Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0Ps3DlYSgQNai7J9xWqxGiAzSMk.roa
File: 0Ps3DlYSgQNai7J9xWqxGiAzSMk.roa (raw, json)
Hash identifier: 7tVlv3s89zhFCPV5xR2mL5xenyAKTKvEXC1CyxfkcZ8=
Subject key identifier: D0:FB:37:0E:56:12:81:03:5A:8B:B2:7D:C5:6A:B1:1A:20:33:48:C9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 49A9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0Ps3DlYSgQNai7J9xWqxGiAzSMk.roa
Signing time: Fri 26 Apr 2024 19:23:24 +0000
ROA not before: Fri 26 Apr 2024 19:23:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18857 (0x49a9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 26 19:23:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D0FB370E561281035A8BB27DC56AB11A203348C9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:05:0e:7d:97:4e:24:ed:c0:d1:28:a7:61:b1:
f0:75:a5:75:20:46:b7:fc:be:11:57:8c:6a:80:cf:
21:19:e0:45:2e:35:63:cd:ce:bf:d1:32:25:ab:04:
ec:6c:22:a5:86:25:f4:3a:0d:01:cc:28:3e:9e:33:
8e:70:fb:4d:91:70:5e:e5:9f:15:15:0e:90:86:3d:
7b:cf:75:63:1c:af:fa:68:53:ea:84:ea:d2:ab:21:
c7:c4:46:ff:96:84:8a:61:7c:4e:37:94:4c:6a:54:
e2:64:9d:c7:7e:bf:e8:12:72:e6:54:f0:4d:e2:05:
b8:49:0d:ae:8d:93:52:ba:eb:fd:20:5c:de:d6:6b:
a0:e6:b9:ef:ba:fe:1d:d8:8f:37:f2:1b:a0:c5:a7:
5a:9f:f5:d2:38:73:42:56:60:aa:fd:8d:fd:82:b7:
b0:3d:75:60:00:0f:ed:a7:12:46:f7:a7:ef:8d:e0:
a5:4c:0c:5e:7d:45:c2:4e:43:ac:9f:2a:1e:27:aa:
d3:15:b8:b5:76:2d:ba:4b:47:70:53:35:35:bb:02:
a4:2e:60:f1:8a:8d:b4:65:3e:60:73:ff:b8:f7:a8:
d0:da:33:2b:b6:62:a5:95:0b:33:a9:87:c0:e0:7e:
f9:6c:79:ff:34:42:96:75:c3:7c:99:3f:35:79:18:
cf:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:FB:37:0E:56:12:81:03:5A:8B:B2:7D:C5:6A:B1:1A:20:33:48:C9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0Ps3DlYSgQNai7J9xWqxGiAzSMk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
79:0b:69:e6:49:64:51:50:62:58:49:cc:2c:35:55:e1:d6:83:
0a:ac:78:86:02:71:7d:e5:d0:78:41:0e:0c:2b:ae:f7:14:aa:
7f:93:20:a8:ed:eb:e6:b0:c6:c4:a1:f2:ed:31:47:8f:e5:7a:
1a:a0:30:da:f6:fe:30:c9:8f:eb:af:62:cd:5d:47:e3:64:98:
15:b4:e3:1d:da:f4:ea:fe:99:fc:71:18:a1:97:4e:93:c3:20:
e8:46:69:e9:bf:26:a6:02:0a:27:5f:ec:35:22:89:28:0a:19:
22:54:e8:2a:ae:77:73:49:f1:75:e3:60:7c:50:e8:0f:f4:f3:
97:ba:c8:35:e4:2f:49:2a:c4:a3:c6:25:89:e5:9c:08:2e:1d:
cf:23:ac:d2:92:3b:14:b9:01:9c:7b:0d:c8:be:0e:ad:40:fe:
35:43:1a:50:1c:57:3f:28:53:68:ff:e5:d2:bd:da:5a:91:37:
59:c9:5d:11:16:8a:4c:ad:96:c1:73:e0:37:5f:de:6e:63:fd:
c2:af:b2:9a:51:4e:89:a2:ae:d5:f8:27:43:0c:31:74:f9:37:
0a:41:e1:f7:2a:be:49:8f:bc:50:6f:5e:1c:a2:60:45:53:80:
78:8d:9a:ec:23:ac:a2:1a:6d:84:75:3c:b8:21:f3:4f:ce:37:
1e:a2:9b:83
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSakwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjYx
OTIzMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQwRkIzNzBFNTYxMjgx
MDM1QThCQjI3REM1NkFCMTFBMjAzMzQ4QzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMBQ59l04k7cDRKKdhsfB1pXUgRrf8vhFXjGqAzyEZ4EUuNWPN
zr/RMiWrBOxsIqWGJfQ6DQHMKD6eM45w+02RcF7lnxUVDpCGPXvPdWMcr/poU+qE
6tKrIcfERv+WhIphfE43lExqVOJkncd+v+gScuZU8E3iBbhJDa6Nk1K66/0gXN7W
a6Dmue+6/h3YjzfyG6DFp1qf9dI4c0JWYKr9jf2Ct7A9dWAAD+2nEkb3p++N4KVM
DF59RcJOQ6yfKh4nqtMVuLV2LbpLR3BTNTW7AqQuYPGKjbRlPmBz/7j3qNDaMyu2
YqWVCzOph8Dgfvlsef80QpZ1w3yZPzV5GM+DAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU0Ps3DlYSgQNai7J9xWqxGiAzSMkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBQczNEbFlTZ1FOYWk3
Sjl4V3F4R2lBelNNay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHkLaeZJZFFQYlhJ
zCw1VeHWgwqseIYCcX3l0HhBDgwrrvcUqn+TIKjt6+awxsSh8u0xR4/lehqgMNr2
/jDJj+uvYs1dR+NkmBW04x3a9Or+mfxxGKGXTpPDIOhGaem/JqYCCidf7DUiiSgK
GSJU6Cqud3NJ8XXjYHxQ6A/085e6yDXkL0kqxKPGJYnlnAguHc8jrNKSOxS5AZx7
Dci+Dq1A/jVDGlAcVz8oU2j/5dK92lqRN1nJXREWikytlsFz4Ddf3m5j/cKvsppR
TomirtX4J0MMMXT5NwpB4fcqvkmPvFBvXhyiYEVTgHiNmuwjrKIabYR1PLgh80/O
Nx6im4M=
-----END CERTIFICATE-----
Generated at Sat Apr 27 10:40:45 2024 by rpki-client on console.sobornost.net