Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8Owp8lN1q0WJJ0Z2ELaCEV28Jss.roa
File: 8Owp8lN1q0WJJ0Z2ELaCEV28Jss.roa (raw, json)
Hash identifier: yjsZRmcp56cSb/o3Yr2jLKbBzIZi7Gp1McPJclxyM9c=
Subject key identifier: F0:EC:29:F2:53:75:AB:45:89:27:46:76:10:B6:82:11:5D:BC:26:CB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 44E1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8Owp8lN1q0WJJ0Z2ELaCEV28Jss.roa
Signing time: Sat 20 Apr 2024 10:23:04 +0000
ROA not before: Sat 20 Apr 2024 10:23:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17633 (0x44e1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 10:23:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F0EC29F25375AB458927467610B682115DBC26CB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:18:fb:d3:38:34:1d:cf:fa:59:82:6f:99:1c:
26:9a:a0:81:8b:9b:0f:f5:69:bb:5a:a7:dd:65:f4:
fe:42:10:80:74:84:b1:62:9d:27:c0:6c:39:2a:43:
b9:94:ea:da:fc:29:28:63:91:b1:1f:63:49:3f:5c:
aa:76:15:97:38:be:e4:7e:ed:3d:cc:a7:03:89:62:
f8:7b:da:74:47:45:09:4b:95:86:f6:ae:aa:08:43:
5e:8b:82:59:28:09:02:2b:e8:39:4b:d8:2b:59:d2:
ff:7c:ba:d2:d7:34:73:c2:ce:45:02:7b:a2:5d:23:
ea:d4:f0:2f:25:92:28:43:13:c7:b1:e5:5f:f3:a3:
13:28:2e:00:db:ae:b9:93:c9:8f:31:6d:a7:00:34:
3a:12:88:1f:ff:08:7c:1a:7e:2f:d0:4f:e0:80:cf:
ba:c0:9b:78:02:c7:a3:c7:6a:a9:d7:e1:2d:ea:27:
a1:e8:ea:d2:8c:b5:f9:de:88:7a:0f:ae:14:3a:2f:
c4:ad:4b:82:c5:c3:8a:64:c2:ef:54:74:7d:18:a2:
ac:a2:d7:1a:e6:b5:54:64:1a:78:38:df:d5:b0:5a:
74:c4:61:07:6d:58:8c:89:9f:0b:ec:84:1e:1e:9b:
77:76:5d:9d:22:89:6e:75:bc:f9:e0:d7:58:a0:a8:
1d:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:EC:29:F2:53:75:AB:45:89:27:46:76:10:B6:82:11:5D:BC:26:CB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8Owp8lN1q0WJJ0Z2ELaCEV28Jss.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
03:4c:ec:fe:1b:32:5f:3f:79:99:5e:ac:37:2c:4a:7b:4e:15:
58:36:e7:8a:3a:31:f2:02:f9:7c:27:4f:12:6b:ce:aa:f4:6d:
85:29:cc:44:76:5b:df:01:a3:32:dc:c6:16:b3:1b:4f:6c:91:
0f:2e:77:09:25:fc:ee:5f:2e:a1:56:74:6b:0d:a0:c2:d0:5f:
e3:e3:a4:e0:0b:11:d7:53:60:b4:9f:0f:de:04:b4:b2:1a:41:
3a:9a:0a:29:6d:61:3f:d4:66:c9:3a:e0:6e:8b:9d:fe:74:b9:
94:39:1a:d8:59:0a:21:85:31:09:ca:b1:62:fe:b6:46:a2:5b:
d2:a4:86:8f:dc:f9:56:8d:fc:33:88:e1:20:1d:61:7e:e8:c0:
be:2b:83:b9:f1:05:12:3a:06:f5:0f:ea:29:87:75:77:d5:b4:
6d:83:0a:fd:5f:07:e1:eb:19:ba:f8:84:0d:4d:77:2a:2b:ff:
9d:3e:b0:ea:68:91:3e:35:db:4a:34:f2:b2:b1:ac:ed:de:cf:
35:d2:36:a7:b9:e6:73:13:23:cc:19:82:06:4b:6b:ab:c0:af:
a8:5f:f4:b8:fa:82:5a:42:0f:81:1f:20:d1:78:fe:07:a6:8e:
9e:9c:c8:fe:f4:2a:27:9b:4e:35:e6:ea:68:01:db:14:50:42:
2e:ed:47:b2
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICROEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAx
MDIzMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEYwRUMyOUYyNTM3NUFC
NDU4OTI3NDY3NjEwQjY4MjExNURCQzI2Q0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPGPvTODQdz/pZgm+ZHCaaoIGLmw/1abtap91l9P5CEIB0hLFi
nSfAbDkqQ7mU6tr8KShjkbEfY0k/XKp2FZc4vuR+7T3MpwOJYvh72nRHRQlLlYb2
rqoIQ16LglkoCQIr6DlL2CtZ0v98utLXNHPCzkUCe6JdI+rU8C8lkihDE8ex5V/z
oxMoLgDbrrmTyY8xbacANDoSiB//CHwafi/QT+CAz7rAm3gCx6PHaqnX4S3qJ6Ho
6tKMtfneiHoPrhQ6L8StS4LFw4pkwu9UdH0Yoqyi1xrmtVRkGng439WwWnTEYQdt
WIyJnwvshB4em3d2XZ0iiW51vPng11igqB1tAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU8Owp8lN1q0WJJ0Z2ELaCEV28JsswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhPd3A4bE4xcTBXSkow
WjJFTGFDRVYyOEpzcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAANM7P4bMl8/eZle
rDcsSntOFVg254o6MfIC+XwnTxJrzqr0bYUpzER2W98BozLcxhazG09skQ8udwkl
/O5fLqFWdGsNoMLQX+PjpOALEddTYLSfD94EtLIaQTqaCiltYT/UZsk64G6Lnf50
uZQ5GthZCiGFMQnKsWL+tkaiW9Kkho/c+VaN/DOI4SAdYX7owL4rg7nxBRI6BvUP
6imHdXfVtG2DCv1fB+HrGbr4hA1Ndyor/50+sOpokT4120o08rKxrO3ezzXSNqe5
5nMTI8wZggZLa6vAr6hf9Lj6glpCD4EfINF4/gemjp6cyP70KiebTjXm6mgB2xRQ
Qi7tR7I=
-----END CERTIFICATE-----
Generated at Sat Apr 20 15:20:44 2024 by rpki-client on console.sobornost.net