Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8Zp6KVyxlEXSex5iXOIMICSu8xw.roa
File: 8Zp6KVyxlEXSex5iXOIMICSu8xw.roa (raw, json)
Hash identifier: 8nJpRAoKvfB3cQ5falTJIxN4kAsoABRGaWzuxph/4ug=
Subject key identifier: F1:9A:7A:29:5C:B1:94:45:D2:7B:1E:62:5C:E2:0C:20:24:AE:F3:1C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42C9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8Zp6KVyxlEXSex5iXOIMICSu8xw.roa
Signing time: Wed 17 Apr 2024 15:22:58 +0000
ROA not before: Wed 17 Apr 2024 15:22:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17097 (0x42c9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 15:22:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F19A7A295CB19445D27B1E625CE20C2024AEF31C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:5a:00:51:40:68:02:3f:8a:6f:aa:4a:e4:2c:
f7:3d:1e:e1:94:c5:04:43:83:6d:5a:2e:7d:b6:39:
9c:8b:ef:4c:8d:e4:6f:37:12:fa:15:ce:d7:e4:54:
96:79:94:27:6a:a2:cf:e9:eb:9f:95:17:2e:29:f1:
44:78:51:c3:dc:be:1b:81:37:61:a0:46:90:19:20:
1b:09:a0:53:cf:13:d4:19:d3:19:c2:48:eb:0b:68:
6d:95:5a:c8:b9:5e:22:57:ff:fe:d0:86:a9:3b:46:
10:4e:34:99:e4:d1:66:95:d0:46:d3:ac:9d:26:dd:
23:6c:b2:12:07:7c:d0:7e:75:56:af:a2:40:c6:35:
6e:02:f2:b3:cf:2e:6b:5c:63:ce:50:94:84:fc:b3:
df:28:e2:42:6e:d3:71:ba:35:2d:15:d9:1c:20:85:
8c:95:ad:7d:75:54:41:da:fc:cc:0d:62:76:aa:e2:
bb:92:96:45:34:d7:96:34:8d:b1:63:fc:6b:dc:a2:
76:93:2a:76:9f:60:d9:66:da:94:bc:cd:cf:88:76:
5f:f3:30:97:f0:99:1e:4d:a6:0f:f1:7e:81:3a:da:
5d:ca:17:ba:19:f4:41:5d:48:da:b6:c6:45:bc:25:
c2:9a:38:de:7d:99:64:43:92:68:c9:2f:b0:9c:91:
64:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:9A:7A:29:5C:B1:94:45:D2:7B:1E:62:5C:E2:0C:20:24:AE:F3:1C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8Zp6KVyxlEXSex5iXOIMICSu8xw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b8:56:dd:66:7b:0e:93:be:21:8f:92:26:24:c9:08:5d:77:fc:
63:86:d5:c6:d8:ab:97:72:70:6e:f5:68:08:5c:26:ff:1d:a7:
0f:5a:15:12:ce:e8:0f:5c:d9:39:0e:0a:0c:b3:77:f5:a7:89:
14:0f:69:d9:14:06:d7:76:6c:09:43:15:0a:59:4a:fd:d5:93:
55:09:b4:c9:42:bf:2e:f7:ca:43:53:d3:69:25:df:6f:04:b3:
01:63:d7:43:7f:be:c9:11:aa:b1:63:40:e5:b5:78:38:b7:e7:
51:49:96:bc:b7:ef:6e:7b:35:1e:be:f7:3a:74:a8:5b:9a:dd:
95:8a:eb:27:a3:8d:5a:98:3a:f2:90:76:5d:23:09:fe:7b:5d:
6c:e1:53:0f:1c:45:35:f8:e2:41:8e:53:29:d9:db:50:5e:b6:
95:17:b5:14:ae:53:a9:c5:ee:70:ce:fa:d5:ce:22:58:a1:18:
95:09:33:21:f8:d3:9a:d0:e4:30:4d:21:a3:a7:bb:69:8f:b4:
85:10:30:fa:82:6c:35:f7:5d:82:83:9d:c6:2f:81:5d:d2:c2:
3d:7a:50:81:bc:1d:d4:d2:01:41:45:5b:1f:91:5d:a1:4b:22:
ad:61:6a:8d:d4:66:c9:e3:3f:0d:6d:99:04:5e:49:73:e8:15:
ec:58:77:bc
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQskwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcx
NTIyNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEYxOUE3QTI5NUNCMTk0
NDVEMjdCMUU2MjVDRTIwQzIwMjRBRUYzMUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIWgBRQGgCP4pvqkrkLPc9HuGUxQRDg21aLn22OZyL70yN5G83
EvoVztfkVJZ5lCdqos/p65+VFy4p8UR4UcPcvhuBN2GgRpAZIBsJoFPPE9QZ0xnC
SOsLaG2VWsi5XiJX//7Qhqk7RhBONJnk0WaV0EbTrJ0m3SNsshIHfNB+dVavokDG
NW4C8rPPLmtcY85QlIT8s98o4kJu03G6NS0V2RwghYyVrX11VEHa/MwNYnaq4ruS
lkU015Y0jbFj/GvconaTKnafYNlm2pS8zc+Idl/zMJfwmR5Npg/xfoE62l3KF7oZ
9EFdSNq2xkW8JcKaON59mWRDkmjJL7CckWRlAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU8Zp6KVyxlEXSex5iXOIMICSu8xwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhacDZLVnl4bEVYU2V4
NWlYT0lNSUNTdTh4dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALhW3WZ7DpO+IY+S
JiTJCF13/GOG1cbYq5dycG71aAhcJv8dpw9aFRLO6A9c2TkOCgyzd/WniRQPadkU
Btd2bAlDFQpZSv3Vk1UJtMlCvy73ykNT02kl328EswFj10N/vskRqrFjQOW1eDi3
51FJlry37257NR6+9zp0qFua3ZWK6yejjVqYOvKQdl0jCf57XWzhUw8cRTX44kGO
UynZ21BetpUXtRSuU6nF7nDO+tXOIlihGJUJMyH405rQ5DBNIaOnu2mPtIUQMPqC
bDX3XYKDncYvgV3Swj16UIG8HdTSAUFFWx+RXaFLIq1hao3UZsnjPw1tmQReSXPo
FexYd7w=
-----END CERTIFICATE-----
Generated at Wed Apr 17 21:27:37 2024 by rpki-client on console.sobornost.net