Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/mZG7HlZGScYpwK9qCgZPNREUQMc.roa
File: mZG7HlZGScYpwK9qCgZPNREUQMc.roa (raw, json)
Hash identifier: /hAtGQ1pFaaOVRhQawSCQamSLLUqH09gt25e0mN9Ty8=
Subject key identifier: 99:91:BB:1E:56:46:49:C6:29:C0:AF:6A:0A:06:4F:35:11:14:40:C7
Certificate issuer: /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial: 0D22
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/mZG7HlZGScYpwK9qCgZPNREUQMc.roa
Signing time: Mon 25 Mar 2024 02:33:58 +0000
ROA not before: Mon 25 Mar 2024 02:33:58 +0000
ROA not after: Fri 07 Jun 2024 02:16:11 +0000
asID: 59083
IP address blocks: 43.254.152.0/22 maxlen: 24
43.254.153.0/24 maxlen: 24
43.254.154.0/23 maxlen: 24
43.254.154.0/24 maxlen: 24
43.254.155.0/24 maxlen: 24
59.153.168.0/23 maxlen: 24
103.5.192.0/22 maxlen: 24
103.10.0.0/23 maxlen: 24
103.10.0.0/24 maxlen: 24
103.10.1.0/24 maxlen: 24
103.10.2.0/23 maxlen: 24
103.10.2.0/24 maxlen: 24
103.10.3.0/24 maxlen: 24
103.24.116.0/22 maxlen: 24
103.24.116.0/23 maxlen: 24
103.24.116.0/24 maxlen: 24
103.24.117.0/24 maxlen: 24
103.24.118.0/23 maxlen: 24
103.24.118.0/24 maxlen: 24
103.24.119.0/24 maxlen: 24
150.242.236.0/23 maxlen: 24
150.242.238.0/23 maxlen: 24
202.89.108.0/22 maxlen: 24
202.89.108.0/23 maxlen: 24
202.89.110.0/23 maxlen: 24
202.136.248.0/22 maxlen: 24
202.136.248.0/23 maxlen: 24
202.136.249.0/24 maxlen: 24
202.136.250.0/23 maxlen: 24
202.136.250.0/24 maxlen: 24
202.140.142.0/23 maxlen: 24
202.174.124.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3362 (0xd22)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Validity
Not Before: Mar 25 02:33:58 2024 GMT
Not After : Jun 7 02:16:11 2024 GMT
Subject: CN=9991BB1E564649C629C0AF6A0A064F35111440C7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:1e:57:9d:7a:0d:37:2f:da:59:60:10:0a:56:
d2:0f:6c:65:38:49:e6:a5:2e:f3:97:d0:5b:72:8f:
88:11:81:9a:e8:77:77:83:5d:3e:22:f1:c5:a9:a6:
21:c8:88:c7:af:be:f6:81:42:8e:74:a8:2c:b6:ca:
d3:ee:fb:9f:10:f9:ff:b3:5e:6a:bc:72:51:56:ff:
25:06:dc:dd:ae:36:9f:f1:e3:5e:7e:ce:9b:0f:8b:
4a:36:7b:29:b7:58:70:a9:42:da:1b:27:f6:95:72:
e2:44:49:fe:22:2a:7e:f2:1f:85:04:b9:69:00:b1:
06:6f:6d:d1:49:b7:c0:73:9d:13:32:15:9c:e5:d2:
e4:13:08:f5:18:fa:10:70:af:ff:d7:d0:1e:54:2d:
98:8e:20:a0:09:47:5c:d2:ed:4a:57:f7:6e:11:19:
83:cf:5b:0e:8f:cd:1a:ca:7c:d1:74:fa:3f:ed:c2:
84:8a:d8:b8:7e:a7:f6:5e:5b:6c:9a:69:3a:c7:58:
34:a3:da:ba:a9:52:32:f7:f3:75:4e:f5:f7:65:cf:
4c:2d:e1:19:13:ae:1c:5f:5e:da:ec:c0:39:6e:bc:
08:63:8d:e6:3f:92:21:9c:6f:68:a1:0f:5d:46:4f:
6d:47:15:47:ce:62:55:1a:8a:25:e5:bc:3b:b0:84:
a3:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:91:BB:1E:56:46:49:C6:29:C0:AF:6A:0A:06:4F:35:11:14:40:C7
