Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/9BB9CNE793JiyhWDEC_-auJuP_s.roa
File: 9BB9CNE793JiyhWDEC_-auJuP_s.roa (raw, json)
Hash identifier: Vd0Z/Yaaxrhg6nD1rUvvnRgH2dDvnyh6mJGtTf9kkF4=
Subject key identifier: F4:10:7D:08:D1:3B:F7:72:62:CA:15:83:10:2F:FE:6A:E2:6E:3F:FB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E61
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9BB9CNE793JiyhWDEC_-auJuP_s.roa
Signing time: Fri 03 May 2024 02:23:41 +0000
ROA not before: Fri 03 May 2024 02:23:41 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20065 (0x4e61)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 02:23:41 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F4107D08D13BF77262CA1583102FFE6AE26E3FFB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:63:15:89:11:2d:ec:fe:6e:dd:63:87:4f:4a:
5b:7f:d1:ee:54:17:72:46:0e:06:a0:2c:30:8e:e5:
a2:96:aa:8c:bc:e7:7e:ff:86:e0:8b:e5:5a:64:d6:
dc:8a:76:ff:41:d0:20:46:17:be:80:a0:7e:89:2a:
35:06:d7:f3:ec:f9:fb:8f:7d:36:21:57:d7:ef:71:
3b:e8:27:2e:ba:61:b1:98:15:b4:1a:22:fc:af:7b:
19:ba:f2:03:c9:f5:2e:3a:b5:af:6d:eb:0c:4f:57:
15:09:63:9b:8e:1c:53:57:47:88:53:fe:2c:ba:fd:
b9:8c:ef:2f:c7:3d:0e:08:30:22:a1:f8:14:77:87:
ef:28:ea:8a:e4:bb:ee:6b:9c:6f:9f:66:f5:07:b1:
4e:06:e5:de:42:6c:c0:8a:29:50:95:4e:ba:70:be:
b4:6c:c7:80:04:77:57:86:4c:46:e3:50:fa:0e:62:
00:c5:e2:47:d2:c4:c5:7f:9f:c5:fa:2f:21:83:e6:
c6:7b:c9:71:97:35:50:7d:15:af:50:50:6d:fd:6d:
0f:f1:e4:a4:2e:b7:ed:f2:84:1f:14:af:8c:eb:2d:
c7:c3:67:14:5d:c2:d6:ed:80:ec:f5:4f:4e:c0:1f:
b6:ff:1e:50:56:47:5d:fe:d1:b3:32:2d:99:ed:36:
2c:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:10:7D:08:D1:3B:F7:72:62:CA:15:83:10:2F:FE:6A:E2:6E:3F:FB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9BB9CNE793JiyhWDEC_-auJuP_s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
1b:2e:40:91:63:cf:32:ee:a6:82:ee:a0:7d:f3:0a:2c:8e:e9:
01:3b:6e:8c:f7:73:74:62:6b:f3:d9:7f:26:14:1e:61:52:5d:
53:69:fb:ac:db:b7:bc:39:29:9d:49:95:d1:e9:48:f4:72:2f:
a6:56:b6:0d:04:2f:a2:e7:e7:9b:3f:60:c8:0c:ff:82:e3:72:
94:0a:3b:86:64:a7:94:9b:9b:58:91:17:f2:e7:f8:ce:57:8a:
c9:89:98:c2:8a:38:7e:7b:9a:01:5c:e2:e3:15:97:9a:1d:e8:
47:04:04:d2:98:56:f0:00:75:eb:94:01:ad:13:7b:ff:98:54:
e2:15:c3:d5:34:8e:6a:48:15:cb:1d:71:0c:c6:ec:cb:e7:de:
ab:87:0e:7c:e7:6f:e0:7d:fd:a4:3a:6e:ab:f4:c3:27:19:25:
ca:32:4a:75:01:06:a4:5a:21:88:1e:3f:52:ee:d4:23:33:7d:
08:af:a6:25:57:67:4f:3e:0c:52:f0:18:36:b6:a1:4f:ca:3a:
9a:bc:41:f7:cf:f5:bc:39:29:ec:83:fd:71:25:3a:2b:89:74:
e4:03:ae:35:62:af:f4:4a:42:5d:c2:4d:08:40:2b:b3:9b:eb:
cc:09:21:48:db:7b:5d:17:12:26:7f:02:47:2e:dd:b9:85:ce:
98:a3:51:80
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTmEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMw
MjIzNDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY0MTA3RDA4RDEzQkY3
NzI2MkNBMTU4MzEwMkZGRTZBRTI2RTNGRkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCbYxWJES3s/m7dY4dPSlt/0e5UF3JGDgagLDCO5aKWqoy8537/
huCL5Vpk1tyKdv9B0CBGF76AoH6JKjUG1/Ps+fuPfTYhV9fvcTvoJy66YbGYFbQa
Ivyvexm68gPJ9S46ta9t6wxPVxUJY5uOHFNXR4hT/iy6/bmM7y/HPQ4IMCKh+BR3
h+8o6orku+5rnG+fZvUHsU4G5d5CbMCKKVCVTrpwvrRsx4AEd1eGTEbjUPoOYgDF
4kfSxMV/n8X6LyGD5sZ7yXGXNVB9Fa9QUG39bQ/x5KQut+3yhB8Ur4zrLcfDZxRd
wtbtgOz1T07AH7b/HlBWR13+0bMyLZntNiyLAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU9BB9CNE793JiyhWDEC/+auJuP/swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzlCQjlDTkU3OTNKaXlo
V0RFQ18tYXVKdVBfcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABsuQJFjzzLupoLu
oH3zCiyO6QE7boz3c3Ria/PZfyYUHmFSXVNp+6zbt7w5KZ1JldHpSPRyL6ZWtg0E
L6Ln55s/YMgM/4LjcpQKO4Zkp5Sbm1iRF/Ln+M5XismJmMKKOH57mgFc4uMVl5od
6EcEBNKYVvAAdeuUAa0Te/+YVOIVw9U0jmpIFcsdcQzG7Mvn3quHDnznb+B9/aQ6
bqv0wycZJcoySnUBBqRaIYgeP1Lu1CMzfQivpiVXZ08+DFLwGDa2oU/KOpq8QffP
9bw5KeyD/XElOiuJdOQDrjVir/RKQl3CTQhAK7Ob68wJIUjbe10XEiZ/Akcu3bmF
zpijUYA=
-----END CERTIFICATE-----
Generated at Mon Apr 14 19:08:59 2025 by rpki-client