Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AfRPHyu-00Uf-D5pw2Lq1fp9e1I.roa
File: AfRPHyu-00Uf-D5pw2Lq1fp9e1I.roa (raw, json)
Hash identifier: AFGpOYqBat/B3O1xst7rS7+BmmCCVXe0BChTn2h0Thg=
Subject key identifier: 01:F4:4F:1F:2B:BE:D3:45:1F:F8:3E:69:C3:62:EA:D5:FA:7D:7B:52
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3765
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AfRPHyu-00Uf-D5pw2Lq1fp9e1I.roa
Signing time: Tue 02 Apr 2024 10:52:16 +0000
ROA not before: Tue 02 Apr 2024 10:52:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14181 (0x3765)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 2 10:52:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=01F44F1F2BBED3451FF83E69C362EAD5FA7D7B52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:0f:8b:66:7a:0c:69:78:18:f9:a6:0d:c7:ba:
57:cf:75:7f:89:13:d4:7c:57:49:4b:3d:ae:0b:86:
ef:19:83:6f:13:5d:6c:df:3a:e8:d1:83:cd:d9:80:
f1:11:3c:2d:5d:59:60:de:83:54:ff:9d:bf:16:55:
b4:c8:8d:09:b0:44:c9:5a:5a:39:b3:3f:bc:49:72:
ca:60:27:26:12:be:9f:3f:a3:ac:d4:4c:9e:32:da:
f0:17:52:c0:29:8f:26:4f:35:ef:45:7c:2a:b4:2d:
d0:60:a4:b6:8f:29:71:1d:4b:3b:c4:39:84:df:9f:
71:e4:5f:ea:ca:b6:61:43:df:79:a3:8f:85:67:07:
16:19:a1:2a:a0:7d:4e:27:eb:3d:87:fd:ee:12:af:
f9:96:e3:b3:58:23:27:fb:b3:ba:11:26:b8:91:f7:
29:3a:2e:90:f9:02:cb:46:fc:ea:9f:83:c9:13:76:
a8:75:2c:26:64:48:5e:82:56:96:85:5f:55:62:dd:
01:d4:47:88:9b:c8:c8:1e:6b:a0:ff:d2:a7:4c:41:
b6:8d:cf:ae:1f:ca:f6:52:cf:6a:ad:f1:55:5a:84:
c3:10:9b:10:23:e7:f1:2f:ff:76:6b:b7:9b:71:e4:
49:9c:3c:79:a3:a3:5f:99:f1:c6:d2:5f:50:0d:60:
6a:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:F4:4F:1F:2B:BE:D3:45:1F:F8:3E:69:C3:62:EA:D5:FA:7D:7B:52
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AfRPHyu-00Uf-D5pw2Lq1fp9e1I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
37:24:4a:49:ce:3f:46:87:69:a9:63:27:77:e5:72:ef:3f:b0:
7f:3f:6e:6c:de:31:8c:78:4a:f1:82:5e:f5:1a:5f:39:8e:fa:
4f:9b:ad:67:47:af:17:10:a0:7b:2d:62:df:8d:28:81:10:10:
da:ef:e2:fd:15:5f:0a:73:03:55:54:0c:c1:b3:2c:1c:6e:65:
42:5a:41:f8:79:3c:1b:7c:e2:2b:be:45:2b:fc:ac:01:1b:b8:
d1:7c:76:be:bb:36:29:c0:10:c7:ae:ba:91:d5:40:69:4d:6b:
98:82:1c:c1:ab:ad:7d:1a:99:91:c8:6c:a2:bd:2a:d9:4d:0c:
df:70:8e:af:5b:01:ec:c8:be:ae:e5:94:5b:00:8c:7d:e4:8f:
d5:d1:a2:55:00:54:c9:b1:8e:aa:a8:68:89:79:bf:07:6e:b5:
82:90:ec:e8:db:68:50:63:a4:5b:9d:2a:2f:34:b4:1e:10:25:
e0:45:34:02:27:e9:24:2d:ba:da:6a:04:e0:ff:cd:85:91:f2:
eb:d3:f9:9e:f6:ad:36:d3:d1:09:90:60:0f:27:a5:be:a2:ac:
43:c1:38:d7:69:44:ba:df:96:af:c1:cd:3f:18:a1:c0:2d:8c:
19:28:8f:13:46:66:09:dd:29:73:f5:91:55:6a:02:9e:ad:11:
5f:f2:0c:47
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICN2UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDIx
MDUyMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAxRjQ0RjFGMkJCRUQz
NDUxRkY4M0U2OUMzNjJFQUQ1RkE3RDdCNTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUD4tmegxpeBj5pg3HulfPdX+JE9R8V0lLPa4Lhu8Zg28TXWzf
OujRg83ZgPERPC1dWWDeg1T/nb8WVbTIjQmwRMlaWjmzP7xJcspgJyYSvp8/o6zU
TJ4y2vAXUsApjyZPNe9FfCq0LdBgpLaPKXEdSzvEOYTfn3HkX+rKtmFD33mjj4Vn
BxYZoSqgfU4n6z2H/e4Sr/mW47NYIyf7s7oRJriR9yk6LpD5AstG/Oqfg8kTdqh1
LCZkSF6CVpaFX1Vi3QHUR4ibyMgea6D/0qdMQbaNz64fyvZSz2qt8VVahMMQmxAj
5/Ev/3Zrt5tx5EmcPHmjo1+Z8cbSX1ANYGqfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUAfRPHyu+00Uf+D5pw2Lq1fp9e1IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FmUlBIeXUtMDBVZi1E
NXB3MkxxMWZwOWUxSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADckSknOP0aHaalj
J3flcu8/sH8/bmzeMYx4SvGCXvUaXzmO+k+brWdHrxcQoHstYt+NKIEQENrv4v0V
XwpzA1VUDMGzLBxuZUJaQfh5PBt84iu+RSv8rAEbuNF8dr67NinAEMeuupHVQGlN
a5iCHMGrrX0amZHIbKK9KtlNDN9wjq9bAezIvq7llFsAjH3kj9XRolUAVMmxjqqo
aIl5vwdutYKQ7OjbaFBjpFudKi80tB4QJeBFNAIn6SQtutpqBOD/zYWR8uvT+Z72
rTbT0QmQYA8npb6irEPBONdpRLrflq/BzT8YocAtjBkojxNGZgndKXP1kVVqAp6t
EV/yDEc=
-----END CERTIFICATE-----
Generated at Tue Apr 2 17:48:33 2024 by rpki-client on console.sobornost.net