Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xWulyBBtpIm0Gn5iZ2Uag7XJNEQ.roa
File: xWulyBBtpIm0Gn5iZ2Uag7XJNEQ.roa (raw, json)
Hash identifier: xDMFoh3MNpAknXDvKt0N8nzM98sDwCIzHfovZy1E4nI=
Subject key identifier: C5:6B:A5:C8:10:6D:A4:89:B4:1A:7E:62:67:65:1A:83:B5:C9:34:44
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 43B9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xWulyBBtpIm0Gn5iZ2Uag7XJNEQ.roa
Signing time: Thu 18 Apr 2024 21:23:08 +0000
ROA not before: Thu 18 Apr 2024 21:23:08 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17337 (0x43b9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 21:23:08 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C56BA5C8106DA489B41A7E6267651A83B5C93444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:25:8b:d5:a8:cb:ae:63:bd:fd:fc:51:18:b9:
72:8d:e8:a9:a9:58:d8:43:3e:c7:f1:96:01:c7:97:
b5:2a:1b:90:03:8b:2b:4c:74:f9:aa:68:2b:bc:b0:
31:00:00:c6:7c:73:60:ed:32:35:81:1c:ea:0b:ec:
0c:27:23:5d:d7:a0:a4:79:4b:56:f1:1a:18:9f:a1:
aa:10:85:58:11:b6:4b:7a:97:af:68:55:7a:69:dd:
9e:39:1f:18:ad:1f:f0:e4:97:d4:84:a9:17:39:8a:
62:5f:53:7b:b4:33:95:34:13:1c:6d:ff:c7:46:bf:
e6:03:e6:41:5c:5e:03:c9:e6:00:a7:49:1e:8b:21:
2a:5b:1c:ee:f8:a9:5a:69:d7:84:14:d2:d3:76:a2:
6e:b3:39:9f:6b:2a:10:b4:b1:db:41:d9:10:0b:26:
dd:73:d3:bf:2b:7b:29:1d:46:32:7b:77:45:56:74:
1a:5f:d3:6b:13:40:8a:60:08:00:11:8f:d7:58:2a:
14:d6:ce:1d:50:72:ef:e1:eb:5f:3b:d5:17:15:12:
f1:fb:31:0b:de:66:42:27:de:d2:82:40:68:a6:25:
c4:49:06:93:7f:3a:0b:16:02:2d:09:af:74:15:f9:
8a:43:0c:f7:96:0f:71:69:c9:a9:fb:72:c2:79:27:
9a:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:6B:A5:C8:10:6D:A4:89:B4:1A:7E:62:67:65:1A:83:B5:C9:34:44
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xWulyBBtpIm0Gn5iZ2Uag7XJNEQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
06:29:0b:24:b9:73:08:29:74:16:9b:95:c5:6a:6a:a1:6a:8d:
ee:0f:25:ed:a5:53:05:a1:07:25:e6:e0:13:6b:69:a3:5e:b7:
29:37:35:10:f6:c8:8c:67:f8:64:be:9a:2b:be:48:ef:9f:83:
07:5b:be:55:42:68:ce:cd:1b:8c:a1:f0:c2:2d:c0:d6:61:77:
5d:09:a6:14:55:d2:25:c3:ce:2f:6c:98:a4:33:09:d5:2d:5c:
4d:bd:df:e5:ba:97:e3:3a:72:8b:c4:45:09:f1:3e:1b:3a:12:
9c:5d:5e:77:20:21:1a:b4:fd:f8:64:93:ff:dc:43:f1:17:0a:
1f:b3:0a:5c:74:cb:07:61:da:87:b5:66:3b:ca:ed:8a:44:6e:
30:21:23:27:ae:76:cc:2f:3c:52:22:ee:a1:6b:d3:ec:0e:c1:
ee:9b:60:72:7d:93:6a:0c:9b:b6:79:83:4e:17:60:1f:09:6b:
4c:15:d2:ff:53:3c:5f:e0:6a:39:e3:05:d7:67:2b:38:5d:e4:
f1:bd:6c:80:88:51:b8:7d:ec:96:59:3d:93:dc:9d:d5:52:c0:
d5:20:55:fd:84:55:a0:78:30:44:ae:bf:86:a2:61:41:28:51:
13:ca:ec:5b:7a:48:4b:af:e6:22:33:29:a2:be:d4:1b:a2:eb:
2f:48:33:9d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQ7kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgy
MTIzMDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM1NkJBNUM4MTA2REE0
ODlCNDFBN0U2MjY3NjUxQTgzQjVDOTM0NDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCkJYvVqMuuY739/FEYuXKN6KmpWNhDPsfxlgHHl7UqG5ADiytM
dPmqaCu8sDEAAMZ8c2DtMjWBHOoL7AwnI13XoKR5S1bxGhifoaoQhVgRtkt6l69o
VXpp3Z45HxitH/Dkl9SEqRc5imJfU3u0M5U0Exxt/8dGv+YD5kFcXgPJ5gCnSR6L
ISpbHO74qVpp14QU0tN2om6zOZ9rKhC0sdtB2RALJt1z078reykdRjJ7d0VWdBpf
02sTQIpgCAARj9dYKhTWzh1Qcu/h61871RcVEvH7MQveZkIn3tKCQGimJcRJBpN/
OgsWAi0Jr3QV+YpDDPeWD3Fpyan7csJ5J5o5AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUxWulyBBtpIm0Gn5iZ2Uag7XJNEQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hXdWx5QkJ0cEltMEdu
NWlaMlVhZzdYSk5FUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAYpCyS5cwgpdBab
lcVqaqFqje4PJe2lUwWhByXm4BNraaNetyk3NRD2yIxn+GS+miu+SO+fgwdbvlVC
aM7NG4yh8MItwNZhd10JphRV0iXDzi9smKQzCdUtXE293+W6l+M6covERQnxPhs6
EpxdXncgIRq0/fhkk//cQ/EXCh+zClx0ywdh2oe1ZjvK7YpEbjAhIyeudswvPFIi
7qFr0+wOwe6bYHJ9k2oMm7Z5g04XYB8Ja0wV0v9TPF/gajnjBddnKzhd5PG9bICI
Ubh97JZZPZPcndVSwNUgVf2EVaB4MESuv4aiYUEoURPK7Ft6SEuv5iIzKaK+1Bui
6y9IM50=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:10 2025 by rpki-client