Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/6EDjIsfyXAG5AxRxVEOQCoG_7KM.roa
File: 6EDjIsfyXAG5AxRxVEOQCoG_7KM.roa (raw, json)
Hash identifier: ODVKnieY5OafqxxFAD67LvnfUI4aEQhSZFU+gS3XP3o=
Subject key identifier: E8:40:E3:22:C7:F2:5C:01:B9:03:14:71:54:43:90:0A:81:BF:EC:A3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4801
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6EDjIsfyXAG5AxRxVEOQCoG_7KM.roa
Signing time: Wed 24 Apr 2024 14:23:13 +0000
ROA not before: Wed 24 Apr 2024 14:23:13 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18433 (0x4801)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 14:23:13 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E840E322C7F25C01B90314715443900A81BFECA3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:a1:a3:81:64:19:73:be:03:7a:81:aa:4c:95:
6a:c9:05:1b:c8:c7:db:09:50:9a:e7:19:0f:45:7a:
84:4b:39:4c:29:88:39:34:2f:38:8b:0a:99:61:26:
a9:fe:93:56:7e:9d:44:00:f0:50:c6:44:80:54:46:
a8:fe:89:a7:76:eb:f4:e0:56:7a:ca:1c:ee:76:70:
e3:fa:d6:0b:86:19:79:d7:97:c3:da:ed:fc:00:0a:
97:cc:07:c3:ec:1a:23:66:9b:ed:58:0c:fa:d3:df:
24:22:26:26:55:8f:a1:7f:22:c5:7e:a6:57:d6:25:
2c:98:0c:96:3d:6b:13:e6:83:70:13:b0:2c:09:db:
26:a2:69:5e:b5:9c:18:4c:01:cf:59:94:90:63:95:
e4:9c:21:93:6f:b5:65:50:39:9e:79:31:47:bc:69:
8f:d7:e6:95:16:bd:0a:0a:14:2d:dd:aa:15:63:cf:
2f:4c:df:bb:e2:ab:e0:e8:03:00:b7:67:ad:e4:f0:
54:5a:07:7d:95:1e:71:0f:37:53:6c:30:b2:54:fd:
30:d9:02:26:31:52:02:36:4a:36:d4:cd:0f:63:18:
11:65:7c:c0:ae:bd:03:de:00:73:f0:6b:13:bc:1c:
7c:13:d4:3e:e5:58:f1:7b:28:01:b6:62:03:e0:ab:
24:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:40:E3:22:C7:F2:5C:01:B9:03:14:71:54:43:90:0A:81:BF:EC:A3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6EDjIsfyXAG5AxRxVEOQCoG_7KM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
35:e8:46:44:a7:89:30:96:7e:27:63:c7:b0:69:9f:89:3f:23:
29:40:c1:32:3d:b8:59:12:11:a6:f6:43:e3:e1:3a:5f:73:e6:
8e:b3:b4:ce:13:07:41:11:7d:ea:13:70:44:2d:df:e1:6e:c5:
f3:a5:bf:1f:b0:2d:1f:23:2a:07:89:30:19:2d:79:da:38:f2:
08:51:e0:a1:81:39:01:a7:5c:ab:95:cf:05:25:47:52:0d:7f:
de:01:63:02:9e:9b:47:d1:f1:40:ae:ce:fa:25:63:ac:f5:52:
a8:fc:07:de:7a:58:98:94:7f:9d:be:bf:a3:2c:87:d7:0f:cb:
b5:75:b7:0d:b2:f0:43:10:25:8e:e9:81:f7:7b:75:40:13:56:
2a:4f:51:68:60:2a:ec:03:49:f7:a3:b6:29:6a:2b:c0:86:82:
74:47:52:9b:8b:42:93:f2:4d:bc:ab:54:99:27:e3:2a:35:63:
ec:24:2a:56:fc:fe:46:33:11:cb:bc:4a:02:46:0f:c0:8b:19:
c9:fd:7e:5e:9e:44:26:6a:93:1d:20:ce:32:f7:73:b3:85:e9:
51:b5:e3:33:9d:69:81:4b:ad:68:2e:d7:55:e2:25:99:2a:c4:
34:e3:cd:97:44:44:e1:78:41:e4:43:60:ec:1b:5e:bd:3a:d4:
24:cd:aa:3f
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSAEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQx
NDIzMTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU4NDBFMzIyQzdGMjVD
MDFCOTAzMTQ3MTU0NDM5MDBBODFCRkVDQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnoaOBZBlzvgN6gapMlWrJBRvIx9sJUJrnGQ9FeoRLOUwpiDk0
LziLCplhJqn+k1Z+nUQA8FDGRIBURqj+iad26/TgVnrKHO52cOP61guGGXnXl8Pa
7fwACpfMB8PsGiNmm+1YDPrT3yQiJiZVj6F/IsV+plfWJSyYDJY9axPmg3ATsCwJ
2yaiaV61nBhMAc9ZlJBjleScIZNvtWVQOZ55MUe8aY/X5pUWvQoKFC3dqhVjzy9M
37viq+DoAwC3Z63k8FRaB32VHnEPN1NsMLJU/TDZAiYxUgI2SjbUzQ9jGBFlfMCu
vQPeAHPwaxO8HHwT1D7lWPF7KAG2YgPgqyQ/AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU6EDjIsfyXAG5AxRxVEOQCoG/7KMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzZFRGpJc2Z5WEFHNUF4
UnhWRU9RQ29HXzdLTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADXoRkSniTCWfidj
x7Bpn4k/IylAwTI9uFkSEab2Q+PhOl9z5o6ztM4TB0ERfeoTcEQt3+FuxfOlvx+w
LR8jKgeJMBktedo48ghR4KGBOQGnXKuVzwUlR1INf94BYwKem0fR8UCuzvolY6z1
Uqj8B956WJiUf52+v6Msh9cPy7V1tw2y8EMQJY7pgfd7dUATVipPUWhgKuwDSfej
tilqK8CGgnRHUpuLQpPyTbyrVJkn4yo1Y+wkKlb8/kYzEcu8SgJGD8CLGcn9fl6e
RCZqkx0gzjL3c7OF6VG14zOdaYFLrWgu11XiJZkqxDTjzZdEROF4QeRDYOwbXr06
1CTNqj8=
-----END CERTIFICATE-----
Generated at Wed Apr 24 21:49:58 2024 by rpki-client on console.sobornost.net