Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2x_kpoqaP2NaXu3QvrTGvtOor0Q.roa
File: 2x_kpoqaP2NaXu3QvrTGvtOor0Q.roa (raw, json)
Hash identifier: gnULpiVK5gI/okbWCXshcMKwmbgxGOClC2p6vq6gqF0=
Subject key identifier: DB:1F:E4:A6:8A:9A:3F:63:5A:5E:ED:D0:BE:B4:C6:BE:D3:A8:AF:44
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E55
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2x_kpoqaP2NaXu3QvrTGvtOor0Q.roa
Signing time: Fri 03 May 2024 00:53:41 +0000
ROA not before: Fri 03 May 2024 00:53:41 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20053 (0x4e55)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 00:53:41 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DB1FE4A68A9A3F635A5EEDD0BEB4C6BED3A8AF44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:a3:79:3e:3b:f1:5c:be:de:8c:44:1d:58:d8:
99:f2:6c:29:b1:30:dc:8e:e1:65:27:d6:a4:65:8e:
cc:3a:30:3f:e9:6b:40:06:8d:fd:aa:c8:5a:f9:6b:
b9:e7:e4:7a:d0:9d:6a:52:6f:ad:17:64:43:59:4c:
0d:36:0d:8f:bf:4e:ab:fe:2f:fb:4c:65:a2:c0:38:
c0:7d:5d:42:cf:e3:99:ea:ec:b5:5e:a4:a2:6d:08:
41:eb:bb:85:e4:76:cc:b7:3d:b2:cc:13:1a:74:40:
ea:0d:c4:69:c4:95:fd:d2:64:b8:9b:ea:0e:18:2a:
77:db:0f:fd:09:8d:be:a8:fd:cd:81:f8:a8:7b:9a:
dd:2b:07:b5:4b:af:28:e5:43:3c:42:b9:93:3c:35:
35:e9:bd:16:bd:0b:f0:98:7f:32:63:12:62:3e:31:
36:74:84:93:4b:d4:08:f2:7a:61:e1:8d:49:94:e5:
d9:84:67:af:39:ed:0b:fc:a1:0c:14:a6:ec:4a:c8:
94:23:52:a7:5b:1a:fb:3f:0c:b8:69:48:0b:90:0b:
73:35:e5:43:e5:75:b9:16:7a:0c:2b:4f:69:2a:0c:
68:e2:d1:af:1f:b1:d4:03:c2:d6:f7:44:26:c1:7a:
ca:1c:48:00:5b:91:57:2d:fe:17:d1:40:c3:73:b1:
07:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:1F:E4:A6:8A:9A:3F:63:5A:5E:ED:D0:BE:B4:C6:BE:D3:A8:AF:44
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2x_kpoqaP2NaXu3QvrTGvtOor0Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
01:fe:53:46:b8:2e:f6:30:43:f9:13:e6:34:db:63:a4:39:2e:
f1:d7:bf:39:7d:35:6b:eb:3d:5e:47:0c:a5:f8:0f:bc:5f:7f:
f9:bb:c5:92:66:19:5f:e9:60:f5:f2:5b:16:d3:f7:a9:44:a3:
35:6e:db:8b:41:86:27:c1:d9:d3:c0:00:38:9f:b9:cc:0d:ac:
19:29:fe:82:e7:e1:5b:fb:85:a2:b7:3f:8c:39:1a:03:c9:5e:
b7:49:75:c8:61:1b:ce:22:85:79:28:cc:c3:10:ab:ae:84:21:
aa:ed:eb:14:48:2a:0b:e6:e0:27:47:d5:b3:cc:62:02:43:b1:
5f:b6:f7:54:74:56:ac:df:51:69:76:08:ac:c7:2c:c1:2e:5d:
ed:ee:ea:37:62:cf:78:b6:cc:05:6a:df:8f:05:20:5c:d9:c4:
59:ee:1c:77:46:b0:82:df:73:55:bd:aa:e9:70:42:4f:4b:24:
df:ed:ec:c0:49:11:81:66:76:1d:5c:84:dd:0b:63:a2:04:3b:
6d:88:67:81:73:28:7a:ae:a0:d9:2e:e8:e5:71:82:4f:ce:07:
4b:f9:c5:6a:0f:1a:06:42:d0:d8:bc:cb:68:88:d6:19:50:74:
00:2f:a1:4d:a4:d2:31:b8:4a:65:b6:f1:8d:5b:a6:9e:44:6f:
00:3b:98:62
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTlUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMw
MDUzNDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERCMUZFNEE2OEE5QTNG
NjM1QTVFRUREMEJFQjRDNkJFRDNBOEFGNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2o3k+O/Fcvt6MRB1Y2JnybCmxMNyO4WUn1qRljsw6MD/pa0AG
jf2qyFr5a7nn5HrQnWpSb60XZENZTA02DY+/Tqv+L/tMZaLAOMB9XULP45nq7LVe
pKJtCEHru4Xkdsy3PbLMExp0QOoNxGnElf3SZLib6g4YKnfbD/0Jjb6o/c2B+Kh7
mt0rB7VLryjlQzxCuZM8NTXpvRa9C/CYfzJjEmI+MTZ0hJNL1AjyemHhjUmU5dmE
Z6857Qv8oQwUpuxKyJQjUqdbGvs/DLhpSAuQC3M15UPldbkWegwrT2kqDGji0a8f
sdQDwtb3RCbBesocSABbkVct/hfRQMNzsQddAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU2x/kpoqaP2NaXu3QvrTGvtOor0QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJ4X2twb3FhUDJOYVh1
M1F2clRHdnRPb3IwUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAH+U0a4LvYwQ/kT
5jTbY6Q5LvHXvzl9NWvrPV5HDKX4D7xff/m7xZJmGV/pYPXyWxbT96lEozVu24tB
hifB2dPAADifucwNrBkp/oLn4Vv7haK3P4w5GgPJXrdJdchhG84ihXkozMMQq66E
Iart6xRIKgvm4CdH1bPMYgJDsV+291R0VqzfUWl2CKzHLMEuXe3u6jdiz3i2zAVq
348FIFzZxFnuHHdGsILfc1W9qulwQk9LJN/t7MBJEYFmdh1chN0LY6IEO22IZ4Fz
KHquoNku6OVxgk/OB0v5xWoPGgZC0Ni8y2iI1hlQdAAvoU2k0jG4SmW28Y1bpp5E
bwA7mGI=
-----END CERTIFICATE-----
Generated at Fri May 3 12:22:21 2024 by rpki-client on console.sobornost.net