Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RRxUDgaRO5Q-P61X5fgeuDJBb8Y.roa
File: RRxUDgaRO5Q-P61X5fgeuDJBb8Y.roa (raw, json)
Hash identifier: +xGU/El71j1dvQDAh5Gx9NWA4e+UW7RaMH7UH4m7zSA=
Subject key identifier: 45:1C:54:0E:06:91:3B:94:3E:3F:AD:57:E5:F8:1E:B8:32:41:6F:C6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4FA9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RRxUDgaRO5Q-P61X5fgeuDJBb8Y.roa
Signing time: Sat 04 May 2024 19:23:49 +0000
ROA not before: Sat 04 May 2024 19:23:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20393 (0x4fa9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 4 19:23:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=451C540E06913B943E3FAD57E5F81EB832416FC6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:c0:8a:27:c9:26:42:4e:10:1c:46:32:41:f4:
de:10:74:ca:c2:ae:b9:fc:f4:78:c0:4c:20:d5:a2:
78:ed:a7:47:cd:d3:a9:dd:41:41:36:cf:96:08:89:
f5:a3:27:be:d5:d4:b0:4b:5d:1b:03:05:c3:34:aa:
3e:af:72:b8:65:9a:1d:26:8e:cc:ca:ec:2b:05:e8:
11:a8:64:70:98:15:22:4a:f4:40:49:64:6a:71:02:
d1:8c:4a:37:80:f4:c4:b8:00:d9:a3:77:95:76:38:
e5:18:60:67:26:36:2d:99:59:f6:91:78:ad:3f:b7:
0a:66:50:49:5f:2f:ca:47:95:66:f8:3b:96:46:56:
18:f3:43:28:4b:92:af:c2:0e:99:ca:c9:82:07:69:
46:f1:ef:ae:f4:30:b3:7e:37:80:8d:a2:a7:03:77:
b1:94:f8:86:e0:d5:ac:38:c7:74:b6:10:e2:bf:e0:
09:16:3e:71:87:92:ff:88:f6:90:15:19:63:12:2d:
ac:40:ba:60:96:72:86:41:fa:1e:8f:0d:43:66:01:
be:4f:5f:c0:4d:f1:76:3a:a7:cb:56:c5:28:b5:50:
38:65:97:dd:84:28:7d:30:09:45:ba:9b:57:28:e9:
b6:07:f2:cc:27:fe:08:da:01:02:72:15:7a:6f:28:
22:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:1C:54:0E:06:91:3B:94:3E:3F:AD:57:E5:F8:1E:B8:32:41:6F:C6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RRxUDgaRO5Q-P61X5fgeuDJBb8Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
7c:f3:03:f5:d2:d4:94:18:9d:5f:d8:95:be:02:57:0b:00:45:
ec:26:8d:d0:33:f5:c7:57:37:8a:dc:43:55:ad:5e:df:5c:e8:
5a:3d:63:94:d9:8b:49:d4:a8:12:f3:1a:95:60:92:91:d3:aa:
b0:40:0c:76:45:03:7d:49:f6:a6:21:f1:aa:93:07:47:72:3c:
e1:6a:d0:d5:15:ac:6c:a4:0d:22:f6:63:c9:ce:22:32:bd:b9:
ee:f8:5b:79:68:57:f5:de:f9:68:d9:16:38:b6:dc:9a:c3:c2:
58:61:22:df:67:11:17:43:9f:ef:74:9f:e4:4c:35:dc:6e:4a:
73:92:aa:c2:dc:d2:d4:8c:37:3c:e5:bd:f4:a3:1c:1e:69:b8:
f1:20:90:d2:b1:9c:f4:3d:ca:74:48:d7:aa:90:92:16:c2:9d:
e3:d2:3f:d2:b9:7a:27:63:ea:27:ab:50:0f:ca:27:7a:b4:8d:
d6:5c:1f:55:5e:84:93:b1:45:9b:86:28:bb:f2:b9:e4:34:fd:
a8:ff:b2:08:d1:ef:07:88:45:6f:73:c9:c4:f6:64:66:38:36:
1c:62:37:99:60:9c:68:5d:b3:fb:b5:06:79:6f:9a:b5:b4:71:
08:1e:e2:13:58:f2:5c:ab:56:af:24:1e:0f:97:2d:d8:06:41:
f9:1c:4d:3e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICT6kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDQx
OTIzNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ1MUM1NDBFMDY5MTNC
OTQzRTNGQUQ1N0U1RjgxRUI4MzI0MTZGQzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGwIonySZCThAcRjJB9N4QdMrCrrn89HjATCDVonjtp0fN06nd
QUE2z5YIifWjJ77V1LBLXRsDBcM0qj6vcrhlmh0mjszK7CsF6BGoZHCYFSJK9EBJ
ZGpxAtGMSjeA9MS4ANmjd5V2OOUYYGcmNi2ZWfaReK0/twpmUElfL8pHlWb4O5ZG
VhjzQyhLkq/CDpnKyYIHaUbx7670MLN+N4CNoqcDd7GU+Ibg1aw4x3S2EOK/4AkW
PnGHkv+I9pAVGWMSLaxAumCWcoZB+h6PDUNmAb5PX8BN8XY6p8tWxSi1UDhll92E
KH0wCUW6m1co6bYH8swn/gjaAQJyFXpvKCL9AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQURRxUDgaRO5Q+P61X5fgeuDJBb8YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JSeFVEZ2FSTzVRLVA2
MVg1ZmdldURKQmI4WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHzzA/XS1JQYnV/Y
lb4CVwsARewmjdAz9cdXN4rcQ1WtXt9c6Fo9Y5TZi0nUqBLzGpVgkpHTqrBADHZF
A31J9qYh8aqTB0dyPOFq0NUVrGykDSL2Y8nOIjK9ue74W3loV/Xe+WjZFji23JrD
wlhhIt9nERdDn+90n+RMNdxuSnOSqsLc0tSMNzzlvfSjHB5puPEgkNKxnPQ9ynRI
16qQkhbCnePSP9K5eidj6ierUA/KJ3q0jdZcH1VehJOxRZuGKLvyueQ0/aj/sgjR
7weIRW9zycT2ZGY4NhxiN5lgnGhds/u1BnlvmrW0cQge4hNY8lyrVq8kHg+XLdgG
QfkcTT4=
-----END CERTIFICATE-----
Generated at Mon Apr 14 09:55:20 2025 by rpki-client