Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3x1FTz39ZhEMF7pLDJkakDljVP0.roa
File: 3x1FTz39ZhEMF7pLDJkakDljVP0.roa (raw, json)
Hash identifier: ICqvh+aL0CYYTFleqi6tkM6XTIyZLu0Xx/H99xqoCdg=
Subject key identifier: DF:1D:45:4F:3D:FD:66:11:0C:17:BA:4B:0C:99:1A:90:39:63:54:FD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3A69
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3x1FTz39ZhEMF7pLDJkakDljVP0.roa
Signing time: Sat 06 Apr 2024 11:22:26 +0000
ROA not before: Sat 06 Apr 2024 11:22:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14953 (0x3a69)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 6 11:22:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DF1D454F3DFD66110C17BA4B0C991A90396354FD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:03:50:fa:3f:25:13:61:de:c1:68:61:a2:87:
33:9f:e9:d4:0d:e3:b1:b5:5a:ff:d6:de:9f:63:b8:
d5:77:0a:2b:2d:2a:ea:98:27:06:98:48:e4:b7:7e:
6a:f9:ce:56:56:d9:d8:74:cf:ff:00:24:6c:e4:00:
00:4f:99:ec:18:da:63:ee:72:4d:e2:82:bf:05:6b:
d4:70:33:f8:dd:80:e9:e1:7c:be:b2:06:2f:eb:11:
c6:7d:1d:41:25:ee:92:28:97:37:96:9d:67:32:76:
d7:d8:e0:7e:2d:2f:55:ec:d9:08:7e:05:af:77:f8:
50:2d:89:8d:b6:75:80:9d:dc:b5:37:d5:95:fd:cf:
27:7f:43:ea:82:80:43:58:14:67:db:f8:87:43:f4:
b2:22:0b:61:14:25:c7:2e:03:43:cf:d1:a7:c0:2c:
03:bc:ee:49:b1:5c:22:b4:a0:7a:5e:59:f9:1b:6d:
78:01:e7:dc:74:d2:43:6b:40:6c:91:09:22:39:b0:
a5:65:d4:16:7e:d3:2f:0c:d8:f1:6e:38:ca:87:2a:
34:a8:59:12:91:fa:dc:76:b8:d8:54:44:20:bb:75:
72:4a:ae:61:d4:b8:d1:23:a2:f7:d7:51:b1:da:88:
fe:34:f1:51:f8:f7:be:d9:de:d7:68:aa:5d:24:1e:
8e:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:1D:45:4F:3D:FD:66:11:0C:17:BA:4B:0C:99:1A:90:39:63:54:FD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3x1FTz39ZhEMF7pLDJkakDljVP0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
7c:9e:cd:c4:84:de:6e:d5:df:ee:6a:80:05:82:6d:ea:84:04:
4c:b6:f4:c6:00:51:75:5a:39:6d:7f:80:00:e5:15:43:fb:81:
3e:c1:c4:ea:b3:aa:94:aa:88:bd:c6:26:ff:3d:b5:b3:09:7e:
bb:f2:94:8e:d1:b1:c2:23:a6:0c:4a:b9:9e:72:56:2a:9b:ba:
9d:74:ed:1e:f2:12:8b:8a:39:58:ef:a1:29:2d:95:5b:71:3a:
db:62:7e:00:06:7e:12:35:82:3e:00:0b:bb:2a:8d:9d:a7:f1:
4e:c4:ec:22:26:0d:42:c5:7f:24:a6:f3:f7:be:e8:82:e8:f2:
69:39:ee:b9:aa:56:f7:71:45:a1:cd:ee:01:da:e0:80:a9:d5:
b9:e3:5e:9a:87:3e:09:ee:8f:cc:13:e3:74:0d:58:1f:e9:26:
c8:49:bb:08:21:61:51:9f:41:52:05:79:51:8a:5c:21:24:75:
12:2d:9b:cd:c5:4f:11:57:dc:4d:6a:30:3f:78:30:28:bd:3b:
fe:73:3b:4c:c9:34:fd:46:e6:97:39:1c:b2:bc:da:1c:0f:fb:
2a:b3:44:af:e6:e7:e3:50:e0:b4:8f:46:0a:29:74:93:04:b1:
28:bf:58:02:39:45:ec:3b:bb:6c:7d:25:df:9e:23:e5:59:9c:
cc:1d:3b:cd
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOmkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDYx
MTIyMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERGMUQ0NTRGM0RGRDY2
MTEwQzE3QkE0QjBDOTkxQTkwMzk2MzU0RkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbA1D6PyUTYd7BaGGihzOf6dQN47G1Wv/W3p9juNV3CistKuqY
JwaYSOS3fmr5zlZW2dh0z/8AJGzkAABPmewY2mPuck3igr8Fa9RwM/jdgOnhfL6y
Bi/rEcZ9HUEl7pIolzeWnWcydtfY4H4tL1Xs2Qh+Ba93+FAtiY22dYCd3LU31ZX9
zyd/Q+qCgENYFGfb+IdD9LIiC2EUJccuA0PP0afALAO87kmxXCK0oHpeWfkbbXgB
59x00kNrQGyRCSI5sKVl1BZ+0y8M2PFuOMqHKjSoWRKR+tx2uNhURCC7dXJKrmHU
uNEjovfXUbHaiP408VH4977Z3tdoql0kHo7VAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU3x1FTz39ZhEMF7pLDJkakDljVP0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzN4MUZUejM5WmhFTUY3
cExESmtha0RsalZQMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHyezcSE3m7V3+5q
gAWCbeqEBEy29MYAUXVaOW1/gADlFUP7gT7BxOqzqpSqiL3GJv89tbMJfrvylI7R
scIjpgxKuZ5yViqbup107R7yEouKOVjvoSktlVtxOttifgAGfhI1gj4AC7sqjZ2n
8U7E7CImDULFfySm8/e+6ILo8mk57rmqVvdxRaHN7gHa4ICp1bnjXpqHPgnuj8wT
43QNWB/pJshJuwghYVGfQVIFeVGKXCEkdRItm83FTxFX3E1qMD94MCi9O/5zO0zJ
NP1G5pc5HLK82hwP+yqzRK/m5+NQ4LSPRgopdJMEsSi/WAI5Rew7u2x9Jd+eI+VZ
nMwdO80=
-----END CERTIFICATE-----
Generated at Mon Apr 14 06:35:34 2025 by rpki-client