Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/By7WjpdrfIzPhBs4CVavLtQsX5E.roa
File: By7WjpdrfIzPhBs4CVavLtQsX5E.roa (raw, json)
Hash identifier: YKRvj6K1qXKVJT2yvYPevvXYx60iEfVa7OxMmV6eqlg=
Subject key identifier: 07:2E:D6:8E:97:6B:7C:8C:CF:84:1B:38:09:56:AF:2E:D4:2C:5F:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DDD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/By7WjpdrfIzPhBs4CVavLtQsX5E.roa
Signing time: Thu 02 May 2024 09:53:40 +0000
ROA not before: Thu 02 May 2024 09:53:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19933 (0x4ddd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 09:53:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=072ED68E976B7C8CCF841B380956AF2ED42C5F91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:c7:d6:f2:88:d9:b2:f0:b7:bb:0d:f0:35:f7:
51:df:66:41:fb:2f:13:98:44:8e:5a:2d:79:32:fe:
88:56:d4:77:60:d5:bf:7b:26:12:81:87:9f:00:5d:
db:6f:94:cb:23:ce:e3:2b:40:81:8f:ab:05:df:86:
4e:c6:b6:fc:7c:6b:73:7c:cd:34:49:97:f2:93:ad:
95:28:b1:d6:f0:85:4e:ef:38:d5:75:1e:7c:c6:f7:
50:0e:10:f1:a3:0b:4f:5f:65:95:1c:00:08:bb:46:
f9:c3:de:1d:a5:ae:c5:ba:99:38:ea:2d:4b:f0:9b:
07:da:1b:47:45:86:11:0a:c6:80:0f:f6:1f:4b:0c:
2d:92:9c:88:4c:24:72:9b:34:1b:50:c2:7e:34:82:
9f:32:5d:01:bf:b4:aa:f6:af:e6:f1:7a:0f:85:98:
48:06:88:5a:53:44:4a:46:e0:d8:7f:e7:c4:b4:e1:
db:c0:21:04:42:c6:61:fe:6d:0d:5c:92:3a:76:19:
71:a7:15:16:a2:a1:9a:a9:a4:b3:d5:82:eb:81:17:
66:c9:45:cd:ac:69:6a:6d:f7:84:f2:82:52:8d:5f:
af:21:57:00:c3:75:e0:0d:44:26:bb:77:58:d6:82:
c6:49:7e:c2:ac:a7:aa:3a:f3:95:c3:3a:5f:7d:cc:
77:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:2E:D6:8E:97:6B:7C:8C:CF:84:1B:38:09:56:AF:2E:D4:2C:5F:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/By7WjpdrfIzPhBs4CVavLtQsX5E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
67:9b:a7:2b:c7:8d:17:18:0d:53:b6:c7:f7:25:1e:0b:b7:12:
f7:b4:be:62:89:cc:2f:7f:ef:a6:6c:2f:a6:f2:29:9c:a3:a1:
37:05:10:f1:02:98:ba:9d:d5:0d:7b:0e:e7:66:19:9d:21:f6:
36:37:c0:0c:c0:f8:d6:a2:6d:9c:1b:c6:30:3a:7b:ac:cc:f5:
a6:23:3b:d8:bb:f1:8f:d7:a2:40:80:f3:c8:62:e9:52:33:da:
e7:3f:22:5a:6b:b2:9d:22:95:d6:5d:72:a4:01:9f:d7:32:85:
38:96:5d:bd:84:d5:1c:48:ed:60:56:8f:2b:ca:63:e2:6e:22:
0e:5c:fb:81:9b:a0:d3:52:4f:15:9f:85:19:76:26:b6:7f:36:
da:df:c0:db:3a:e7:ba:3f:e0:d6:4e:d2:7e:bc:6d:1e:ef:cc:
53:fb:da:94:49:4a:ef:9a:14:6a:95:8e:8c:76:70:fc:21:c1:
86:00:f0:8c:40:3a:ca:99:e4:b4:e7:4f:92:5f:4c:3d:a9:73:
02:b1:f3:21:5b:ec:e3:7f:bc:7d:50:7d:49:04:9e:dd:9d:4a:
d2:4f:f0:9b:b6:b7:4b:c9:3a:98:05:53:43:fc:45:84:e2:09:
50:b7:8d:5f:ab:f7:b7:ee:54:19:20:0a:fb:a0:11:90:ad:c3:
a1:0c:af:b3
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTd0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
OTUzNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA3MkVENjhFOTc2QjdD
OENDRjg0MUIzODA5NTZBRjJFRDQyQzVGOTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTx9byiNmy8Le7DfA191HfZkH7LxOYRI5aLXky/ohW1Hdg1b97
JhKBh58AXdtvlMsjzuMrQIGPqwXfhk7Gtvx8a3N8zTRJl/KTrZUosdbwhU7vONV1
HnzG91AOEPGjC09fZZUcAAi7RvnD3h2lrsW6mTjqLUvwmwfaG0dFhhEKxoAP9h9L
DC2SnIhMJHKbNBtQwn40gp8yXQG/tKr2r+bxeg+FmEgGiFpTREpG4Nh/58S04dvA
IQRCxmH+bQ1ckjp2GXGnFRaioZqppLPVguuBF2bJRc2saWpt94TyglKNX68hVwDD
deANRCa7d1jWgsZJfsKsp6o685XDOl99zHcFAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUBy7WjpdrfIzPhBs4CVavLtQsX5EwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0J5N1dqcGRyZkl6UGhC
czRDVmF2THRRc1g1RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGebpyvHjRcYDVO2
x/clHgu3Eve0vmKJzC9/76ZsL6byKZyjoTcFEPECmLqd1Q17DudmGZ0h9jY3wAzA
+NaibZwbxjA6e6zM9aYjO9i78Y/XokCA88hi6VIz2uc/Ilprsp0ildZdcqQBn9cy
hTiWXb2E1RxI7WBWjyvKY+JuIg5c+4GboNNSTxWfhRl2JrZ/NtrfwNs657o/4NZO
0n68bR7vzFP72pRJSu+aFGqVjox2cPwhwYYA8IxAOsqZ5LTnT5JfTD2pcwKx8yFb
7ON/vH1QfUkEnt2dStJP8Ju2t0vJOpgFU0P8RYTiCVC3jV+r97fuVBkgCvugEZCt
w6EMr7M=
-----END CERTIFICATE-----
Generated at Thu May 2 13:57:27 2024 by rpki-client on console.sobornost.net