Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/W8gN0oaw_JEwO5YQojjmdTKmGSE.roa
File: W8gN0oaw_JEwO5YQojjmdTKmGSE.roa (raw, json)
Hash identifier: xhBtqy11HHo3Ix5Zlkz3IIyDsjPUPvkR/0/5KsNWrZY=
Subject key identifier: 5B:C8:0D:D2:86:B0:FC:91:30:3B:96:10:A2:38:E6:75:32:A6:19:21
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 41E9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/W8gN0oaw_JEwO5YQojjmdTKmGSE.roa
Signing time: Tue 16 Apr 2024 11:22:58 +0000
ROA not before: Tue 16 Apr 2024 11:22:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16873 (0x41e9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 11:22:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5BC80DD286B0FC91303B9610A238E67532A61921
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:b2:0a:1a:c8:94:ba:64:fb:ea:09:01:a5:f5:
3e:1b:8d:74:f3:1c:74:0d:13:b8:e0:ce:ce:62:38:
4e:b2:31:dd:ba:a5:1e:f2:3e:24:e0:6c:d6:08:d6:
8a:2a:57:0c:a1:ff:8f:63:91:09:83:1a:a1:07:85:
80:d5:fa:ac:51:4c:06:61:91:77:f6:be:c0:c7:28:
1d:4f:08:68:09:5d:e1:44:44:c8:d2:80:65:5c:f5:
52:03:c2:e0:47:6f:05:62:47:a2:4d:85:39:92:97:
ea:dd:9d:a8:db:80:4b:a2:1c:f4:67:63:8f:86:4c:
69:74:61:4c:6a:23:de:cf:c7:6b:e2:20:38:d2:ab:
9b:7a:ca:a3:4e:58:b2:05:01:b6:ef:bb:39:5f:18:
53:a6:de:80:a9:12:37:dc:e9:d8:c3:98:95:15:81:
dc:99:4c:49:c1:37:50:84:3b:a4:be:e9:e2:a3:72:
0e:bc:5e:54:be:ca:89:e9:58:ef:54:5b:d9:6b:6d:
d2:02:aa:26:57:8b:c3:8a:83:67:f4:6e:bf:41:33:
ef:54:20:82:1c:f6:ac:d4:b7:a7:e8:77:09:79:84:
d1:b1:ee:8f:66:76:04:8f:bb:54:01:ab:01:52:80:
71:78:02:66:89:60:e3:0d:7e:4d:cc:39:74:37:ec:
bd:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:C8:0D:D2:86:B0:FC:91:30:3B:96:10:A2:38:E6:75:32:A6:19:21
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/W8gN0oaw_JEwO5YQojjmdTKmGSE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
45:36:e8:5c:81:fc:30:71:59:8b:85:33:98:3b:92:5d:96:aa:
6b:26:ff:2a:df:ad:44:ac:7c:a4:c8:7a:02:3c:50:c0:85:22:
16:f3:76:c2:2b:20:bb:89:73:87:bd:dd:fd:e2:1c:d7:31:53:
9a:f2:78:5b:db:5d:3b:c1:4f:6b:fd:b4:aa:94:18:8c:58:d3:
ef:5f:8e:91:54:98:45:8b:58:34:21:21:5a:8e:b3:49:cc:83:
ee:25:39:8e:4f:55:5f:50:b9:a6:11:97:8f:65:33:1b:02:e7:
60:7a:5b:fe:57:2f:64:db:49:55:da:e9:f7:4e:7e:a8:85:e9:
34:fa:b1:43:03:37:33:89:b8:7f:d3:ab:87:d7:2e:16:32:88:
43:19:ac:3a:ae:bc:df:4d:62:9e:71:d5:00:e9:4a:64:b5:bd:
28:70:b4:11:e0:af:29:1b:39:35:a1:f4:4b:d9:76:a6:ce:80:
4a:9e:f0:86:93:ec:a8:87:b7:54:0e:92:c9:bd:e9:09:0e:16:
17:91:bc:33:24:2f:8f:5f:fc:ca:39:95:13:04:23:fb:ff:cb:
02:62:d2:3d:3c:7b:5f:c4:79:16:83:ec:e3:9c:8d:0c:f9:8a:
02:07:76:c4:d3:28:9b:5b:ff:67:5e:68:b3:da:5b:3d:7c:f8:
e9:21:0a:35
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQekwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYx
MTIyNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVCQzgwREQyODZCMEZD
OTEzMDNCOTYxMEEyMzhFNjc1MzJBNjE5MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPsgoayJS6ZPvqCQGl9T4bjXTzHHQNE7jgzs5iOE6yMd26pR7y
PiTgbNYI1ooqVwyh/49jkQmDGqEHhYDV+qxRTAZhkXf2vsDHKB1PCGgJXeFERMjS
gGVc9VIDwuBHbwViR6JNhTmSl+rdnajbgEuiHPRnY4+GTGl0YUxqI97Px2viIDjS
q5t6yqNOWLIFAbbvuzlfGFOm3oCpEjfc6djDmJUVgdyZTEnBN1CEO6S+6eKjcg68
XlS+yonpWO9UW9lrbdICqiZXi8OKg2f0br9BM+9UIIIc9qzUt6fodwl5hNGx7o9m
dgSPu1QBqwFSgHF4AmaJYOMNfk3MOXQ37L2LAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUW8gN0oaw/JEwO5YQojjmdTKmGSEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1c4Z04wb2F3X0pFd081
WVFvamptZFRLbUdTRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEU26FyB/DBxWYuF
M5g7kl2Wqmsm/yrfrUSsfKTIegI8UMCFIhbzdsIrILuJc4e93f3iHNcxU5ryeFvb
XTvBT2v9tKqUGIxY0+9fjpFUmEWLWDQhIVqOs0nMg+4lOY5PVV9QuaYRl49lMxsC
52B6W/5XL2TbSVXa6fdOfqiF6TT6sUMDNzOJuH/Tq4fXLhYyiEMZrDquvN9NYp5x
1QDpSmS1vShwtBHgrykbOTWh9EvZdqbOgEqe8IaT7KiHt1QOksm96QkOFheRvDMk
L49f/Mo5lRMEI/v/ywJi0j08e1/EeRaD7OOcjQz5igIHdsTTKJtb/2deaLPaWz18
+OkhCjU=
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:00:50 2025 by rpki-client