Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/u8eail7Gmpoix73dq9kocjKeiE0.roa
File: u8eail7Gmpoix73dq9kocjKeiE0.roa (raw, json)
Hash identifier: hfrhvj/12ShsCkCjDxXVStaB2Sw/6xq+o5PT0dGIS1E=
Subject key identifier: BB:C7:9A:8A:5E:C6:9A:9A:22:C7:BD:DD:AB:D9:28:72:32:9E:88:4D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4039
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u8eail7Gmpoix73dq9kocjKeiE0.roa
Signing time: Sun 14 Apr 2024 05:22:55 +0000
ROA not before: Sun 14 Apr 2024 05:22:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16441 (0x4039)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 05:22:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=BBC79A8A5EC69A9A22C7BDDDABD92872329E884D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:84:61:fe:9d:c3:fa:4c:2a:d1:9c:0b:97:35:
d2:b8:9e:a7:39:bb:c4:d4:c5:bf:77:af:32:cc:00:
91:22:27:91:47:a8:f0:7c:13:8c:26:a5:87:11:cb:
46:0b:d3:4f:86:ab:39:d2:c9:2a:49:b7:3b:ba:9e:
4a:8e:de:ae:97:29:85:35:2d:f6:20:a8:4e:b0:d0:
4b:50:95:29:c7:37:67:f5:22:2d:f2:68:a0:c9:d8:
0e:dc:71:04:27:a9:83:0e:11:80:78:ad:90:75:34:
f4:7a:cf:fb:5a:3b:2d:d4:70:5e:4d:aa:46:84:ec:
f4:ed:07:20:c2:2d:e7:38:06:41:51:73:16:d8:36:
29:3c:91:f3:5d:87:ec:20:33:d3:09:05:6b:3e:4e:
f0:1f:ae:53:82:d0:26:7c:69:11:7a:f0:eb:fe:7c:
eb:85:73:13:ea:91:86:36:87:6f:c6:a6:32:ac:cc:
ae:bb:9c:06:01:6f:6a:65:fc:f8:ec:94:9b:65:34:
e1:eb:93:d3:4a:fc:21:92:91:40:68:74:08:46:d2:
d5:f5:2e:f2:de:bd:49:e3:8e:b1:13:03:bf:4a:12:
2b:26:24:d5:34:f0:b6:4e:be:a3:86:5c:0b:7d:dc:
2e:19:f9:69:78:07:b7:50:41:9b:f5:5a:cd:2c:04:
33:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:C7:9A:8A:5E:C6:9A:9A:22:C7:BD:DD:AB:D9:28:72:32:9E:88:4D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u8eail7Gmpoix73dq9kocjKeiE0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
05:76:78:66:82:8f:c7:95:7f:da:97:5c:c4:88:5d:dc:25:84:
d9:70:28:47:a0:ea:26:da:f0:a3:3c:35:ea:ad:6d:17:fb:2e:
57:0a:db:66:a8:4e:6d:d6:ce:9a:9e:85:91:d2:d1:67:3f:f0:
43:ad:13:2c:a7:26:d1:02:15:0f:36:94:40:9f:05:90:81:2a:
31:53:cb:fd:e7:d8:7d:2a:2f:77:fb:36:52:ca:f7:ac:e3:4f:
9e:ff:85:2d:91:60:e5:e2:b2:cb:de:58:d2:fa:f6:4b:f9:ee:
57:d2:79:42:2f:e5:27:37:33:ca:55:19:de:45:10:ba:27:16:
da:b2:f9:79:da:ae:d5:e8:f7:a1:32:69:fb:f6:13:f7:b5:3d:
91:a5:44:a5:d7:55:29:18:cc:67:ba:a7:ee:03:1d:b5:eb:07:
4f:b4:d2:f4:5e:a4:27:e9:7e:46:41:37:39:c1:f9:75:ec:10:
27:f3:28:80:17:d4:f7:fa:41:1d:b0:8b:1b:00:e7:db:7e:03:
4d:52:8d:5f:a4:8e:81:b8:6b:aa:f0:a9:ee:f6:5b:84:fd:ed:
a3:52:9e:9e:aa:67:0d:17:d1:3c:49:aa:d1:dc:ee:c3:48:93:
74:37:95:7b:71:77:74:d0:b1:12:93:98:d8:a3:08:33:de:a5:
49:d8:a5:4f
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQDkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQw
NTIyNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJCQzc5QThBNUVDNjlB
OUEyMkM3QkREREFCRDkyODcyMzI5RTg4NEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDChGH+ncP6TCrRnAuXNdK4nqc5u8TUxb93rzLMAJEiJ5FHqPB8
E4wmpYcRy0YL00+GqznSySpJtzu6nkqO3q6XKYU1LfYgqE6w0EtQlSnHN2f1Ii3y
aKDJ2A7ccQQnqYMOEYB4rZB1NPR6z/taOy3UcF5NqkaE7PTtByDCLec4BkFRcxbY
Nik8kfNdh+wgM9MJBWs+TvAfrlOC0CZ8aRF68Ov+fOuFcxPqkYY2h2/GpjKszK67
nAYBb2pl/PjslJtlNOHrk9NK/CGSkUBodAhG0tX1LvLevUnjjrETA79KEismJNU0
8LZOvqOGXAt93C4Z+Wl4B7dQQZv1Ws0sBDPVAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUu8eail7Gmpoix73dq9kocjKeiE0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3U4ZWFpbDdHbXBvaXg3
M2RxOWtvY2pLZWlFMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAV2eGaCj8eVf9qX
XMSIXdwlhNlwKEeg6iba8KM8NeqtbRf7LlcK22aoTm3WzpqehZHS0Wc/8EOtEyyn
JtECFQ82lECfBZCBKjFTy/3n2H0qL3f7NlLK96zjT57/hS2RYOXissveWNL69kv5
7lfSeUIv5Sc3M8pVGd5FELonFtqy+XnartXo96Eyafv2E/e1PZGlRKXXVSkYzGe6
p+4DHbXrB0+00vRepCfpfkZBNznB+XXsECfzKIAX1Pf6QR2wixsA59t+A01SjV+k
joG4a6rwqe72W4T97aNSnp6qZw0X0TxJqtHc7sNIk3Q3lXtxd3TQsRKTmNijCDPe
pUnYpU8=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:11:48 2025 by rpki-client