Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1o0q8CTEcKZzgMaZgDWeep_0rB4.roa
File: 1o0q8CTEcKZzgMaZgDWeep_0rB4.roa (raw, json)
Hash identifier: Ji8zE08v2j7PEJ9+psXETDFlrr3M1XauRdM3a4X+Jr4=
Subject key identifier: D6:8D:2A:F0:24:C4:70:A6:73:80:C6:99:80:35:9E:7A:9F:F4:AC:1E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4B9D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1o0q8CTEcKZzgMaZgDWeep_0rB4.roa
Signing time: Mon 29 Apr 2024 09:53:29 +0000
ROA not before: Mon 29 Apr 2024 09:53:29 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19357 (0x4b9d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 09:53:29 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D68D2AF024C470A67380C69980359E7A9FF4AC1E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:7b:fb:5f:36:26:a5:f4:04:0a:92:c5:15:4a:
c4:1d:2d:7e:80:a4:3c:dc:77:53:0d:78:db:92:da:
94:94:c0:ea:05:34:af:0f:7d:c4:aa:a3:18:fb:9f:
c0:e0:6d:b8:99:83:bd:88:54:4b:b1:0c:75:b2:2f:
c6:2d:49:17:b0:59:96:c7:7a:0f:c3:50:30:3f:15:
52:27:53:51:6e:21:04:f9:bb:5b:54:2e:cf:93:62:
82:99:f4:6b:1e:ee:c2:4b:64:23:1e:16:53:64:d3:
aa:e0:d0:60:d0:44:08:4f:6d:ff:5c:57:f9:86:6e:
ca:b6:e7:64:aa:51:80:fb:fb:67:18:9e:f6:4d:e3:
4c:00:40:41:6d:1c:46:95:6e:57:8e:a0:bf:93:8c:
13:dd:18:29:f2:d7:6f:04:d0:cd:25:3a:47:5d:a9:
d4:87:39:5d:1b:0c:f3:ff:0c:18:37:64:8a:30:a1:
c9:be:3e:f8:6a:cf:74:6d:a6:55:42:bc:4f:d1:2e:
18:b4:67:35:e3:a2:97:d6:85:b2:1a:63:c2:2a:ef:
a3:a1:2d:c4:ab:e7:cd:1c:f4:1c:93:51:54:31:cb:
69:37:47:87:0b:ac:16:34:62:81:1d:ba:09:3b:ef:
75:02:c9:5e:94:79:de:f3:70:40:9d:96:69:ff:12:
06:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:8D:2A:F0:24:C4:70:A6:73:80:C6:99:80:35:9E:7A:9F:F4:AC:1E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1o0q8CTEcKZzgMaZgDWeep_0rB4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
41:ec:53:8d:94:da:0d:f6:c2:d8:2f:37:d2:ea:fa:cd:a4:62:
50:98:52:c1:2e:18:5d:9b:cb:4a:0c:98:29:9f:7a:ff:87:e6:
54:b5:f1:19:74:25:16:28:af:a4:6b:85:51:18:04:e2:fc:78:
b5:31:09:41:e1:be:b3:8c:96:b4:13:db:db:6d:39:ed:2d:57:
b9:d4:be:a0:03:e6:cb:1f:15:c1:91:7b:c9:9b:7f:e6:6e:80:
29:dc:15:40:e5:db:22:d4:c0:ad:9d:18:ae:e0:27:99:84:55:
d0:63:84:ce:b7:76:03:8f:35:cd:12:6b:e0:d9:a4:d8:7a:e7:
24:6c:d6:74:5c:36:41:98:8f:60:8e:15:6e:8f:0e:4b:1b:f3:
41:d0:73:83:a9:4d:6f:ae:d8:60:3e:db:cd:cc:04:be:a9:b9:
4b:7f:30:4e:95:95:6d:37:79:ed:eb:7f:a1:aa:1a:3b:8f:d9:
ae:7e:eb:2d:0f:75:c4:7a:c3:e3:19:43:18:13:ab:36:98:f1:
70:47:90:4f:e5:ef:de:bf:47:b2:b6:56:45:fb:58:43:ad:ac:
e2:48:92:27:6a:75:b1:0b:33:6e:f8:e4:10:5f:2e:68:42:7f:
fb:e2:88:6f:05:04:98:e2:f7:7b:33:32:46:25:4f:47:b6:89:
06:56:09:73
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICS50wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkw
OTUzMjlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ2OEQyQUYwMjRDNDcw
QTY3MzgwQzY5OTgwMzU5RTdBOUZGNEFDMUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCie/tfNial9AQKksUVSsQdLX6ApDzcd1MNeNuS2pSUwOoFNK8P
fcSqoxj7n8DgbbiZg72IVEuxDHWyL8YtSRewWZbHeg/DUDA/FVInU1FuIQT5u1tU
Ls+TYoKZ9Gse7sJLZCMeFlNk06rg0GDQRAhPbf9cV/mGbsq252SqUYD7+2cYnvZN
40wAQEFtHEaVbleOoL+TjBPdGCny128E0M0lOkddqdSHOV0bDPP/DBg3ZIowocm+
Pvhqz3RtplVCvE/RLhi0ZzXjopfWhbIaY8Iq76OhLcSr580c9ByTUVQxy2k3R4cL
rBY0YoEdugk773UCyV6Ued7zcECdlmn/EgbJAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU1o0q8CTEcKZzgMaZgDWeep/0rB4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFvMHE4Q1RFY0taemdN
YVpnRFdlZXBfMHJCNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEHsU42U2g32wtgv
N9Lq+s2kYlCYUsEuGF2by0oMmCmfev+H5lS18Rl0JRYor6RrhVEYBOL8eLUxCUHh
vrOMlrQT29ttOe0tV7nUvqAD5ssfFcGRe8mbf+ZugCncFUDl2yLUwK2dGK7gJ5mE
VdBjhM63dgOPNc0Sa+DZpNh65yRs1nRcNkGYj2COFW6PDksb80HQc4OpTW+u2GA+
283MBL6puUt/ME6VlW03ee3rf6GqGjuP2a5+6y0PdcR6w+MZQxgTqzaY8XBHkE/l
796/R7K2VkX7WEOtrOJIkidqdbELM2745BBfLmhCf/viiG8FBJji93szMkYlT0e2
iQZWCXM=
-----END CERTIFICATE-----
Generated at Mon Apr 29 14:27:21 2024 by rpki-client on console.sobornost.net