Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-miFqqgwWcchCmFE_aAoUpc9f58.roa
File: -miFqqgwWcchCmFE_aAoUpc9f58.roa (raw, json)
Hash identifier: ItoJj+mX1Xg3d/ORjhVLheRwbSLxef+530W0Wnwkal0=
Subject key identifier: FA:68:85:AA:A8:30:59:C7:21:0A:61:44:FD:A0:28:52:97:3D:7F:9F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35FD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-miFqqgwWcchCmFE_aAoUpc9f58.roa
Signing time: Sun 31 Mar 2024 13:52:10 +0000
ROA not before: Sun 31 Mar 2024 13:52:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13821 (0x35fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 13:52:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FA6885AAA83059C7210A6144FDA02852973D7F9F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:9b:e9:f6:a0:2d:c1:aa:64:b9:b4:f2:f0:05:
0f:bb:e5:9f:2d:1b:31:5e:75:bd:63:89:2d:a8:69:
59:cd:25:eb:3b:fa:86:84:e0:5e:67:18:dc:6c:a6:
9d:9b:42:57:dd:6a:a0:f7:03:e2:47:af:a8:d5:c8:
bf:01:bd:d9:33:04:a5:e5:3a:d2:e4:f6:ec:62:8f:
40:3f:30:2b:49:d8:bb:71:75:3b:f3:a9:d5:3c:2f:
bf:8f:08:38:b3:81:b5:46:8d:96:81:a2:f3:ec:84:
1c:2c:d3:9a:41:a2:ef:78:1f:98:35:ef:8d:20:bb:
36:4a:4c:2e:b8:a0:aa:c3:db:45:7e:aa:3d:4d:12:
9c:e2:63:8b:d1:f0:5c:da:4e:3d:c9:e7:ea:f8:10:
e7:32:a7:37:ec:1e:7b:1f:e8:78:19:d9:a2:11:c8:
c7:d2:18:b3:61:48:98:53:19:7f:7c:bc:8b:97:ed:
ed:1f:e3:4a:4e:28:f1:50:6e:37:6b:f8:19:6d:2c:
b7:c8:8d:8c:87:1d:e9:a6:9e:74:3d:83:5b:5e:7b:
af:02:1c:97:8a:f9:9b:01:ad:e9:5b:8d:19:48:2c:
43:ec:5b:d7:4f:0f:53:73:cb:eb:c7:23:c1:42:6e:
09:b4:af:6f:6e:de:55:ce:62:53:ae:d5:80:ed:68:
11:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:68:85:AA:A8:30:59:C7:21:0A:61:44:FD:A0:28:52:97:3D:7F:9F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-miFqqgwWcchCmFE_aAoUpc9f58.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b2:65:6b:6f:01:4f:c1:6c:32:bd:9f:40:ea:1d:21:20:91:3e:
d7:28:b1:e6:17:84:5f:38:5f:b9:0f:7e:1a:40:61:79:c8:76:
33:fb:f4:6d:cb:13:f6:38:e1:27:a6:1f:5d:41:6b:2e:35:c6:
e6:2c:e5:1d:4c:a7:7a:2b:02:bc:b8:c0:da:4f:eb:48:80:9b:
cb:6d:2e:58:06:c9:8b:ae:08:66:11:dc:b6:b1:47:f8:3f:f7:
2f:da:eb:d3:d0:15:06:ed:cf:ce:0d:93:29:14:ff:0e:b3:fa:
61:61:49:29:4a:f3:9d:7b:d9:9a:f1:35:9d:77:c7:a3:70:bb:
92:d0:d3:bd:e8:54:47:5d:a4:c1:a5:4e:50:35:5a:d5:3c:13:
75:5f:64:a3:9b:1a:fc:b6:7e:5f:75:23:72:50:be:0b:a8:3d:
c4:d1:e4:f0:ab:93:1d:a0:eb:68:49:2f:5b:a5:b8:2f:4a:b2:
53:b5:84:6c:9f:13:03:a7:34:f8:2f:7d:8b:14:42:e9:78:b0:
89:c5:bb:c3:7e:10:71:7c:66:34:ee:76:41:96:9f:7a:e1:81:
89:1f:0d:5b:8c:dc:2f:2e:45:1e:1f:a3:5d:72:01:a9:50:50:
8d:ac:db:6e:4b:dd:80:f0:bd:67:0e:09:12:71:e9:d0:26:47:
18:14:ad:6a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNf0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEx
MzUyMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZBNjg4NUFBQTgzMDU5
QzcyMTBBNjE0NEZEQTAyODUyOTczRDdGOUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDvm+n2oC3BqmS5tPLwBQ+75Z8tGzFedb1jiS2oaVnNJes7+oaE
4F5nGNxspp2bQlfdaqD3A+JHr6jVyL8BvdkzBKXlOtLk9uxij0A/MCtJ2LtxdTvz
qdU8L7+PCDizgbVGjZaBovPshBws05pBou94H5g1740guzZKTC64oKrD20V+qj1N
EpziY4vR8FzaTj3J5+r4EOcypzfsHnsf6HgZ2aIRyMfSGLNhSJhTGX98vIuX7e0f
40pOKPFQbjdr+BltLLfIjYyHHemmnnQ9g1tee68CHJeK+ZsBrelbjRlILEPsW9dP
D1Nzy+vHI8FCbgm0r29u3lXOYlOu1YDtaBEjAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU+miFqqgwWcchCmFE/aAoUpc9f58wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly1taUZxcWd3V2NjaENt
RkVfYUFvVXBjOWY1OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALJla28BT8FsMr2f
QOodISCRPtcoseYXhF84X7kPfhpAYXnIdjP79G3LE/Y44SemH11Bay41xuYs5R1M
p3orAry4wNpP60iAm8ttLlgGyYuuCGYR3LaxR/g/9y/a69PQFQbtz84NkykU/w6z
+mFhSSlK85172ZrxNZ13x6Nwu5LQ073oVEddpMGlTlA1WtU8E3VfZKObGvy2fl91
I3JQvguoPcTR5PCrkx2g62hJL1uluC9KslO1hGyfEwOnNPgvfYsUQul4sInFu8N+
EHF8ZjTudkGWn3rhgYkfDVuM3C8uRR4fo11yAalQUI2s225L3YDwvWcOCRJx6dAm
RxgUrWo=
-----END CERTIFICATE-----
Generated at Sun Mar 31 20:32:18 2024 by rpki-client on console.sobornost.net