Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xi31wrTotaajJvnIg6J4L-nuDb0.roa
File: xi31wrTotaajJvnIg6J4L-nuDb0.roa (raw, json)
Hash identifier: YSGie4xC5NsiKpsyjZrrmRVx97cRFQto5Pdtw+GXZw4=
Subject key identifier: C6:2D:F5:C2:B4:E8:B5:A6:A3:26:F9:C8:83:A2:78:2F:E9:EE:0D:BD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4195
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xi31wrTotaajJvnIg6J4L-nuDb0.roa
Signing time: Tue 16 Apr 2024 00:53:03 +0000
ROA not before: Tue 16 Apr 2024 00:53:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16789 (0x4195)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 00:53:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C62DF5C2B4E8B5A6A326F9C883A2782FE9EE0DBD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:91:44:4d:90:37:6b:62:e3:5e:48:e9:71:32:
64:fd:9b:3e:38:b1:b3:f4:95:99:63:89:10:15:a4:
ff:eb:ef:a9:6f:f9:fa:45:58:8e:9b:a7:22:5a:01:
e7:89:bc:ed:98:18:70:e6:51:cd:eb:1e:d6:ba:a9:
33:af:2d:26:f7:f3:56:18:e0:21:9c:ff:80:5f:66:
8b:98:1c:72:de:1e:96:18:69:7d:31:e2:d9:c6:da:
4e:63:4a:ee:e8:a3:e5:d9:4f:ce:7b:06:57:8f:a2:
5f:3c:9b:84:ff:59:a5:76:6c:35:4a:fc:af:1b:8e:
89:64:86:d9:43:77:54:1e:8e:a2:df:e4:a8:71:57:
f0:4a:73:d1:f2:03:3b:d6:31:1a:ce:26:e7:58:de:
bc:c9:4e:41:42:b9:a8:f8:a4:03:43:b6:8d:d2:14:
f0:39:ba:7c:5a:05:56:50:53:d6:19:a4:10:41:86:
93:70:70:38:be:5a:23:54:39:15:a4:fd:6f:4a:c2:
4e:27:18:ff:85:6a:71:66:a4:23:01:c3:ae:c7:2e:
8f:cd:4c:d6:2a:77:42:80:f7:9f:19:d0:f8:ec:24:
b2:4e:37:8c:9d:2d:22:21:27:df:c3:26:da:0f:11:
bc:d5:75:17:8e:fc:f0:e5:17:06:84:88:a4:6e:40:
74:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:2D:F5:C2:B4:E8:B5:A6:A3:26:F9:C8:83:A2:78:2F:E9:EE:0D:BD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xi31wrTotaajJvnIg6J4L-nuDb0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
94:5b:d3:2e:f9:7e:d8:8d:54:dc:17:f3:ea:b4:3e:fa:9a:ee:
ba:7b:90:2e:2d:5c:45:f4:31:6c:70:39:20:1f:70:08:68:89:
bf:71:ed:61:72:1d:1a:9d:de:f6:2a:32:2a:9b:39:4c:b6:ab:
f7:43:21:38:41:06:e0:b7:b0:76:b2:cd:83:86:fc:eb:7e:56:
1e:d3:33:aa:7f:4e:76:15:32:9d:e1:80:b4:26:7c:56:d0:ab:
30:58:e3:7f:a9:d6:b9:4c:5b:44:23:3d:2c:86:6c:34:57:ca:
2e:98:f7:22:e6:e4:db:35:d3:95:7a:b5:9a:a9:1b:a7:7e:88:
2f:f9:65:ea:6a:85:fe:25:11:49:53:45:13:7c:29:c8:b8:91:
d5:53:7f:fb:1c:0c:1c:e0:e2:97:4b:d5:ac:5b:b5:e4:b8:05:
4c:ab:ac:dd:31:d6:19:b8:07:08:84:b7:3e:70:33:f1:98:5a:
e2:93:47:2b:e6:40:04:3b:22:eb:17:60:ee:8d:b7:01:26:73:
80:e6:5d:a6:57:ce:6d:07:68:06:ba:68:56:40:cd:0b:06:54:
b7:8a:1d:89:7a:2f:ec:bd:7d:a5:39:5c:3e:25:9e:a6:bf:c0:
5c:ba:75:43:ad:d0:81:8d:a8:f9:1c:2d:83:dc:06:88:3e:87:
f1:91:6e:1f
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQZUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYw
MDUzMDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM2MkRGNUMyQjRFOEI1
QTZBMzI2RjlDODgzQTI3ODJGRTlFRTBEQkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqkURNkDdrYuNeSOlxMmT9mz44sbP0lZljiRAVpP/r76lv+fpF
WI6bpyJaAeeJvO2YGHDmUc3rHta6qTOvLSb381YY4CGc/4BfZouYHHLeHpYYaX0x
4tnG2k5jSu7oo+XZT857BlePol88m4T/WaV2bDVK/K8bjolkhtlDd1QejqLf5Khx
V/BKc9HyAzvWMRrOJudY3rzJTkFCuaj4pANDto3SFPA5unxaBVZQU9YZpBBBhpNw
cDi+WiNUORWk/W9Kwk4nGP+FanFmpCMBw67HLo/NTNYqd0KA958Z0PjsJLJON4yd
LSIhJ9/DJtoPEbzVdReO/PDlFwaEiKRuQHQzAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUxi31wrTotaajJvnIg6J4L+nuDb0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hpMzF3clRvdGFhakp2
bklnNko0TC1udURiMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJRb0y75ftiNVNwX
8+q0Pvqa7rp7kC4tXEX0MWxwOSAfcAhoib9x7WFyHRqd3vYqMiqbOUy2q/dDIThB
BuC3sHayzYOG/Ot+Vh7TM6p/TnYVMp3hgLQmfFbQqzBY43+p1rlMW0QjPSyGbDRX
yi6Y9yLm5Ns105V6tZqpG6d+iC/5Zepqhf4lEUlTRRN8Kci4kdVTf/scDBzg4pdL
1axbteS4BUyrrN0x1hm4BwiEtz5wM/GYWuKTRyvmQAQ7IusXYO6NtwEmc4DmXaZX
zm0HaAa6aFZAzQsGVLeKHYl6L+y9faU5XD4lnqa/wFy6dUOt0IGNqPkcLYPcBog+
h/GRbh8=
-----END CERTIFICATE-----
Generated at Mon Apr 14 11:28:27 2025 by rpki-client