Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wwMe_tFwEFa6zSDYrlIemeHV9x8.roa
File: wwMe_tFwEFa6zSDYrlIemeHV9x8.roa (raw, json)
Hash identifier: JJ/Hnep8Jv1uDtS3i9M/TSH9mm980fUrxP6ieDDN6zE=
Subject key identifier: C3:03:1E:FE:D1:70:10:56:BA:CD:20:D8:AE:52:1E:99:E1:D5:F7:1F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5569
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wwMe_tFwEFa6zSDYrlIemeHV9x8.roa
Signing time: Sun 12 May 2024 11:24:05 +0000
ROA not before: Sun 12 May 2024 11:24:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21865 (0x5569)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 11:24:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C3031EFED1701056BACD20D8AE521E99E1D5F71F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:41:33:5c:17:f1:e7:35:a5:e7:89:65:e0:67:
5a:5c:a2:3d:86:e8:d0:30:c2:fd:80:e0:28:4b:8e:
cf:f0:af:f7:19:07:09:22:b7:15:42:75:3b:61:f4:
5d:5c:65:31:a8:54:c4:64:5f:a2:95:16:2c:86:e0:
44:59:4f:82:9a:d0:09:89:8b:09:a7:59:c8:db:3a:
05:18:ae:8e:a6:ac:67:5b:75:cc:d4:9b:10:62:ed:
e2:41:9b:d4:7e:ca:5b:42:9a:b6:68:0e:4a:f1:3c:
26:a8:38:8c:fa:c0:13:88:c4:64:c3:8a:b3:aa:d8:
fa:a9:d3:12:aa:35:64:16:64:61:9b:9a:d2:01:17:
9d:03:ff:06:f8:a5:bb:81:a1:be:a0:48:9c:25:aa:
10:8c:43:15:0f:c9:9e:77:6b:e6:18:b3:63:17:4c:
3f:5c:a4:90:38:91:c1:9f:4d:91:a6:2e:23:fc:89:
1f:9d:49:5a:11:a6:b6:35:f9:81:07:0c:1f:85:8d:
ce:a6:a5:ad:7b:1d:77:e6:2e:c9:ec:37:d3:b0:cf:
01:75:3b:d2:5b:14:57:a3:11:e7:47:38:a2:c9:21:
86:f4:a8:2e:49:e7:59:42:1a:93:cc:79:d1:1e:84:
cc:52:45:91:7f:a6:f0:c1:d2:0d:cc:a3:08:0c:ed:
20:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:03:1E:FE:D1:70:10:56:BA:CD:20:D8:AE:52:1E:99:E1:D5:F7:1F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wwMe_tFwEFa6zSDYrlIemeHV9x8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
89:93:b2:94:60:ef:39:28:1d:7c:eb:66:32:b5:70:b8:54:55:
a9:1e:80:68:ab:28:a5:5b:1a:e6:0b:1b:e6:ac:ee:db:9c:57:
bd:52:68:bd:3a:72:75:fa:0f:b8:05:22:da:71:60:76:f4:ba:
28:30:c2:91:5b:31:3a:f4:32:5e:73:97:48:69:0e:e2:7e:01:
83:c9:2c:30:e4:ef:6f:76:38:17:52:07:d8:87:38:68:05:ef:
c4:3c:a1:35:32:2a:c0:20:e1:88:9b:79:45:0a:c5:83:ab:05:
58:ee:65:60:6e:9f:03:a4:53:48:31:f9:7c:7d:59:dd:92:ba:
e6:22:d1:3b:dc:a5:32:21:99:fa:1d:3e:92:bc:10:a1:83:d8:
a9:13:d7:88:0d:a7:70:58:e3:a4:db:f4:0a:8b:f8:ea:a8:cd:
f1:6d:55:10:a7:c9:c8:91:94:bf:c2:12:c1:52:d4:1c:b5:e7:
d7:d6:7e:b4:ee:88:6b:0d:fa:3c:fa:04:32:5e:bc:21:f9:be:
0a:77:06:f3:b0:f4:85:cd:2d:b7:01:7a:45:1e:42:85:93:39:
16:97:de:92:e8:72:f0:e8:28:92:21:79:f7:a6:10:4c:74:84:
18:fe:39:e2:70:69:08:70:5b:c1:09:e1:bb:51:73:a3:7f:f1:
52:c7:bb:c6
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVWkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIx
MTI0MDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEMzMDMxRUZFRDE3MDEw
NTZCQUNEMjBEOEFFNTIxRTk5RTFENUY3MUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDiQTNcF/HnNaXniWXgZ1pcoj2G6NAwwv2A4ChLjs/wr/cZBwki
txVCdTth9F1cZTGoVMRkX6KVFiyG4ERZT4Ka0AmJiwmnWcjbOgUYro6mrGdbdczU
mxBi7eJBm9R+yltCmrZoDkrxPCaoOIz6wBOIxGTDirOq2Pqp0xKqNWQWZGGbmtIB
F50D/wb4pbuBob6gSJwlqhCMQxUPyZ53a+YYs2MXTD9cpJA4kcGfTZGmLiP8iR+d
SVoRprY1+YEHDB+Fjc6mpa17HXfmLsnsN9OwzwF1O9JbFFejEedHOKLJIYb0qC5J
51lCGpPMedEehMxSRZF/pvDB0g3MowgM7SAfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUwwMe/tFwEFa6zSDYrlIemeHV9x8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3d3TWVfdEZ3RUZhNnpT
RFlybEllbWVIVjl4OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAImTspRg7zkoHXzr
ZjK1cLhUVakegGirKKVbGuYLG+as7tucV71SaL06cnX6D7gFItpxYHb0uigwwpFb
MTr0Ml5zl0hpDuJ+AYPJLDDk7292OBdSB9iHOGgF78Q8oTUyKsAg4YibeUUKxYOr
BVjuZWBunwOkU0gx+Xx9Wd2SuuYi0TvcpTIhmfodPpK8EKGD2KkT14gNp3BY46Tb
9AqL+OqozfFtVRCnyciRlL/CEsFS1By159fWfrTuiGsN+jz6BDJevCH5vgp3BvOw
9IXNLbcBekUeQoWTORaX3pLocvDoKJIhefemEEx0hBj+OeJwaQhwW8EJ4btRc6N/
8VLHu8Y=
-----END CERTIFICATE-----
Generated at Sat Jun 21 20:03:51 2025 by rpki-client