Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4Yd0giUt8FK9ZqmSF3bqTciQsuI.roa
File: 4Yd0giUt8FK9ZqmSF3bqTciQsuI.roa (raw, json)
Hash identifier: /9487rMk3u8QqtEjaft5doCe1Z9AeD5e08ysa6qUsmE=
Subject key identifier: E1:87:74:82:25:2D:F0:52:BD:66:A9:92:17:76:EA:4D:C8:90:B2:E2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35E1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4Yd0giUt8FK9ZqmSF3bqTciQsuI.roa
Signing time: Sun 31 Mar 2024 10:22:11 +0000
ROA not before: Sun 31 Mar 2024 10:22:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13793 (0x35e1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 10:22:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E1877482252DF052BD66A9921776EA4DC890B2E2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:bf:ba:13:b2:85:45:14:38:23:d3:17:a5:73:
73:3b:7c:db:84:23:23:f2:b1:a6:72:11:18:b5:e1:
d4:7a:1a:d4:75:ad:9f:01:37:46:03:83:80:91:76:
fa:1d:bc:2d:1d:e3:8b:24:27:95:b0:45:67:ee:c8:
d1:51:a8:25:70:eb:c6:3f:04:9c:ac:4c:bc:03:cb:
6e:af:a3:6a:8a:f0:8d:4e:c8:b3:69:65:50:b6:1f:
68:0a:54:56:17:e0:63:db:15:6d:e2:3e:c4:e1:31:
00:4e:05:83:0a:06:40:29:c3:ec:eb:29:54:4d:05:
eb:53:cf:97:bf:6d:23:f5:b5:52:c4:8b:39:90:dc:
ae:a4:37:13:76:37:5d:3c:20:98:bc:39:bf:4f:32:
63:ca:e8:7a:94:6f:3e:b3:c6:0a:60:49:cf:09:19:
4a:fa:c6:30:14:cb:7a:8a:a4:cf:90:81:78:4b:c1:
d8:58:72:7d:85:de:75:04:68:49:b1:df:27:7e:8e:
19:9c:75:41:bf:a1:6b:ec:f5:d9:c2:64:39:91:b9:
1f:bc:b7:a3:07:9b:ea:1e:ac:e0:e3:50:2a:bc:ce:
6e:b9:03:9d:15:b3:91:7d:37:3f:02:5c:e3:44:3b:
5f:fe:71:cc:be:33:b5:07:bc:6e:27:36:95:37:74:
ab:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:87:74:82:25:2D:F0:52:BD:66:A9:92:17:76:EA:4D:C8:90:B2:E2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4Yd0giUt8FK9ZqmSF3bqTciQsuI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b1:df:07:f7:c2:0a:0e:cb:71:79:f3:cc:aa:3a:50:8a:49:f4:
9d:9e:b2:31:1a:fd:5e:2c:99:9e:b2:2b:38:14:d7:0a:b6:e7:
e2:ca:60:1a:b5:af:6a:a4:cb:02:98:8d:9d:1d:2f:49:b6:18:
5c:48:1d:35:3d:de:75:05:6b:97:6e:c3:34:55:a1:ff:1d:90:
a1:95:d2:9e:e7:e8:29:be:b4:34:6b:f9:80:54:17:9c:31:2f:
56:30:2f:34:99:3e:ba:73:db:4b:cf:97:2f:1a:47:0c:ee:02:
98:79:f1:9f:15:6c:99:2f:d9:83:6a:ed:45:49:c2:7f:98:ca:
81:59:d4:b2:61:2c:24:88:92:ca:a1:a1:ab:16:8e:35:87:b3:
85:2d:2c:2f:c0:29:a7:4d:d4:ce:74:6e:62:ac:f7:d1:2b:39:
af:00:57:0a:19:49:8f:2b:28:8a:bc:01:74:18:b9:63:ab:82:
b3:b3:a5:15:fe:6d:b2:80:8c:bc:47:bc:d4:26:83:14:5b:9c:
d1:b5:13:2e:e8:e6:34:3d:27:74:81:6e:e6:47:32:be:80:fe:
27:06:bf:c2:fa:0a:ac:5c:8b:47:16:d6:75:05:09:85:10:3d:
f7:f8:5c:14:4b:70:5d:c1:5b:3a:4e:b4:39:75:fc:c4:7a:0e:
00:e4:4f:5b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNeEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEx
MDIyMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUxODc3NDgyMjUyREYw
NTJCRDY2QTk5MjE3NzZFQTREQzg5MEIyRTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOv7oTsoVFFDgj0xelc3M7fNuEIyPysaZyERi14dR6GtR1rZ8B
N0YDg4CRdvodvC0d44skJ5WwRWfuyNFRqCVw68Y/BJysTLwDy26vo2qK8I1OyLNp
ZVC2H2gKVFYX4GPbFW3iPsThMQBOBYMKBkApw+zrKVRNBetTz5e/bSP1tVLEizmQ
3K6kNxN2N108IJi8Ob9PMmPK6HqUbz6zxgpgSc8JGUr6xjAUy3qKpM+QgXhLwdhY
cn2F3nUEaEmx3yd+jhmcdUG/oWvs9dnCZDmRuR+8t6MHm+oerODjUCq8zm65A50V
s5F9Nz8CXONEO1/+ccy+M7UHvG4nNpU3dKtHAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU4Yd0giUt8FK9ZqmSF3bqTciQsuIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRZZDBnaVV0OEZLOVpx
bVNGM2JxVGNpUXN1SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALHfB/fCCg7LcXnz
zKo6UIpJ9J2esjEa/V4smZ6yKzgU1wq25+LKYBq1r2qkywKYjZ0dL0m2GFxIHTU9
3nUFa5duwzRVof8dkKGV0p7n6Cm+tDRr+YBUF5wxL1YwLzSZPrpz20vPly8aRwzu
Aph58Z8VbJkv2YNq7UVJwn+YyoFZ1LJhLCSIksqhoasWjjWHs4UtLC/AKadN1M50
bmKs99ErOa8AVwoZSY8rKIq8AXQYuWOrgrOzpRX+bbKAjLxHvNQmgxRbnNG1Ey7o
5jQ9J3SBbuZHMr6A/icGv8L6Cqxci0cW1nUFCYUQPff4XBRLcF3BWzpOtDl1/MR6
DgDkT1s=
-----END CERTIFICATE-----
Generated at Sun Mar 31 13:30:54 2024 by rpki-client on console.sobornost.net