Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OFjwGww6AS5BIyYo2Nz1mxbhyxM.roa
File: OFjwGww6AS5BIyYo2Nz1mxbhyxM.roa (raw, json)
Hash identifier: b6C1ETG5r67KLYr/dtK/cizjx6B+9LOgh2PwuRoQrW4=
Subject key identifier: 38:58:F0:1B:0C:3A:01:2E:41:23:26:28:D8:DC:F5:9B:16:E1:CB:13
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 383D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OFjwGww6AS5BIyYo2Nz1mxbhyxM.roa
Signing time: Wed 03 Apr 2024 13:52:19 +0000
ROA not before: Wed 03 Apr 2024 13:52:19 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14397 (0x383d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 3 13:52:19 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3858F01B0C3A012E41232628D8DCF59B16E1CB13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:35:dd:fc:8f:ab:51:97:b8:ad:9b:21:42:1e:
05:61:bd:36:a2:cc:be:9c:83:ea:7a:11:51:d7:cd:
27:81:91:65:60:2a:57:5d:d5:ab:d5:47:86:4f:13:
90:62:49:f0:8e:8c:5f:e8:c0:c9:86:c2:05:4b:8e:
31:a7:92:e0:ab:a9:53:03:13:5c:38:71:67:d2:af:
60:16:e0:dc:c1:94:c8:76:51:29:5f:a8:48:00:59:
74:46:2a:21:6d:08:8e:74:82:1b:98:3a:2f:7c:b7:
0f:7b:c2:31:33:58:5e:16:f5:27:a4:8a:c3:c2:bd:
a9:d2:3a:84:77:9e:72:51:7a:b2:35:c2:50:6d:25:
72:8c:1a:77:41:c0:5a:a2:66:5f:66:2e:3c:2e:65:
81:86:f8:a8:5b:2e:07:a7:7e:ba:a0:fb:ff:b8:6b:
a7:fd:66:21:97:21:f2:8d:84:29:ee:7d:b3:e0:5f:
d5:2f:dc:5a:ea:2d:0b:c4:dd:88:01:56:1d:6f:ec:
29:ad:c3:d6:c5:c4:bc:68:c5:08:4d:8a:96:5d:65:
06:60:ed:9c:0a:de:d8:65:5a:e6:56:26:80:47:26:
82:ba:f0:ca:6a:0d:ae:c5:8f:e9:8a:bf:b5:90:e2:
85:e4:cf:dd:58:21:a3:fd:0a:86:4a:7e:1b:93:66:
29:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:58:F0:1B:0C:3A:01:2E:41:23:26:28:D8:DC:F5:9B:16:E1:CB:13
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OFjwGww6AS5BIyYo2Nz1mxbhyxM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
5d:80:74:d8:0c:50:6b:9c:56:8e:7c:4a:1a:9a:1f:bf:57:cc:
8c:cd:96:20:9e:0a:81:f1:5e:48:ca:bb:fd:ab:7a:d1:89:cb:
66:7d:78:4d:66:9e:b4:8c:0e:6e:84:70:c5:7a:db:45:35:01:
62:8e:79:02:bb:ce:a5:51:d6:24:53:a7:78:3a:b2:b7:d2:88:
cf:95:19:93:82:45:85:c7:9c:60:83:46:a9:48:f7:ec:44:58:
1a:e0:25:23:40:6c:f1:14:98:7a:eb:18:9c:9e:65:37:a1:64:
ac:d7:73:11:31:25:e7:55:b8:aa:e3:aa:3f:2f:31:bc:72:0b:
7a:4e:39:e7:67:3e:ab:f2:30:50:eb:e4:2f:d5:8b:f6:cc:44:
c0:a0:11:d3:58:07:fb:c2:9f:14:1b:a0:67:e2:87:94:84:0b:
6e:3b:ff:9b:6d:10:81:ee:6c:d9:17:f4:1f:aa:b6:6d:39:a9:
b3:ac:8f:2c:5d:88:39:8e:ef:53:1b:45:20:3a:a0:75:9c:e3:
4e:c0:58:60:ea:3d:e5:59:6b:96:71:8c:27:16:92:ca:ae:07:
e8:26:cb:47:ca:78:ed:8b:8f:fb:d0:e2:9b:1f:39:39:0e:4e:
09:11:dc:66:b5:2f:61:83:36:45:6a:a4:75:0f:38:d9:bb:2b:
b7:d1:89:a1
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOD0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDMx
MzUyMTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM4NThGMDFCMEMzQTAx
MkU0MTIzMjYyOEQ4RENGNTlCMTZFMUNCMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDlNd38j6tRl7itmyFCHgVhvTaizL6cg+p6EVHXzSeBkWVgKldd
1avVR4ZPE5BiSfCOjF/owMmGwgVLjjGnkuCrqVMDE1w4cWfSr2AW4NzBlMh2USlf
qEgAWXRGKiFtCI50ghuYOi98tw97wjEzWF4W9SekisPCvanSOoR3nnJRerI1wlBt
JXKMGndBwFqiZl9mLjwuZYGG+KhbLgenfrqg+/+4a6f9ZiGXIfKNhCnufbPgX9Uv
3FrqLQvE3YgBVh1v7Cmtw9bFxLxoxQhNipZdZQZg7ZwK3thlWuZWJoBHJoK68Mpq
Da7Fj+mKv7WQ4oXkz91YIaP9CoZKfhuTZinRAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUOFjwGww6AS5BIyYo2Nz1mxbhyxMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09GandHd3c2QVM1Qkl5
WW8yTnoxbXhiaHl4TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAF2AdNgMUGucVo58
ShqaH79XzIzNliCeCoHxXkjKu/2retGJy2Z9eE1mnrSMDm6EcMV620U1AWKOeQK7
zqVR1iRTp3g6srfSiM+VGZOCRYXHnGCDRqlI9+xEWBrgJSNAbPEUmHrrGJyeZTeh
ZKzXcxExJedVuKrjqj8vMbxyC3pOOednPqvyMFDr5C/Vi/bMRMCgEdNYB/vCnxQb
oGfih5SEC247/5ttEIHubNkX9B+qtm05qbOsjyxdiDmO71MbRSA6oHWc407AWGDq
PeVZa5ZxjCcWksquB+gmy0fKeO2Lj/vQ4psfOTkOTgkR3Ga1L2GDNkVqpHUPONm7
K7fRiaE=
-----END CERTIFICATE-----
Generated at Mon Apr 14 14:53:51 2025 by rpki-client