Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-5UXgNeD5JL4vxaGYDZyXrnH-7I.roa
File: -5UXgNeD5JL4vxaGYDZyXrnH-7I.roa (raw, json)
Hash identifier: cLRBNsZUwUVTpXoN+efayhVhn7iPPMVJ3OItBBSKKyE=
Subject key identifier: FB:95:17:80:D7:83:E4:92:F8:BF:16:86:60:36:72:5E:B9:C7:FB:B2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5671
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-5UXgNeD5JL4vxaGYDZyXrnH-7I.roa
Signing time: Mon 13 May 2024 20:24:08 +0000
ROA not before: Mon 13 May 2024 20:24:08 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22129 (0x5671)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 20:24:08 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FB951780D783E492F8BF16866036725EB9C7FBB2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:9b:51:e8:6e:1b:96:cf:d8:2c:f7:3f:22:e9:
97:6d:94:7e:2b:7b:31:77:33:cb:ae:db:fd:05:20:
eb:33:ec:28:96:95:43:04:f6:e5:a6:53:db:94:9a:
ae:ea:a2:68:13:a9:4b:02:23:24:51:56:7c:4f:38:
26:f3:74:9e:ce:fd:2e:c1:57:e8:5e:35:8b:f8:81:
61:53:7d:f8:b9:b8:d4:fd:16:54:29:ad:b4:79:ae:
d9:8a:1f:4b:2e:22:95:37:78:ee:64:51:19:6a:b7:
c4:7a:b7:08:a6:a3:0e:1d:fa:1e:b8:a1:7e:4c:4f:
17:47:b2:c1:54:85:04:17:d3:d1:08:c2:34:89:6f:
4a:f3:9b:ba:bd:a8:d8:c5:b2:95:ba:c6:c7:f4:f3:
19:48:c9:34:17:ed:f1:c5:4a:83:4e:e9:e5:f2:d9:
e4:9f:56:28:1e:6f:55:e6:b8:9f:28:1d:72:42:0f:
6f:59:73:55:7a:51:32:9e:24:e0:8a:16:5b:40:ec:
bb:35:64:a4:02:d6:92:0f:d6:d4:f2:b4:73:55:83:
99:67:af:e1:59:bf:19:39:84:a7:40:81:a8:a2:e4:
76:2a:25:49:64:f6:16:83:cd:d8:5c:4c:e7:72:6d:
99:73:e2:79:f5:02:3b:c3:93:d6:10:46:5a:b7:99:
7f:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:95:17:80:D7:83:E4:92:F8:BF:16:86:60:36:72:5E:B9:C7:FB:B2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-5UXgNeD5JL4vxaGYDZyXrnH-7I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
28:9b:3d:d7:96:ce:58:ea:e2:73:f2:96:3d:73:20:da:f9:38:
36:be:e0:84:fa:19:0a:b1:c4:7c:54:72:3e:14:f4:9c:66:e3:
44:66:75:61:e1:ab:57:fc:7f:49:09:9d:88:6b:be:98:dd:12:
8d:a1:ed:78:49:80:9f:db:c4:b3:31:ea:64:00:2b:09:45:fd:
d7:5b:fc:1b:7c:d6:a1:0e:8b:18:dc:4c:1c:7a:95:16:cd:57:
30:80:97:1e:c2:a5:82:27:ba:4e:35:f9:b7:32:75:13:fc:e4:
53:89:cd:d9:af:91:a1:96:a5:d7:fb:45:d1:8e:fd:38:7f:4b:
ae:9c:42:17:bb:18:06:4e:c8:b2:79:a3:39:9b:bf:8e:84:8b:
e8:84:39:ba:4a:80:41:de:86:3f:26:44:62:c2:46:56:bd:18:
6b:e6:39:89:3c:09:23:56:e8:80:4c:2b:32:e7:e9:82:09:06:
74:be:57:11:6a:02:56:10:27:6d:99:4f:be:a5:77:dc:f3:af:
96:fb:e6:3d:5d:5a:40:40:02:d0:ae:76:c4:e5:d3:e7:38:03:
0b:91:31:20:c8:9e:82:3e:09:2c:be:3e:20:2d:36:1e:00:1e:
fc:43:dc:be:73:82:7f:81:3f:d0:0a:bf:2b:c4:2a:11:50:59:
88:89:60:00
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVnEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMy
MDI0MDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZCOTUxNzgwRDc4M0U0
OTJGOEJGMTY4NjYwMzY3MjVFQjlDN0ZCQjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLm1HobhuWz9gs9z8i6ZdtlH4rezF3M8uu2/0FIOsz7CiWlUME
9uWmU9uUmq7qomgTqUsCIyRRVnxPOCbzdJ7O/S7BV+heNYv4gWFTffi5uNT9FlQp
rbR5rtmKH0suIpU3eO5kURlqt8R6twimow4d+h64oX5MTxdHssFUhQQX09EIwjSJ
b0rzm7q9qNjFspW6xsf08xlIyTQX7fHFSoNO6eXy2eSfVigeb1XmuJ8oHXJCD29Z
c1V6UTKeJOCKFltA7Ls1ZKQC1pIP1tTytHNVg5lnr+FZvxk5hKdAgaii5HYqJUlk
9haDzdhcTOdybZlz4nn1AjvDk9YQRlq3mX/hAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU+5UXgNeD5JL4vxaGYDZyXrnH+7IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly01VVhnTmVENUpMNHZ4
YUdZRFp5WHJuSC03SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACibPdeWzljq4nPy
lj1zINr5ODa+4IT6GQqxxHxUcj4U9Jxm40RmdWHhq1f8f0kJnYhrvpjdEo2h7XhJ
gJ/bxLMx6mQAKwlF/ddb/Bt81qEOixjcTBx6lRbNVzCAlx7CpYInuk41+bcydRP8
5FOJzdmvkaGWpdf7RdGO/Th/S66cQhe7GAZOyLJ5ozmbv46Ei+iEObpKgEHehj8m
RGLCRla9GGvmOYk8CSNW6IBMKzLn6YIJBnS+VxFqAlYQJ22ZT76ld9zzr5b75j1d
WkBAAtCudsTl0+c4AwuRMSDInoI+CSy+PiAtNh4AHvxD3L5zgn+BP9AKvyvEKhFQ
WYiJYAA=
-----END CERTIFICATE-----
Generated at Tue May 14 01:48:24 2024 by rpki-client on console.sobornost.net