Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zGPiW9KzXUbTgrVFpGuZ6P6wsrk.roa
File: zGPiW9KzXUbTgrVFpGuZ6P6wsrk.roa (raw, json)
Hash identifier: Tj0JyCm1qzNGorR5Qc0AIwcPd/a2C6QdDLVF5jqvmgE=
Subject key identifier: CC:63:E2:5B:D2:B3:5D:46:D3:82:B5:45:A4:6B:99:E8:FE:B0:B2:B9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 41B1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zGPiW9KzXUbTgrVFpGuZ6P6wsrk.roa
Signing time: Tue 16 Apr 2024 04:22:56 +0000
ROA not before: Tue 16 Apr 2024 04:22:56 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16817 (0x41b1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 04:22:56 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CC63E25BD2B35D46D382B545A46B99E8FEB0B2B9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:60:7b:eb:e1:ac:d7:c6:d4:7d:dd:a1:ab:d8:
9f:8e:1c:13:fd:33:b2:36:81:a7:6d:11:a1:c7:0c:
27:65:f0:c6:01:1a:27:cd:13:82:80:87:fc:19:c6:
c3:ed:4a:e9:bb:65:c1:f9:9a:18:89:ae:20:38:76:
ec:df:ce:17:4d:80:ae:8e:4f:61:67:33:bb:8f:2a:
55:54:fb:fc:40:e2:02:b9:65:dd:e8:d5:c7:cc:b5:
50:4d:01:14:7b:0b:15:46:ac:95:2f:79:a6:32:92:
9f:f0:a9:d7:e3:d2:de:5e:13:68:a5:5e:36:d9:ea:
78:80:f1:63:a1:10:34:7e:f2:54:4a:9d:7a:f2:84:
81:8a:04:dc:7e:6c:1d:98:55:40:4d:83:16:53:5a:
7b:0e:55:83:58:23:f7:58:42:d9:ad:09:fc:f0:d9:
70:50:83:74:3f:42:57:ca:c1:b2:e1:a0:e5:58:70:
ef:a5:60:29:17:6b:ae:1f:20:71:2d:1a:bc:12:f2:
ee:53:2c:f3:9f:27:97:83:ab:6b:b9:34:98:9c:ca:
65:bb:79:ae:52:cf:18:10:77:d7:f3:e3:19:42:04:
62:6b:65:b5:6e:ab:ee:53:64:9c:48:58:7c:8b:be:
33:01:80:03:41:30:44:53:c7:b6:74:ce:9f:2f:79:
5a:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:63:E2:5B:D2:B3:5D:46:D3:82:B5:45:A4:6B:99:E8:FE:B0:B2:B9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zGPiW9KzXUbTgrVFpGuZ6P6wsrk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
86:6e:ed:7b:9f:3a:a7:f4:9a:1a:35:16:a3:8f:7f:93:04:25:
bb:1f:85:87:51:58:c3:a1:e1:71:a9:2c:11:26:29:30:67:24:
aa:e5:ce:fe:0a:d6:4b:ef:3c:bd:e8:c7:8a:32:75:00:7d:9f:
82:96:c4:e3:4f:c2:7c:43:1d:dd:e4:34:43:10:bf:75:03:17:
0b:d9:80:4c:4d:c6:6f:08:27:4b:d9:aa:19:51:0e:8e:fc:59:
61:1d:3c:c9:ce:e4:50:b4:0b:13:60:76:ed:66:05:e0:7f:e8:
62:df:22:0c:24:a4:a6:89:35:c4:b8:b2:c0:1b:5d:6d:09:38:
a7:af:cd:8e:aa:55:54:bc:d3:3f:4f:4f:5f:a3:be:87:51:31:
c9:a1:ea:0a:ce:6b:2f:8c:2b:7f:16:f4:db:4b:3c:98:cf:d6:
f4:8b:11:e1:7a:a4:f0:ba:40:f7:5b:46:0d:98:67:4c:27:c4:
80:80:a5:8f:ae:db:ab:f6:78:f0:a0:6c:75:74:54:b2:51:e8:
b6:d5:e9:b0:90:5b:69:6b:d1:7b:3f:38:fb:0e:14:dd:65:df:
1c:94:a3:82:af:ad:7f:09:b7:c2:b2:b8:0a:e3:93:87:9a:87:
04:b9:a0:f6:dd:0d:6a:fb:4f:af:ad:2b:de:ee:8e:1c:63:fd:
36:27:fa:4a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQbEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYw
NDIyNTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENDNjNFMjVCRDJCMzVE
NDZEMzgyQjU0NUE0NkI5OUU4RkVCMEIyQjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDrYHvr4azXxtR93aGr2J+OHBP9M7I2gadtEaHHDCdl8MYBGifN
E4KAh/wZxsPtSum7ZcH5mhiJriA4duzfzhdNgK6OT2FnM7uPKlVU+/xA4gK5Zd3o
1cfMtVBNARR7CxVGrJUveaYykp/wqdfj0t5eE2ilXjbZ6niA8WOhEDR+8lRKnXry
hIGKBNx+bB2YVUBNgxZTWnsOVYNYI/dYQtmtCfzw2XBQg3Q/QlfKwbLhoOVYcO+l
YCkXa64fIHEtGrwS8u5TLPOfJ5eDq2u5NJicymW7ea5SzxgQd9fz4xlCBGJrZbVu
q+5TZJxIWHyLvjMBgANBMERTx7Z0zp8veVq5AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUzGPiW9KzXUbTgrVFpGuZ6P6wsrkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pHUGlXOUt6WFViVGdy
VkZwR3VaNlA2d3Nyay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIZu7XufOqf0mho1
FqOPf5MEJbsfhYdRWMOh4XGpLBEmKTBnJKrlzv4K1kvvPL3ox4oydQB9n4KWxONP
wnxDHd3kNEMQv3UDFwvZgExNxm8IJ0vZqhlRDo78WWEdPMnO5FC0CxNgdu1mBeB/
6GLfIgwkpKaJNcS4ssAbXW0JOKevzY6qVVS80z9PT1+jvodRMcmh6grOay+MK38W
9NtLPJjP1vSLEeF6pPC6QPdbRg2YZ0wnxICApY+u26v2ePCgbHV0VLJR6LbV6bCQ
W2lr0Xs/OPsOFN1l3xyUo4KvrX8Jt8KyuArjk4eahwS5oPbdDWr7T6+tK97ujhxj
/TYn+ko=
-----END CERTIFICATE-----
Generated at Thu Jun 19 06:36:37 2025 by rpki-client