Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jIsc3OIHxr77QHvVbj_3mDqska0.roa
File: jIsc3OIHxr77QHvVbj_3mDqska0.roa (raw, json)
Hash identifier: JaPfX8wTTQsl58ff7zvQ6C9RSvlTJsTZeCGjorKgvs0=
Subject key identifier: 8C:8B:1C:DC:E2:07:C6:BE:FB:40:7B:D5:6E:3F:F7:98:3A:AC:91:AD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 540D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jIsc3OIHxr77QHvVbj_3mDqska0.roa
Signing time: Fri 10 May 2024 15:54:09 +0000
ROA not before: Fri 10 May 2024 15:54:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21517 (0x540d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 15:54:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8C8B1CDCE207C6BEFB407BD56E3FF7983AAC91AD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:b4:28:29:ff:59:56:93:fd:b8:08:95:f3:b3:
cf:c5:48:86:3e:8e:62:67:88:a9:d9:1c:7d:60:1f:
d4:1b:22:1e:d4:f8:22:7d:d1:7a:57:d7:0a:44:b5:
17:d8:21:84:78:48:de:f6:cb:fd:12:6f:11:a7:c1:
1e:32:26:63:7f:53:3b:92:d9:04:c4:83:c8:c5:03:
1e:40:af:20:06:e4:e6:2d:7c:51:88:6f:04:4c:32:
4f:70:46:68:31:14:71:fc:d1:4c:d3:b9:41:cd:7e:
e1:88:31:a8:f7:8a:1a:a8:89:ef:85:9d:74:97:2d:
0f:50:63:bf:ee:0c:f2:55:a2:3c:2a:68:85:df:16:
8b:72:eb:8b:72:a1:ca:17:09:cc:bf:c1:e2:6d:a4:
b7:7c:05:b4:67:f6:f5:23:5f:d7:e2:79:be:0b:66:
ca:42:1b:b9:c1:3e:f1:df:36:fb:91:71:67:c8:ca:
ce:bf:9e:1a:ff:f0:2d:ff:c7:44:40:e6:22:0e:cf:
14:72:d4:bc:9e:dc:d4:8f:80:c8:3b:2c:75:f8:75:
47:5e:b1:47:ea:b2:5e:35:b9:54:3b:49:99:a9:d0:
e4:01:8a:54:2b:61:ed:1f:a8:60:31:e7:28:71:1f:
fe:78:0a:f2:8c:4b:c3:32:42:4c:50:86:91:a8:0d:
fc:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:8B:1C:DC:E2:07:C6:BE:FB:40:7B:D5:6E:3F:F7:98:3A:AC:91:AD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jIsc3OIHxr77QHvVbj_3mDqska0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
9d:80:96:76:66:11:6b:97:2f:d5:ee:3f:d9:93:93:2a:46:15:
ae:7c:e2:cb:aa:f2:89:eb:75:37:b1:7a:a2:50:9e:9e:0d:12:
74:ca:46:6e:c8:ae:54:5e:7c:c0:84:77:99:2b:f3:2a:a7:da:
cd:07:24:f8:bc:4f:3e:2f:dd:ab:a0:f0:66:02:be:00:0a:35:
c4:39:cb:6b:ea:56:c2:fa:61:86:47:1d:12:0b:03:53:f0:f1:
df:33:a1:e7:fb:08:f3:a6:e1:f5:b0:57:15:be:cc:c2:36:5c:
ee:93:d0:a6:15:70:c9:ef:15:6b:d2:99:bc:27:8a:05:62:9c:
11:e4:d7:44:25:89:94:d8:58:16:eb:79:e0:d5:af:7a:82:36:
4b:23:ca:ce:f5:45:d8:6b:da:ef:e5:cb:7e:cb:28:37:56:d8:
53:50:5a:68:05:ad:05:2d:e2:b0:29:11:e0:91:c2:0d:36:fe:
97:35:4a:92:80:cc:db:5c:61:74:84:07:fb:10:b5:9c:17:f2:
58:c8:f3:37:cb:30:e3:19:ab:9e:19:d8:6d:63:ce:61:25:5a:
ad:1a:6a:e3:f6:28:e6:f8:79:aa:05:f7:51:2c:f5:b5:68:5a:
ba:6f:c5:b6:51:9b:69:3b:da:18:5e:42:9a:ab:39:58:d4:11:
29:87:92:9e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVA0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAx
NTU0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhDOEIxQ0RDRTIwN0M2
QkVGQjQwN0JENTZFM0ZGNzk4M0FBQzkxQUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxtCgp/1lWk/24CJXzs8/FSIY+jmJniKnZHH1gH9QbIh7U+CJ9
0XpX1wpEtRfYIYR4SN72y/0SbxGnwR4yJmN/UzuS2QTEg8jFAx5AryAG5OYtfFGI
bwRMMk9wRmgxFHH80UzTuUHNfuGIMaj3ihqoie+FnXSXLQ9QY7/uDPJVojwqaIXf
Foty64tyocoXCcy/weJtpLd8BbRn9vUjX9fieb4LZspCG7nBPvHfNvuRcWfIys6/
nhr/8C3/x0RA5iIOzxRy1Lye3NSPgMg7LHX4dUdesUfqsl41uVQ7SZmp0OQBilQr
Ye0fqGAx5yhxH/54CvKMS8MyQkxQhpGoDfwBAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUjIsc3OIHxr77QHvVbj/3mDqska0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pJc2MzT0lIeHI3N1FI
dlZial8zbURxc2thMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJ2AlnZmEWuXL9Xu
P9mTkypGFa584suq8onrdTexeqJQnp4NEnTKRm7IrlRefMCEd5kr8yqn2s0HJPi8
Tz4v3aug8GYCvgAKNcQ5y2vqVsL6YYZHHRILA1Pw8d8zoef7CPOm4fWwVxW+zMI2
XO6T0KYVcMnvFWvSmbwnigVinBHk10QliZTYWBbreeDVr3qCNksjys71Rdhr2u/l
y37LKDdW2FNQWmgFrQUt4rApEeCRwg02/pc1SpKAzNtcYXSEB/sQtZwX8ljI8zfL
MOMZq54Z2G1jzmElWq0aauP2KOb4eaoF91Es9bVoWrpvxbZRm2k72hheQpqrOVjU
ESmHkp4=
-----END CERTIFICATE-----
Generated at Mon Apr 14 17:35:56 2025 by rpki-client