Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/5yF1mmVlAFY7DPpvKF6aBFhb9rc.roa
File: 5yF1mmVlAFY7DPpvKF6aBFhb9rc.roa (raw, json)
Hash identifier: jdhl7x9scPo7M4sSEXQ6z+dpEyCtlbXikFV4JecppAA=
Subject key identifier: E7:21:75:9A:65:65:00:56:3B:0C:FA:6F:28:5E:9A:04:58:5B:F6:B7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4BCD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5yF1mmVlAFY7DPpvKF6aBFhb9rc.roa
Signing time: Mon 29 Apr 2024 15:53:34 +0000
ROA not before: Mon 29 Apr 2024 15:53:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19405 (0x4bcd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 15:53:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E721759A656500563B0CFA6F285E9A04585BF6B7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:aa:12:48:39:41:84:65:7d:a4:73:11:a4:df:
db:64:bc:35:83:7b:61:fc:0f:bd:38:c3:52:d9:61:
9b:26:fd:57:8b:bc:09:22:04:20:5b:3f:a3:97:d1:
b0:04:bd:09:d1:3a:6f:c9:81:76:ae:2f:f8:fd:9a:
45:10:57:e9:0b:7e:3d:02:60:56:5d:f3:77:16:95:
9c:15:bf:89:bd:f7:f4:eb:35:7c:27:21:ce:c8:92:
8f:d6:d1:d7:88:ff:bf:aa:69:d7:d6:89:79:5b:b4:
43:74:cb:fb:42:16:b5:5b:d7:82:7b:f6:a3:7b:db:
87:f4:78:9f:48:d6:a4:24:fe:9f:ba:c8:a9:ed:ce:
f3:f8:ae:57:93:20:dd:a0:8b:bc:38:77:5a:ea:4a:
b9:f3:1a:0f:d3:bc:dc:18:0a:bd:78:e5:b2:d9:9a:
d9:71:8e:25:6f:2f:77:ce:7e:31:56:c2:a5:9e:82:
23:5a:40:6f:51:8b:7b:56:f8:aa:f9:19:92:57:59:
71:f1:69:88:a5:ad:50:8d:79:5f:1c:10:ed:44:3a:
93:de:d5:bd:73:ae:50:5e:35:b0:35:98:28:f4:5d:
ee:ea:b0:90:f8:82:da:09:9f:5e:fc:cd:9e:b6:57:
08:e4:b9:bc:66:bf:05:b3:c9:86:8b:50:80:a9:1d:
7e:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:21:75:9A:65:65:00:56:3B:0C:FA:6F:28:5E:9A:04:58:5B:F6:B7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5yF1mmVlAFY7DPpvKF6aBFhb9rc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
3b:46:56:85:90:17:1b:f9:bb:39:37:bd:2b:ec:95:7a:28:75:
26:10:6c:1c:31:72:44:44:fb:2f:38:96:9c:45:a6:71:29:64:
79:e1:49:e8:7d:a5:24:bf:8e:49:5e:fa:42:54:80:e5:ed:c6:
84:b4:d7:66:7f:a5:ea:0b:9f:53:31:b1:f0:c2:ad:73:be:4b:
e3:f5:45:e3:24:7d:8c:e1:e7:18:39:9b:e0:82:18:e2:52:eb:
63:24:9d:10:05:a8:ed:97:31:c7:ee:9e:6a:74:4a:d2:68:25:
5f:ee:25:5c:2c:76:d9:e2:e2:96:80:26:80:ab:75:31:33:da:
f1:50:44:37:05:98:c7:22:79:c8:9e:b1:b5:53:e8:25:04:f8:
a6:52:26:04:ee:45:e8:95:da:58:42:1b:06:4e:a1:70:b0:42:
d3:04:e4:ce:6a:34:21:8a:fd:2d:5d:d6:5e:eb:f4:d1:00:83:
1e:3d:d4:c0:bc:2c:1b:7a:76:97:c4:74:77:57:bf:0b:e3:f0:
f0:e9:d5:fe:3d:9e:2f:8a:ad:9d:33:c6:c0:b5:9b:fc:f9:82:
86:d0:72:7a:3e:15:ce:da:db:95:1b:33:46:cb:9d:ec:7f:19:
19:9f:96:6c:30:fe:dd:4a:ce:76:87:06:ad:c3:f5:d1:28:89:
95:c9:c5:f9
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICS80wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkx
NTUzMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU3MjE3NTlBNjU2NTAw
NTYzQjBDRkE2RjI4NUU5QTA0NTg1QkY2QjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDsqhJIOUGEZX2kcxGk39tkvDWDe2H8D704w1LZYZsm/VeLvAki
BCBbP6OX0bAEvQnROm/JgXauL/j9mkUQV+kLfj0CYFZd83cWlZwVv4m99/TrNXwn
Ic7Iko/W0deI/7+qadfWiXlbtEN0y/tCFrVb14J79qN724f0eJ9I1qQk/p+6yKnt
zvP4rleTIN2gi7w4d1rqSrnzGg/TvNwYCr145bLZmtlxjiVvL3fOfjFWwqWegiNa
QG9Ri3tW+Kr5GZJXWXHxaYilrVCNeV8cEO1EOpPe1b1zrlBeNbA1mCj0Xe7qsJD4
gtoJn178zZ62VwjkubxmvwWzyYaLUICpHX6fAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU5yF1mmVlAFY7DPpvKF6aBFhb9rcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzV5RjFtbVZsQUZZN0RQ
cHZLRjZhQkZoYjlyYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADtGVoWQFxv5uzk3
vSvslXoodSYQbBwxckRE+y84lpxFpnEpZHnhSeh9pSS/jkle+kJUgOXtxoS012Z/
peoLn1MxsfDCrXO+S+P1ReMkfYzh5xg5m+CCGOJS62MknRAFqO2XMcfunmp0StJo
JV/uJVwsdtni4paAJoCrdTEz2vFQRDcFmMcieciesbVT6CUE+KZSJgTuReiV2lhC
GwZOoXCwQtME5M5qNCGK/S1d1l7r9NEAgx491MC8LBt6dpfEdHdXvwvj8PDp1f49
ni+KrZ0zxsC1m/z5gobQcno+Fc7a25UbM0bLnex/GRmflmww/t1KznaHBq3D9dEo
iZXJxfk=
-----END CERTIFICATE-----
Generated at Mon Apr 29 22:52:33 2024 by rpki-client on console.sobornost.net