Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/9UZ8jUwp3K8cE2oF0f4b2JceBow.roa
File: 9UZ8jUwp3K8cE2oF0f4b2JceBow.roa (raw, json)
Hash identifier: SEI2kYkxqpTqzIk3692oba/ZVM+LoX8nllEX1WFGaQQ=
Subject key identifier: F5:46:7C:8D:4C:29:DC:AF:1C:13:6A:05:D1:FE:1B:D8:97:1E:06:8C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4431
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9UZ8jUwp3K8cE2oF0f4b2JceBow.roa
Signing time: Fri 19 Apr 2024 12:23:00 +0000
ROA not before: Fri 19 Apr 2024 12:23:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17457 (0x4431)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 12:23:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F5467C8D4C29DCAF1C136A05D1FE1BD8971E068C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:ae:36:c1:5e:0c:85:78:f4:6e:51:4b:bb:94:
91:a3:a7:06:36:ad:2f:c1:a2:23:3c:4e:48:11:ab:
ef:77:e4:ea:76:4a:03:d5:f6:c3:66:a5:5f:ca:30:
79:ec:85:89:11:19:0e:4f:c0:87:3d:54:f2:5f:10:
23:d9:40:ba:79:fa:98:54:3f:98:5f:12:75:97:ec:
31:6e:a5:6e:90:78:2d:94:9b:ca:55:2b:df:ce:11:
89:25:be:fa:97:a3:86:7d:bf:0b:e2:ea:84:53:e5:
d4:e4:4b:3c:8c:64:9e:c4:4d:45:31:56:f7:3a:b9:
f4:43:b4:52:03:20:71:a3:8b:6f:41:4f:43:d1:63:
62:54:db:b5:47:1b:97:4a:ff:3a:89:f5:b4:c0:35:
4d:4c:25:42:d8:57:b7:90:c7:f5:b8:5e:e3:83:f6:
e6:7c:81:a0:b6:6d:17:bb:71:26:a4:bf:e1:95:cf:
c1:b0:1c:8a:bf:ca:a8:af:1d:5a:bb:c9:ac:ad:b9:
88:1a:3b:1b:b8:e0:70:c2:c6:45:12:8d:c4:2a:3b:
98:12:b4:2b:61:f1:0a:f6:89:da:dd:70:a7:3b:f7:
cd:2d:e8:6d:be:3b:0b:af:85:6d:bc:11:34:27:1a:
c8:16:8b:81:56:b2:ce:ab:f5:5d:0e:02:b7:55:29:
ab:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:46:7C:8D:4C:29:DC:AF:1C:13:6A:05:D1:FE:1B:D8:97:1E:06:8C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9UZ8jUwp3K8cE2oF0f4b2JceBow.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
1f:7c:ed:49:30:65:cf:07:f6:52:66:5a:0c:4e:9e:11:f3:8e:
d7:ac:bd:7f:62:77:a9:3c:59:31:be:c6:35:d1:27:77:6f:44:
df:43:dc:b0:12:01:ef:23:09:41:c3:5a:7b:54:80:4c:37:e6:
d8:3e:a2:7c:60:20:75:75:c5:a3:90:7f:1f:47:5e:ea:9f:aa:
f8:0a:ee:5f:b5:fb:c1:40:e2:18:d3:b4:8e:3b:bb:88:85:27:
db:55:20:b0:68:ec:28:93:22:f8:d9:10:da:fd:86:6d:39:5c:
70:93:5d:f1:65:ab:43:8d:fc:06:3d:f8:a5:1e:87:20:1b:0e:
6f:19:dd:2b:d5:5a:13:c4:09:6d:df:51:df:23:e3:38:ab:15:
c4:28:ad:05:82:ec:38:bc:e6:bb:cc:81:3c:37:48:a6:5c:d2:
16:bf:b2:24:0a:0a:8f:b2:e5:52:dd:aa:be:8b:32:c5:2d:44:
19:03:d0:bc:45:e2:d7:58:c6:a4:e4:6a:46:46:7e:65:4c:93:
22:2c:cd:7b:ff:8e:f1:35:ea:3a:19:78:d9:94:1d:3f:02:16:
d8:e9:8d:53:b6:34:ff:f4:13:98:c4:73:82:cd:9c:e3:fa:98:
6b:72:ed:fa:2f:55:40:9d:b3:8b:72:a1:3c:4d:a5:e9:4a:f8:
b7:b3:1d:97
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRDEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkx
MjIzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY1NDY3QzhENEMyOURD
QUYxQzEzNkEwNUQxRkUxQkQ4OTcxRTA2OEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrrjbBXgyFePRuUUu7lJGjpwY2rS/BoiM8TkgRq+935Op2SgPV
9sNmpV/KMHnshYkRGQ5PwIc9VPJfECPZQLp5+phUP5hfEnWX7DFupW6QeC2Um8pV
K9/OEYklvvqXo4Z9vwvi6oRT5dTkSzyMZJ7ETUUxVvc6ufRDtFIDIHGji29BT0PR
Y2JU27VHG5dK/zqJ9bTANU1MJULYV7eQx/W4XuOD9uZ8gaC2bRe7cSakv+GVz8Gw
HIq/yqivHVq7yaytuYgaOxu44HDCxkUSjcQqO5gStCth8Qr2idrdcKc7980t6G2+
OwuvhW28ETQnGsgWi4FWss6r9V0OArdVKatrAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU9UZ8jUwp3K8cE2oF0f4b2JceBowwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzlVWjhqVXdwM0s4Y0Uy
b0YwZjRiMkpjZUJvdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAB987UkwZc8H9lJm
WgxOnhHzjtesvX9id6k8WTG+xjXRJ3dvRN9D3LASAe8jCUHDWntUgEw35tg+onxg
IHV1xaOQfx9HXuqfqvgK7l+1+8FA4hjTtI47u4iFJ9tVILBo7CiTIvjZENr9hm05
XHCTXfFlq0ON/AY9+KUehyAbDm8Z3SvVWhPECW3fUd8j4zirFcQorQWC7Di85rvM
gTw3SKZc0ha/siQKCo+y5VLdqr6LMsUtRBkD0LxF4tdYxqTkakZGfmVMkyIszXv/
jvE16joZeNmUHT8CFtjpjVO2NP/0E5jEc4LNnOP6mGty7fovVUCds4tyoTxNpelK
+LezHZc=
-----END CERTIFICATE-----
Generated at Mon Apr 14 03:09:57 2025 by rpki-client