Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/uZD1EtiHKasckJkRCYXiL95Ga1Y.roa
File: uZD1EtiHKasckJkRCYXiL95Ga1Y.roa (raw, json)
Hash identifier: OeIfEHEuACzypzYOQdJ70/GIVTR0LfeJjG4KTKg4gXY=
Subject key identifier: B9:90:F5:12:D8:87:29:AB:1C:90:99:11:09:85:E2:2F:DE:46:6B:56
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3BA9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uZD1EtiHKasckJkRCYXiL95Ga1Y.roa
Signing time: Mon 08 Apr 2024 03:22:37 +0000
ROA not before: Mon 08 Apr 2024 03:22:37 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15273 (0x3ba9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 03:22:37 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B990F512D88729AB1C9099110985E22FDE466B56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:52:92:39:d3:53:cb:ff:8c:26:34:3c:71:24:
c7:75:78:36:73:77:5f:70:e2:fc:9a:2c:1b:45:f9:
67:d9:58:40:46:1e:bb:ba:02:d6:9c:e7:5c:24:29:
4b:e7:52:b5:a9:a5:69:03:ba:f5:c9:de:01:ba:77:
31:bc:7d:6a:11:41:4c:0b:79:ad:30:2c:51:09:73:
7c:ec:bf:2e:e7:c2:f8:25:1f:68:a1:8c:58:e9:ca:
17:60:1b:cc:6a:14:19:af:36:fe:6f:67:fe:5e:5d:
3c:ae:f1:bf:0d:a7:bf:09:89:f2:e1:72:2a:c2:76:
5c:ef:a6:05:d7:22:ce:8d:f9:9e:ab:ac:2a:e3:be:
0d:d7:91:22:46:8d:e6:ca:bf:41:2c:6a:ef:82:82:
fd:9a:1a:79:e8:b3:c2:fd:2c:fc:ef:13:38:61:3a:
8b:81:26:9f:1a:81:01:a6:74:38:8f:14:f0:ea:84:
0c:eb:68:e5:87:23:33:d1:c6:ef:71:67:06:ea:cd:
34:3d:3b:bc:b4:0e:6a:41:a3:72:35:18:7d:7f:35:
23:bc:e3:80:37:d1:fc:ad:69:f6:d3:83:db:85:ad:
f6:cc:12:d2:35:9a:2d:e2:4f:b4:95:f4:20:c4:fa:
80:e7:96:ac:8a:f5:b3:b5:e5:84:51:e6:10:74:a6:
bf:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:90:F5:12:D8:87:29:AB:1C:90:99:11:09:85:E2:2F:DE:46:6B:56
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uZD1EtiHKasckJkRCYXiL95Ga1Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
70:9b:5c:a4:a5:7c:64:ee:89:ea:90:82:44:4a:73:6c:6a:b3:
63:35:4a:82:5e:1a:56:42:e0:e4:65:ed:00:db:e5:4e:46:29:
a5:28:ce:cb:3f:83:db:88:cd:2e:a9:63:f8:d1:cf:fc:bf:33:
f9:5c:fd:c7:d0:74:83:bb:b4:d6:1b:5d:86:f4:02:08:bf:e9:
be:0a:b6:c4:c4:54:cb:f7:fa:41:15:5a:05:c9:c3:96:f1:c0:
4b:c2:44:b9:8a:41:02:3b:70:da:e8:5f:53:21:e6:94:bc:82:
2b:53:f8:06:99:f8:b5:cd:89:40:d8:e4:2f:61:ef:00:25:a3:
50:21:06:d2:64:56:1e:2a:ef:5d:14:be:7a:30:75:c4:53:d7:
bf:f0:b2:7d:28:03:9d:e4:23:e6:18:72:d5:72:af:30:8b:93:
a3:16:95:00:43:ce:5a:fe:8a:10:45:2f:91:2f:7f:95:e6:3d:
02:e5:d5:ce:a2:fc:25:ed:32:d2:4a:b6:04:36:2d:64:71:dc:
ac:e2:85:52:77:8f:78:14:53:91:ea:ac:70:37:78:cc:c4:03:
e5:0a:2f:d9:f7:00:fd:e1:28:ae:fd:d5:b4:c5:af:9b:af:c3:
81:f4:d8:0b:27:ab:99:d4:cf:62:6b:06:c7:56:48:a3:b4:2d:
84:e7:67:eb
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICO6kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgw
MzIyMzdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI5OTBGNTEyRDg4NzI5
QUIxQzkwOTkxMTA5ODVFMjJGREU0NjZCNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4UpI501PL/4wmNDxxJMd1eDZzd19w4vyaLBtF+WfZWEBGHru6
Atac51wkKUvnUrWppWkDuvXJ3gG6dzG8fWoRQUwLea0wLFEJc3zsvy7nwvglH2ih
jFjpyhdgG8xqFBmvNv5vZ/5eXTyu8b8Np78JifLhcirCdlzvpgXXIs6N+Z6rrCrj
vg3XkSJGjebKv0Esau+Cgv2aGnnos8L9LPzvEzhhOouBJp8agQGmdDiPFPDqhAzr
aOWHIzPRxu9xZwbqzTQ9O7y0DmpBo3I1GH1/NSO844A30fytafbTg9uFrfbMEtI1
mi3iT7SV9CDE+oDnlqyK9bO15YRR5hB0pr85AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUuZD1EtiHKasckJkRCYXiL95Ga1YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VaRDFFdGlIS2FzY2tK
a1JDWVhpTDk1R2ExWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHCbXKSlfGTuieqQ
gkRKc2xqs2M1SoJeGlZC4ORl7QDb5U5GKaUozss/g9uIzS6pY/jRz/y/M/lc/cfQ
dIO7tNYbXYb0Agi/6b4KtsTEVMv3+kEVWgXJw5bxwEvCRLmKQQI7cNroX1Mh5pS8
gitT+AaZ+LXNiUDY5C9h7wAlo1AhBtJkVh4q710UvnowdcRT17/wsn0oA53kI+YY
ctVyrzCLk6MWlQBDzlr+ihBFL5Evf5XmPQLl1c6i/CXtMtJKtgQ2LWRx3KzihVJ3
j3gUU5HqrHA3eMzEA+UKL9n3AP3hKK791bTFr5uvw4H02Asnq5nUz2JrBsdWSKO0
LYTnZ+s=
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:47:13 2025 by rpki-client