Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WtOsUk7jF5AZEzVCcO8miqvJGY4.roa
File: WtOsUk7jF5AZEzVCcO8miqvJGY4.roa (raw, json)
Hash identifier: XARAzyUMuOqxGtJqgOyAjnU+6BdAqJ0Iq8xyFVUAry8=
Subject key identifier: 5A:D3:AC:52:4E:E3:17:90:19:13:35:42:70:EF:26:8A:AB:C9:19:8E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 47BD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WtOsUk7jF5AZEzVCcO8miqvJGY4.roa
Signing time: Wed 24 Apr 2024 05:53:12 +0000
ROA not before: Wed 24 Apr 2024 05:53:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18365 (0x47bd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 05:53:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5AD3AC524EE317901913354270EF268AABC9198E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:db:ee:65:24:58:96:c0:5f:be:d8:6e:9c:6d:
22:33:02:cd:f3:6f:0d:e9:1f:1e:d7:23:ba:fe:ee:
7a:9a:06:b4:68:32:46:30:fa:d5:85:98:0b:a5:40:
66:d1:56:71:81:62:7d:6d:d9:f8:26:a9:da:b8:03:
2a:64:cd:03:04:b2:cc:bb:e1:c8:bb:fd:80:01:ef:
35:d9:b0:e6:36:1e:9a:90:bd:55:20:6b:90:55:6d:
ce:a0:dc:5a:9e:15:c2:47:e7:bd:b7:65:7c:43:06:
a8:1b:fc:a4:dd:00:4f:94:74:8a:52:ac:72:17:d3:
34:e8:ad:54:35:ea:c0:4b:92:45:18:62:75:b9:c4:
d3:40:05:77:e4:49:49:72:4d:38:63:37:22:d2:61:
d5:64:df:fd:dd:e4:8b:85:6f:f2:f7:c3:8d:59:87:
f3:48:b7:29:e8:51:d5:99:03:2e:0f:2a:ff:fb:17:
27:6b:f6:ce:a6:e8:d2:2d:88:ef:b0:7e:b0:db:96:
92:48:dd:7b:1e:46:42:df:24:9a:51:9b:85:d1:c2:
75:f4:49:4f:cc:2a:22:03:e7:90:40:8e:01:46:3e:
2e:0d:1a:de:af:93:fd:fc:6e:67:a2:74:75:e8:06:
1d:ef:ca:c7:4b:b3:89:53:5d:83:d5:69:ab:2f:3a:
54:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:D3:AC:52:4E:E3:17:90:19:13:35:42:70:EF:26:8A:AB:C9:19:8E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WtOsUk7jF5AZEzVCcO8miqvJGY4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
92:ac:ae:31:f8:a6:75:b9:68:68:02:8d:4a:57:53:7b:02:2a:
40:40:f0:03:c0:95:2f:86:e3:09:5b:1f:f8:89:82:3e:fb:67:
87:a5:0c:d3:b3:a2:65:7b:a0:08:bd:8f:f4:b0:98:42:48:f5:
cc:67:25:ed:e6:46:2b:ae:96:b5:9a:3c:97:0c:c9:7b:84:59:
c7:41:88:ab:9a:07:21:9e:b9:10:59:31:27:c9:1b:7e:9d:70:
70:cd:96:de:10:e5:41:58:51:89:50:63:fc:de:2d:4b:cb:d5:
e3:3c:b6:2d:ce:56:33:3b:d9:e9:44:e6:48:33:4b:09:b3:55:
69:db:db:47:9a:5c:ae:ea:2a:f1:4f:55:6c:be:c4:86:17:1b:
de:f0:e9:24:78:de:f7:cb:9f:ee:57:57:e1:64:ad:07:ce:67:
9a:b9:c5:09:4c:3e:4d:c6:62:de:70:9b:9f:16:5e:0f:fd:05:
70:a5:86:a6:16:be:b1:29:0d:43:4d:85:2a:cb:aa:eb:6f:6a:
af:b4:c5:04:63:c2:00:1c:4d:e1:0f:d3:0b:0b:ab:fa:e5:98:
b9:42:38:c3:f5:c8:a6:1f:a9:94:b0:76:18:de:ec:2e:7f:b7:
c9:86:19:d4:ea:2f:1f:2f:6d:76:09:99:aa:34:6e:64:9f:13:
dc:38:22:09
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICR70wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQw
NTUzMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVBRDNBQzUyNEVFMzE3
OTAxOTEzMzU0MjcwRUYyNjhBQUJDOTE5OEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCx2+5lJFiWwF++2G6cbSIzAs3zbw3pHx7XI7r+7nqaBrRoMkYw
+tWFmAulQGbRVnGBYn1t2fgmqdq4AypkzQMEssy74ci7/YAB7zXZsOY2HpqQvVUg
a5BVbc6g3FqeFcJH5723ZXxDBqgb/KTdAE+UdIpSrHIX0zTorVQ16sBLkkUYYnW5
xNNABXfkSUlyTThjNyLSYdVk3/3d5IuFb/L3w41Zh/NItynoUdWZAy4PKv/7Fydr
9s6m6NItiO+wfrDblpJI3XseRkLfJJpRm4XRwnX0SU/MKiID55BAjgFGPi4NGt6v
k/38bmeidHXoBh3vysdLs4lTXYPVaasvOlQdAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUWtOsUk7jF5AZEzVCcO8miqvJGY4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1d0T3NVazdqRjVBWkV6
VkNjTzhtaXF2SkdZNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJKsrjH4pnW5aGgC
jUpXU3sCKkBA8APAlS+G4wlbH/iJgj77Z4elDNOzomV7oAi9j/SwmEJI9cxnJe3m
RiuulrWaPJcMyXuEWcdBiKuaByGeuRBZMSfJG36dcHDNlt4Q5UFYUYlQY/zeLUvL
1eM8ti3OVjM72elE5kgzSwmzVWnb20eaXK7qKvFPVWy+xIYXG97w6SR43vfLn+5X
V+FkrQfOZ5q5xQlMPk3GYt5wm58WXg/9BXClhqYWvrEpDUNNhSrLqutvaq+0xQRj
wgAcTeEP0wsLq/rlmLlCOMP1yKYfqZSwdhje7C5/t8mGGdTqLx8vbXYJmao0bmSf
E9w4Igk=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:06:44 2025 by rpki-client