Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4GIjnsavz0tA9AXWbaRJ2CNeQ-w.roa
File: 4GIjnsavz0tA9AXWbaRJ2CNeQ-w.roa (raw, json)
Hash identifier: QnXpJClKVIfzx6An1uPQf5ASz6jHn6sngvpJKyn71yM=
Subject key identifier: E0:62:23:9E:C6:AF:CF:4B:40:F4:05:D6:6D:A4:49:D8:23:5E:43:EC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3EC1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4GIjnsavz0tA9AXWbaRJ2CNeQ-w.roa
Signing time: Fri 12 Apr 2024 06:22:46 +0000
ROA not before: Fri 12 Apr 2024 06:22:46 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16065 (0x3ec1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 06:22:46 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E062239EC6AFCF4B40F405D66DA449D8235E43EC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:3b:38:24:e8:4c:87:46:42:85:46:3a:80:f9:
7f:41:b2:b3:ba:43:c9:0b:01:e2:8b:2f:60:ef:74:
81:cf:1b:4c:77:28:f0:30:2b:28:18:2b:25:26:c2:
b4:b6:74:7c:5f:4e:6a:82:0f:34:12:79:60:7c:d6:
55:f6:b3:5c:0b:22:3c:69:ff:86:0b:1c:e4:c4:27:
30:19:a1:7c:a9:01:e3:3a:c2:ad:ae:e5:42:ec:7c:
1b:8a:39:de:92:eb:1f:e1:df:b3:1d:f2:07:23:6e:
18:81:a9:b7:eb:f1:32:32:7d:bd:55:6b:da:8f:a9:
73:43:39:b4:8c:cb:03:69:14:12:78:14:f7:c2:32:
42:99:f4:85:92:b9:b2:0a:8f:60:83:bf:fc:24:40:
64:f0:4f:fd:3c:29:3b:14:e0:da:70:fe:b1:4b:8b:
2e:d8:00:02:0d:93:4f:89:2b:87:8c:2d:94:05:35:
9a:8c:2d:dc:3b:b8:c2:b4:70:7b:64:76:88:86:51:
14:90:ba:9f:a9:c6:be:3a:a2:28:4a:2a:2c:cc:4c:
2c:b0:a2:df:a9:0d:08:06:52:bd:e5:bc:6c:89:67:
0f:44:03:d4:f4:e4:b5:cf:de:cf:2c:d2:f5:56:23:
b3:66:81:f1:e6:dc:ec:4d:97:98:26:fc:0a:ec:c4:
b5:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:62:23:9E:C6:AF:CF:4B:40:F4:05:D6:6D:A4:49:D8:23:5E:43:EC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4GIjnsavz0tA9AXWbaRJ2CNeQ-w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
39:61:b3:5a:39:10:dc:49:17:7c:a6:7a:d9:94:1e:33:c5:ae:
5c:8b:e3:56:2d:3b:93:82:26:22:18:e5:4e:93:2c:c8:84:de:
0a:39:3b:56:7c:e2:e4:d2:2d:45:f0:f7:ab:f2:3d:61:32:0e:
a4:a8:84:fd:a4:ae:dc:cc:b5:29:5a:e0:71:65:6b:26:bc:ca:
c3:da:56:bc:52:05:79:af:c4:ba:6e:6c:a4:d2:db:3a:26:4e:
97:1e:05:6c:15:0d:4b:85:1a:e9:31:98:08:32:74:5a:55:b3:
60:0e:d8:cc:e4:9f:c9:79:e5:61:80:4c:47:71:6a:ef:38:c9:
74:7b:c0:de:fd:34:07:cc:72:f0:04:a3:44:b9:d8:46:5a:82:
0e:9e:da:68:d6:ef:26:72:97:24:9b:fc:1f:52:b4:cf:11:3b:
32:a1:88:8f:d1:d9:ce:9e:4d:be:78:7a:4c:60:f7:b0:60:04:
53:99:6a:42:6e:a2:f7:22:57:b6:ab:00:48:3c:a5:60:a1:e8:
3b:bf:99:7d:23:2e:48:85:87:69:08:a9:18:fd:4c:fb:ad:19:
fe:3c:90:98:68:77:c1:06:bc:db:e3:51:ee:6a:f8:d4:a1:dd:
cb:c5:8a:af:84:8e:26:fa:7f:b6:0f:fd:18:25:94:8f:50:62:
e6:ff:cc:73
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPsEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIw
NjIyNDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUwNjIyMzlFQzZBRkNG
NEI0MEY0MDVENjZEQTQ0OUQ4MjM1RTQzRUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+Ozgk6EyHRkKFRjqA+X9BsrO6Q8kLAeKLL2DvdIHPG0x3KPAw
KygYKyUmwrS2dHxfTmqCDzQSeWB81lX2s1wLIjxp/4YLHOTEJzAZoXypAeM6wq2u
5ULsfBuKOd6S6x/h37Md8gcjbhiBqbfr8TIyfb1Va9qPqXNDObSMywNpFBJ4FPfC
MkKZ9IWSubIKj2CDv/wkQGTwT/08KTsU4Npw/rFLiy7YAAINk0+JK4eMLZQFNZqM
Ldw7uMK0cHtkdoiGURSQup+pxr46oihKKizMTCywot+pDQgGUr3lvGyJZw9EA9T0
5LXP3s8s0vVWI7NmgfHm3OxNl5gm/ArsxLX9AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU4GIjnsavz0tA9AXWbaRJ2CNeQ+wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRHSWpuc2F2ejB0QTlB
WFdiYVJKMkNOZVEtdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADlhs1o5ENxJF3ym
etmUHjPFrlyL41YtO5OCJiIY5U6TLMiE3go5O1Z84uTSLUXw96vyPWEyDqSohP2k
rtzMtSla4HFlaya8ysPaVrxSBXmvxLpubKTS2zomTpceBWwVDUuFGukxmAgydFpV
s2AO2Mzkn8l55WGATEdxau84yXR7wN79NAfMcvAEo0S52EZagg6e2mjW7yZylySb
/B9StM8ROzKhiI/R2c6eTb54ekxg97BgBFOZakJuovciV7arAEg8pWCh6Du/mX0j
LkiFh2kIqRj9TPutGf48kJhod8EGvNvjUe5q+NSh3cvFiq+Ejib6f7YP/RgllI9Q
Yub/zHM=
-----END CERTIFICATE-----
Generated at Fri Apr 12 12:41:58 2024 by rpki-client on console.sobornost.net