X509v3 Authority Key Identifier:
keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/mZG7HlZGScYpwK9qCgZPNREUQMc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.254.152.0/22
59.153.168.0/23
103.5.192.0/22
103.10.0.0/22
103.24.116.0/22
150.242.236.0/22
202.89.108.0/22
202.136.248.0/22
202.140.142.0/23
202.174.124.0/22
Signature Algorithm: sha256WithRSAEncryption
b7:38:67:d0:1f:4b:d3:9c:70:55:b0:b8:09:aa:7d:4d:42:c6:
fa:fe:66:67:59:ee:d4:5d:dc:48:5e:55:87:07:ed:65:67:52:
e9:c1:c9:75:30:f9:a5:25:94:1b:c3:63:97:65:b6:7b:a1:9e:
e9:a8:a2:c4:d1:e9:9c:6b:99:ee:d9:c9:72:d1:cd:86:da:74:
19:67:e4:59:47:3a:a1:41:8c:68:0a:1e:b3:74:b8:72:e9:64:
2b:c6:62:58:57:e2:1a:cd:4a:98:ab:c5:0d:94:2f:09:c1:cd:
65:38:46:71:33:d5:d0:90:81:f6:19:d1:43:7a:4d:2a:6b:58:
f0:ad:88:6d:51:ec:a3:f4:09:3e:11:ff:6a:d1:f2:9f:4e:81:
71:bb:ef:93:49:e8:05:75:51:b7:0f:42:a8:61:62:77:1e:6c:
d2:9e:37:9a:e7:0c:13:e6:0f:61:2f:ac:bd:76:c2:23:ef:ad:
20:60:c8:e0:d8:da:7a:b9:a4:63:51:b4:63:17:ae:96:5a:7d:
ef:fb:f9:49:a2:ba:d6:79:55:51:c8:b1:d4:cb:9d:d9:59:1e:
77:65:16:d8:cd:6f:ff:d1:44:36:3f:64:c6:8b:c1:7a:b3:65:
8c:48:36:68:fd:33:a4:ef:b3:27:4f:72:9e:67:16:ea:e5:a3:
97:4c:05:97
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgICDSIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNDAzMjUw
MjMzNThaFw0yNDA2MDcwMjE2MTFaMDMxMTAvBgNVBAMTKDk5OTFCQjFFNTY0NjQ5
QzYyOUMwQUY2QTBBMDY0RjM1MTExNDQwQzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDaHledeg03L9pZYBAKVtIPbGU4SealLvOX0Ftyj4gRgZrod3eD
XT4i8cWppiHIiMevvvaBQo50qCy2ytPu+58Q+f+zXmq8clFW/yUG3N2uNp/x415+
zpsPi0o2eym3WHCpQtobJ/aVcuJESf4iKn7yH4UEuWkAsQZvbdFJt8BznRMyFZzl
0uQTCPUY+hBwr//X0B5ULZiOIKAJR1zS7UpX924RGYPPWw6PzRrKfNF0+j/twoSK
2Lh+p/ZeW2yaaTrHWDSj2rqpUjL383VO9fdlz0wt4RkTrhxfXtrswDluvAhjjeY/
kiGcb2ihD11GT21HFUfOYlUaiiXlvDuwhKPPAgMBAAGjggInMIICIzAdBgNVHQ4E
FgQUmZG7HlZGScYpwK9qCgZPNREUQMcwHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3L21aRzdIbFpHU2NZcHdL
OXFDZ1pQTlJFVVFNYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwVQYIKwYBBQUHAQcBAf8ERjBEMEIEAgABMDwD
BAIr/pgDBAE7magDBAJnBcADBAJnCgADBAJnGHQDBAKW8uwDBALKWWwDBALKiPgD
BAHKjI4DBALKrnwwDQYJKoZIhvcNAQELBQADggEBALc4Z9AfS9OccFWwuAmqfU1C
xvr+ZmdZ7tRd3EheVYcH7WVnUunByXUw+aUllBvDY5dltnuhnumoosTR6Zxrme7Z
yXLRzYbadBln5FlHOqFBjGgKHrN0uHLpZCvGYlhX4hrNSpirxQ2ULwnBzWU4RnEz
1dCQgfYZ0UN6TSprWPCtiG1R7KP0CT4R/2rR8p9OgXG775NJ6AV1UbcPQqhhYnce
bNKeN5rnDBPmD2EvrL12wiPvrSBgyODY2nq5pGNRtGMXrpZafe/7+UmiutZ5VVHI
sdTLndlZHndlFtjNb//RRDY/ZMaLwXqzZYxINmj9M6TvsydPcp5nFurlo5dMBZc=
-----END CERTIFICATE-----
Generated at Wed Apr 10 11:16:08 2024 by rpki-client on console-fra.rpki-client.org