39:6a:ba:09:38:
8a:2f:29:12:6c:5c:25:ce:e0:78:d7:44:88:c4:fc:05:57:7a:
96:6f:c1:d8:36:d8:82:db:9b:70:5f:b2:6d:b4:dd:86:e7:ec:
e0:59:7c:af:62:c1:cd:e4:97:22:e0:b2:41:b3:0a:b2:6b:da:
1b:29:c8:bf:83:b6:c8:dd:dc:d2:89:9b:b2:92:e4:eb:76:64:
6f:de:3e:fc:d7:b1:37:0e:de:ea:23:2e:6c:c2:50:c2:7f:1f:
67:4b:dd:fd:21:58:8c:71:e3:b1:cc:a6:86:27:1d:11:0e:08:
d8:68:d6:93:69:95:4a:74:ee:d2:9c:86:5f:b6:02:98:f0:bf:
85:5a:9d:53:fc:48:37:4a:ad:76:60:89:46:6d:04:a0:a3:ae:
1e:a8:f7:1c:ca:ed:c8:2b:ee:ac:ad:9c:c3:b3:3a:be:85:43:
81:7d:95:69:ce:07:5a:d0:42:77:e2:67:4e:96:eb:59:05:1d:
c4:d2:ca:c0:a8:6b:15:d0:df:ac:9b:9a:ac:a9:43:65:8c:7f:
3c:91:5a:11:9d:2c:31:a7:dc:61:6b:3b:f9:05:f4:a6:c9:90:
44:39:0b:cc:5b:28:80:6e:35:77:14:df:ea:cb:76:d7:c3:38:
d1:ce:26:fd
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUz0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDkx
MzUzNTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEIzMDI3M0M4QTlBRDY5
QTU1QkU2M0YxOUQxMTAwMTlEODI5NUYyRDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCu5jt3792I+tS5yhG2D09O7N4IlccNRs9LP7wWY9gbYv43bDNa
yKehlqAZD3115zkIp5+GPsorhQ15jyT1KlmAfrffkvincx9jh5N5mPtd2Ut6VioH
EQeY1TRWbhI5BigpVlFoZpbdyHVmxieUnlaHt9dvknnZwpjvMYGXwqRpAlAvI8Xs
y76b23VXn0F5rXu4vvboVuH+FdNqJXrwg74eRCaeuOe3gv5SI/VxsAUnxRf9p8iG
DHgJvaQT3qBFySNWiW91v6gdsjaYpG/Oej1LYGkH9ftPDdVF1YUbjBQ10gj5sTDq
aAvs2DnIU0zS5IkG2Cd4y2tJntQniAcbHOATAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUswJzyKmtaaVb5j8Z0RABnYKV8tkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3N3Snp5S210YWFWYjVq
OFowUkFCbllLVjh0ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJpIoedk+i/3SzAR
iGA5aroJOIovKRJsXCXO4HjXRIjE/AVXepZvwdg22ILbm3Bfsm203Ybn7OBZfK9i
wc3klyLgskGzCrJr2hspyL+Dtsjd3NKJm7KS5Ot2ZG/ePvzXsTcO3uojLmzCUMJ/
H2dL3f0hWIxx47HMpoYnHREOCNho1pNplUp07tKchl+2Apjwv4VanVP8SDdKrXZg
iUZtBKCjrh6o9xzK7cgr7qytnMOzOr6FQ4F9lWnOB1rQQnfiZ06W61kFHcTSysCo
axXQ36ybmqypQ2WMfzyRWhGdLDGn3GFrO/kF9KbJkEQ5C8xbKIBuNXcU3+rLdtfD
ONHOJv0=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:21:25 2025 by rpki-client