Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yY2tXE4zjWFjHJ500B6lZG6LJ0M.roa
File: yY2tXE4zjWFjHJ500B6lZG6LJ0M.roa (raw, json)
Hash identifier: PZUTaGi6zUFIn96N+9FLu6ISMxXy0rGDFKlmhvUpUqE=
Subject key identifier: C9:8D:AD:5C:4E:33:8D:61:63:1C:9E:74:D0:1E:A5:64:6E:8B:27:43
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4D01
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yY2tXE4zjWFjHJ500B6lZG6LJ0M.roa
Signing time: Wed 01 May 2024 06:23:37 +0000
ROA not before: Wed 01 May 2024 06:23:37 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19713 (0x4d01)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 06:23:37 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C98DAD5C4E338D61631C9E74D01EA5646E8B2743
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:a6:3c:35:a2:79:5a:ce:13:16:f5:4d:9e:c1:
86:df:cf:d7:a4:dd:e2:cf:f3:24:c7:1f:cf:11:19:
74:4b:5c:a8:15:7d:af:14:fc:2c:88:ef:06:f5:fe:
bd:a1:50:ec:d5:91:2c:a2:c2:60:27:12:77:ba:9a:
83:11:0d:3f:8b:a9:c8:cb:72:bc:20:d2:af:62:16:
08:e2:ae:1f:d3:9a:c9:ae:79:3e:ea:65:d5:b4:59:
46:61:d0:ea:fd:b0:8c:39:d1:31:3e:84:67:27:44:
b1:83:93:40:b9:8d:59:10:0c:f4:c4:71:4f:b6:3d:
5f:f4:0c:e7:61:bd:d4:82:d3:64:50:e5:d1:44:e3:
de:34:15:b5:c1:d0:1b:dd:6e:7e:f4:8e:74:ee:e9:
1d:23:79:7f:73:77:7d:a2:b1:86:e7:7e:6e:9f:33:
d8:84:54:e0:39:2f:e2:35:6e:03:57:10:cc:4b:9d:
1d:13:9f:e3:65:e0:49:77:ee:32:a1:68:16:08:5c:
a7:06:c6:81:17:1d:2a:d5:4f:9a:05:9a:28:a2:d5:
a8:05:0c:22:db:77:9a:63:70:74:e7:2d:09:46:30:
a8:dc:d5:52:90:54:27:44:63:17:00:06:6e:8e:4b:
59:ac:85:50:5b:f7:91:28:e2:b1:0d:02:e9:ae:4f:
40:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:8D:AD:5C:4E:33:8D:61:63:1C:9E:74:D0:1E:A5:64:6E:8B:27:43
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yY2tXE4zjWFjHJ500B6lZG6LJ0M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
aa:c7:fd:19:c1:bc:3b:ac:7b:34:69:f9:18:08:38:82:8a:60:
d1:68:5e:0b:b6:e4:9f:ef:eb:d8:54:88:b0:96:7a:49:f6:fc:
3e:3c:a8:e1:bb:9d:ba:19:16:6b:5e:26:9a:0d:3e:7c:52:2d:
95:5b:29:54:43:67:00:f9:4d:8a:fa:ef:4f:a7:72:01:c4:31:
41:81:6c:16:f0:84:67:c7:98:49:a4:cc:0c:68:ea:a2:53:bf:
e2:3d:da:0b:2b:dc:ca:8b:b9:c5:bc:86:b9:2f:3f:03:d7:97:
6e:35:51:7e:f7:30:1d:ba:1d:09:4a:1f:9e:50:d0:3a:05:5b:
37:fd:f8:e0:2c:15:2c:f6:86:23:5d:90:61:23:15:1a:fe:33:
68:4e:e2:e5:c7:dd:38:f6:fa:52:7f:68:e5:1a:96:2c:de:80:
65:d0:e1:6b:91:60:97:06:c6:4a:ba:d5:30:90:2a:c5:80:9d:
3b:7c:be:89:c4:8a:03:bd:06:57:35:6e:c8:8d:e6:dc:74:91:
9b:ab:58:8f:8e:34:5f:ce:19:85:1f:55:a8:b2:03:35:9a:23:
66:bd:3f:5d:1f:f7:8d:80:fc:ca:0e:da:30:37:6e:a5:b0:c6:
2e:8e:46:d4:58:99:ff:b8:4f:68:05:7c:3a:f1:4e:5e:3e:79:
72:1c:33:e6
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTQEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEw
NjIzMzdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM5OERBRDVDNEUzMzhE
NjE2MzFDOUU3NEQwMUVBNTY0NkU4QjI3NDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLpjw1onlazhMW9U2ewYbfz9ek3eLP8yTHH88RGXRLXKgVfa8U
/CyI7wb1/r2hUOzVkSyiwmAnEne6moMRDT+LqcjLcrwg0q9iFgjirh/TmsmueT7q
ZdW0WUZh0Or9sIw50TE+hGcnRLGDk0C5jVkQDPTEcU+2PV/0DOdhvdSC02RQ5dFE
4940FbXB0Bvdbn70jnTu6R0jeX9zd32isYbnfm6fM9iEVOA5L+I1bgNXEMxLnR0T
n+Nl4El37jKhaBYIXKcGxoEXHSrVT5oFmiii1agFDCLbd5pjcHTnLQlGMKjc1VKQ
VCdEYxcABm6OS1mshVBb95Eo4rENAumuT0ChAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUyY2tXE4zjWFjHJ500B6lZG6LJ0MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3lZMnRYRTR6aldGakhK
NTAwQjZsWkc2TEowTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKrH/RnBvDusezRp
+RgIOIKKYNFoXgu25J/v69hUiLCWekn2/D48qOG7nboZFmteJpoNPnxSLZVbKVRD
ZwD5TYr670+ncgHEMUGBbBbwhGfHmEmkzAxo6qJTv+I92gsr3MqLucW8hrkvPwPX
l241UX73MB26HQlKH55Q0DoFWzf9+OAsFSz2hiNdkGEjFRr+M2hO4uXH3Tj2+lJ/
aOUalizegGXQ4WuRYJcGxkq61TCQKsWAnTt8vonEigO9Blc1bsiN5tx0kZurWI+O
NF/OGYUfVaiyAzWaI2a9P10f942A/MoO2jA3bqWwxi6ORtRYmf+4T2gFfDrxTl4+
eXIcM+Y=
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:25:26 2025 by rpki-client