Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_0Mo9ZC7Ovr9enExTUlyxz82rbA.roa
File: _0Mo9ZC7Ovr9enExTUlyxz82rbA.roa (raw, json)
Hash identifier: ypSstzhLhSJK5U99ofw4iX3WlU3OaOM+ZsWRyknNr/k=
Subject key identifier: FF:43:28:F5:90:BB:3A:FA:FD:7A:71:31:4D:49:72:C7:3F:36:AD:B0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 50DD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_0Mo9ZC7Ovr9enExTUlyxz82rbA.roa
Signing time: Mon 06 May 2024 09:53:50 +0000
ROA not before: Mon 06 May 2024 09:53:50 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20701 (0x50dd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 09:53:50 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FF4328F590BB3AFAFD7A71314D4972C73F36ADB0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:a9:53:7a:ea:ab:9c:ad:e7:5b:42:d8:ca:86:
ae:aa:9a:87:ff:43:64:a2:d8:a9:d1:16:85:13:3d:
39:d5:00:24:00:f6:9e:b6:af:7f:52:9d:0c:5f:1b:
73:dd:61:22:36:36:e9:58:80:53:71:f0:6e:b7:00:
f4:29:c4:e8:77:15:60:26:21:43:9f:07:22:95:4b:
7a:62:7c:6a:c5:46:ce:4d:63:29:a0:fe:c3:d9:69:
c9:d2:15:e3:6f:84:f7:29:a5:5d:fb:42:bb:55:48:
6b:b9:91:e7:0d:12:be:33:9b:4b:c4:c6:c3:9a:a1:
80:4f:98:ff:96:76:fc:73:49:fe:d1:b3:fb:a9:48:
12:a2:3c:f3:6f:61:0e:7e:98:da:cf:73:70:1d:fb:
f4:7c:65:75:05:45:dd:97:7e:55:e8:0e:d1:85:c3:
4b:1a:71:e1:c0:5f:78:ca:6f:d2:81:7b:c9:25:5a:
b8:68:34:de:c7:98:b5:7b:cc:d4:5c:8c:95:82:80:
1e:3d:06:f8:3d:8f:48:ac:06:b1:24:5e:e2:19:17:
da:fb:a7:5e:1a:fa:6a:38:d5:39:4b:e1:5d:fa:de:
f4:6e:f4:29:47:e7:49:5b:1c:22:7b:5e:85:95:b6:
ff:d6:d5:5c:fb:88:5a:d3:58:ca:bd:8b:2e:13:23:
03:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:43:28:F5:90:BB:3A:FA:FD:7A:71:31:4D:49:72:C7:3F:36:AD:B0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_0Mo9ZC7Ovr9enExTUlyxz82rbA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
42:fc:17:2a:32:cd:b0:7b:72:98:1f:10:cb:4e:68:cb:d2:f7:
6f:95:47:50:21:e2:0c:b5:d1:b8:4f:da:f3:1b:b5:9f:ff:c3:
bf:38:09:3d:87:5c:2d:55:cb:4c:9c:e0:34:03:23:84:40:2c:
52:2d:be:e7:04:2e:c3:24:13:bd:9d:ed:f9:af:57:dc:9a:46:
ff:97:92:5f:90:43:f0:ec:c7:09:2f:1d:62:1c:cd:52:5d:da:
7a:c5:7a:05:3e:11:1d:d8:35:ab:a6:34:7c:1c:de:16:61:c3:
6e:0e:7a:9a:6a:08:4c:ea:20:56:44:15:7f:82:46:01:9d:61:
3d:34:7b:ee:6a:81:03:7d:0b:23:c9:2c:cf:ad:cf:9d:3c:c7:
97:01:67:ae:ad:aa:56:83:43:75:d3:2d:37:06:b9:ce:b5:a8:
95:3b:91:bc:0e:2b:f3:35:b6:de:e2:0d:11:30:56:b0:d1:7c:
f8:f3:f3:a7:77:f0:6b:8c:e6:e9:9f:ba:9a:43:25:75:e8:cf:
b2:a7:dd:7c:87:2d:79:7e:6d:7e:0e:5d:46:30:64:25:fa:23:
b1:55:4f:9d:7d:af:17:12:63:3d:c9:39:e3:85:02:4d:dd:b4:
ad:54:d9:25:a0:26:00:a7:84:7e:bb:13:dc:e0:b3:ef:b3:05:
14:ad:f9:aa
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUN0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYw
OTUzNTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZGNDMyOEY1OTBCQjNB
RkFGRDdBNzEzMTRENDk3MkM3M0YzNkFEQjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIqVN66qucredbQtjKhq6qmof/Q2Si2KnRFoUTPTnVACQA9p62
r39SnQxfG3PdYSI2NulYgFNx8G63APQpxOh3FWAmIUOfByKVS3pifGrFRs5NYymg
/sPZacnSFeNvhPcppV37QrtVSGu5kecNEr4zm0vExsOaoYBPmP+WdvxzSf7Rs/up
SBKiPPNvYQ5+mNrPc3Ad+/R8ZXUFRd2XflXoDtGFw0saceHAX3jKb9KBe8klWrho
NN7HmLV7zNRcjJWCgB49Bvg9j0isBrEkXuIZF9r7p14a+mo41TlL4V363vRu9ClH
50lbHCJ7XoWVtv/W1Vz7iFrTWMq9iy4TIwMlAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU/0Mo9ZC7Ovr9enExTUlyxz82rbAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L18wTW85WkM3T3ZyOWVu
RXhUVWx5eHo4MnJiQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEL8FyoyzbB7cpgf
EMtOaMvS92+VR1Ah4gy10bhP2vMbtZ//w784CT2HXC1Vy0yc4DQDI4RALFItvucE
LsMkE72d7fmvV9yaRv+Xkl+QQ/DsxwkvHWIczVJd2nrFegU+ER3YNaumNHwc3hZh
w24OeppqCEzqIFZEFX+CRgGdYT00e+5qgQN9CyPJLM+tz508x5cBZ66tqlaDQ3XT
LTcGuc61qJU7kbwOK/M1tt7iDREwVrDRfPjz86d38GuM5umfuppDJXXoz7Kn3XyH
LXl+bX4OXUYwZCX6I7FVT519rxcSYz3JOeOFAk3dtK1U2SWgJgCnhH67E9zgs++z
BRSt+ao=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:53:55 2025 by rpki-client