Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/18s4zqMVeDSPxnKGHC8reidHzxU.roa
File: 18s4zqMVeDSPxnKGHC8reidHzxU.roa (raw, json)
Hash identifier: g1u7nlzpH+V1kX2HqWZ0Fyfme6q2CbkdGZL5zQ44SxI=
Subject key identifier: D7:CB:38:CE:A3:15:78:34:8F:C6:72:86:1C:2F:2B:7A:27:47:CF:15
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 32E1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/18s4zqMVeDSPxnKGHC8reidHzxU.roa
Signing time: Wed 27 Mar 2024 10:22:23 +0000
ROA not before: Wed 27 Mar 2024 10:22:23 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13025 (0x32e1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 27 10:22:23 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D7CB38CEA31578348FC672861C2F2B7A2747CF15
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:5a:61:94:c3:60:c2:25:5a:e8:ee:35:0d:3a:
e4:90:34:36:fa:c1:04:d2:56:69:aa:69:9a:24:71:
a0:81:05:b0:bf:53:e4:99:e8:2d:a8:cb:cc:a7:11:
78:4e:72:ff:07:99:33:f6:f8:a4:38:10:c7:bf:a2:
bc:34:bb:3b:70:d4:93:c3:c6:9b:92:ef:cf:f9:ce:
48:23:c6:8e:fb:c5:e2:2a:c8:92:73:61:f5:c0:56:
29:e0:9e:d6:85:05:25:bf:f1:63:c1:55:40:da:cc:
0c:f6:ae:be:cb:59:53:5c:15:22:ae:11:17:cc:04:
17:ca:57:48:46:30:b3:ed:4d:1a:8f:79:e4:0e:b6:
28:3b:5b:6d:fd:cc:25:86:b6:63:56:29:ef:f8:2e:
6f:cf:96:d6:52:88:68:09:d3:ee:62:e6:77:c0:33:
f0:bb:21:8e:0b:66:65:1d:c3:0e:a7:4b:17:c9:f2:
c3:95:ea:c7:60:79:30:40:01:0a:fe:fa:10:6b:6c:
2c:a2:51:aa:d2:f0:df:6e:48:67:bd:d1:c6:36:22:
be:45:b0:e0:83:84:a0:44:3e:87:00:55:f6:5a:b9:
6a:78:82:5c:b7:db:8a:0c:70:1e:91:6f:90:67:a3:
5c:14:a5:d5:b6:64:32:1c:cf:50:6f:6f:9f:10:03:
cb:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:CB:38:CE:A3:15:78:34:8F:C6:72:86:1C:2F:2B:7A:27:47:CF:15
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/18s4zqMVeDSPxnKGHC8reidHzxU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
67:84:bf:65:c7:0e:82:54:b8:a5:6a:dd:c0:a8:18:84:55:a3:
b9:a1:9c:89:10:7e:84:04:20:ef:d1:c9:e4:f4:44:0c:86:2a:
a9:b7:a0:b0:07:2e:38:2b:59:0f:bd:72:ea:3d:ff:99:99:f9:
b3:07:73:ed:12:3a:87:5f:fd:8d:c0:94:73:e1:f8:71:58:f1:
4b:4e:2b:53:a1:63:cc:f9:90:41:09:a5:7c:cd:b6:3f:fb:3a:
6a:d7:22:39:91:18:23:d1:45:ed:69:e2:b2:b1:2c:03:d6:51:
19:8d:34:81:2c:44:01:e2:c5:05:b5:a1:c8:fd:7a:51:65:7c:
5b:07:0b:66:ef:0f:d5:6e:64:77:b9:d4:59:22:37:fd:a6:a1:
01:d5:95:71:8c:89:66:58:ad:b7:fd:f3:a3:21:9d:12:2e:dd:
a0:0a:a7:37:17:3d:0b:66:be:7d:74:3d:ba:bd:89:8a:dd:e6:
de:97:37:09:d5:a7:f3:18:b2:10:4a:17:28:88:f5:4c:16:d2:
db:c0:21:5b:fc:81:71:c3:1c:b8:4e:3e:e1:02:36:8f:12:33:
e7:a5:6f:29:ce:d8:0a:09:54:2d:58:99:d3:b1:cc:5c:f9:ac:
fb:f2:8e:e2:7f:70:4f:5b:0f:2e:ee:a6:90:a2:53:8f:da:ed:
c4:61:76:b8
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICMuEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjcx
MDIyMjNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ3Q0IzOENFQTMxNTc4
MzQ4RkM2NzI4NjFDMkYyQjdBMjc0N0NGMTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9WmGUw2DCJVro7jUNOuSQNDb6wQTSVmmqaZokcaCBBbC/U+SZ
6C2oy8ynEXhOcv8HmTP2+KQ4EMe/orw0uztw1JPDxpuS78/5zkgjxo77xeIqyJJz
YfXAVingntaFBSW/8WPBVUDazAz2rr7LWVNcFSKuERfMBBfKV0hGMLPtTRqPeeQO
tig7W239zCWGtmNWKe/4Lm/PltZSiGgJ0+5i5nfAM/C7IY4LZmUdww6nSxfJ8sOV
6sdgeTBAAQr++hBrbCyiUarS8N9uSGe90cY2Ir5FsOCDhKBEPocAVfZauWp4gly3
24oMcB6Rb5Bno1wUpdW2ZDIcz1Bvb58QA8thAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU18s4zqMVeDSPxnKGHC8reidHzxUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzE4czR6cU1WZURTUHhu
S0dIQzhyZWlkSHp4VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGeEv2XHDoJUuKVq
3cCoGIRVo7mhnIkQfoQEIO/RyeT0RAyGKqm3oLAHLjgrWQ+9cuo9/5mZ+bMHc+0S
Oodf/Y3AlHPh+HFY8UtOK1OhY8z5kEEJpXzNtj/7OmrXIjmRGCPRRe1p4rKxLAPW
URmNNIEsRAHixQW1ocj9elFlfFsHC2bvD9VuZHe51FkiN/2moQHVlXGMiWZYrbf9
86MhnRIu3aAKpzcXPQtmvn10Pbq9iYrd5t6XNwnVp/MYshBKFyiI9UwW0tvAIVv8
gXHDHLhOPuECNo8SM+elbynO2AoJVC1YmdOxzFz5rPvyjuJ/cE9bDy7uppCiU4/a
7cRhdrg=
-----END CERTIFICATE-----
Generated at Wed Mar 27 16:40:20 2024 by rpki-client on console.sobornost.net