Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/E5xQwEbo2jtvttZxPtGNAagJwGE.roa
File: E5xQwEbo2jtvttZxPtGNAagJwGE.roa (raw, json)
Hash identifier: LSwdadgsVYM74UtKepA/37FYU/4qzFV8TaDIrakxFcc=
Subject key identifier: 13:9C:50:C0:46:E8:DA:3B:6F:B6:D6:71:3E:D1:8D:01:A8:09:C0:61
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C85
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/E5xQwEbo2jtvttZxPtGNAagJwGE.roa
Signing time: Tue 30 Apr 2024 14:53:37 +0000
ROA not before: Tue 30 Apr 2024 14:53:37 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19589 (0x4c85)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 14:53:37 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=139C50C046E8DA3B6FB6D6713ED18D01A809C061
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:0e:68:8d:5d:23:a9:75:00:54:a3:ad:0d:82:
89:73:97:ad:87:3e:b1:10:7c:fd:ad:eb:e7:2d:9a:
e7:cd:9c:ce:21:57:80:32:4b:d2:fe:33:4a:77:f6:
98:fb:d9:42:4a:40:b2:13:ed:88:13:3d:2f:a8:1a:
50:20:3d:ab:2f:ff:85:8d:4f:22:37:7b:4a:56:be:
cf:35:c4:b8:a9:bc:05:bb:fb:f0:77:d3:f5:62:b1:
d4:7e:f9:ab:84:f4:5e:5c:0a:f8:ae:4d:06:c8:13:
6b:f6:dc:dd:1a:7a:f9:ea:88:19:8c:3d:cc:ae:12:
bf:1a:26:4a:c2:30:7f:99:91:8e:91:b7:e7:0c:60:
e1:34:95:ca:67:a9:8c:a0:30:5b:ef:1d:71:4e:b8:
a9:ff:db:6b:e4:31:a9:db:50:ec:1a:b7:d9:8a:a7:
2e:ec:f4:31:8d:f9:b2:9e:33:30:07:bc:b3:bd:09:
44:59:6e:46:d4:f0:7c:28:27:52:f7:8b:5e:8e:0c:
8f:ee:63:73:80:d8:f9:2f:0d:7c:97:ac:51:55:4c:
d3:fe:35:2e:ba:d7:26:24:d1:56:b7:9f:92:a5:82:
28:c4:2a:e6:93:79:2a:aa:c4:fe:26:42:f5:d0:99:
2b:84:35:59:bc:77:50:77:43:fe:d5:08:a0:04:5b:
55:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:9C:50:C0:46:E8:DA:3B:6F:B6:D6:71:3E:D1:8D:01:A8:09:C0:61
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/E5xQwEbo2jtvttZxPtGNAagJwGE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
7c:a1:3c:e4:6d:56:e9:4a:4f:04:6c:55:9e:87:21:bc:69:3b:
d5:46:e7:08:f9:63:d0:5f:01:43:3c:7e:45:34:fa:a5:24:43:
12:eb:63:db:e0:2a:6d:01:68:7d:e8:2c:29:19:cd:7f:3f:a8:
c3:62:b6:3e:13:9e:95:d9:58:62:9f:98:2c:7a:e1:dc:ad:4e:
7d:3c:9e:5d:2d:83:50:9c:8b:71:dc:5c:e8:b2:e7:00:8a:d1:
3e:e7:40:5d:ad:b7:c1:29:3b:14:1e:ad:6b:24:75:f2:44:0e:
93:65:1d:10:f6:d8:18:bd:80:40:40:ab:67:82:7d:a0:a0:58:
8c:1a:ed:e0:95:2c:74:9a:c4:63:ac:d1:55:32:69:94:91:02:
c7:fc:28:4e:cf:03:bf:57:65:00:3a:08:f9:6c:e0:74:5a:be:
cf:33:f7:31:9f:1d:9a:4d:23:32:4e:c9:50:8a:36:ba:6d:3a:
77:0e:c2:c4:1e:46:32:cf:a2:f0:45:26:c5:f7:72:c6:4f:72:
44:22:1e:07:bc:ea:9f:45:72:d7:a4:bd:d6:ff:c2:e7:f0:a2:
a6:25:4d:1b:02:3c:86:b3:69:1d:79:a6:1d:bd:0c:0c:89:ea:
ea:cd:69:cc:cb:47:58:a8:23:91:af:d8:06:8e:ff:be:9c:f1:
ea:ba:9c:09
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTIUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAx
NDUzMzdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDEzOUM1MEMwNDZFOERB
M0I2RkI2RDY3MTNFRDE4RDAxQTgwOUMwNjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVDmiNXSOpdQBUo60Ngolzl62HPrEQfP2t6+ctmufNnM4hV4Ay
S9L+M0p39pj72UJKQLIT7YgTPS+oGlAgPasv/4WNTyI3e0pWvs81xLipvAW7+/B3
0/VisdR++auE9F5cCviuTQbIE2v23N0aevnqiBmMPcyuEr8aJkrCMH+ZkY6Rt+cM
YOE0lcpnqYygMFvvHXFOuKn/22vkManbUOwat9mKpy7s9DGN+bKeMzAHvLO9CURZ
bkbU8HwoJ1L3i16ODI/uY3OA2PkvDXyXrFFVTNP+NS661yYk0Va3n5KlgijEKuaT
eSqqxP4mQvXQmSuENVm8d1B3Q/7VCKAEW1XDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUE5xQwEbo2jtvttZxPtGNAagJwGEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0U1eFF3RWJvMmp0dnR0
WnhQdEdOQWFnSndHRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHyhPORtVulKTwRs
VZ6HIbxpO9VG5wj5Y9BfAUM8fkU0+qUkQxLrY9vgKm0BaH3oLCkZzX8/qMNitj4T
npXZWGKfmCx64dytTn08nl0tg1Cci3HcXOiy5wCK0T7nQF2tt8EpOxQerWskdfJE
DpNlHRD22Bi9gEBAq2eCfaCgWIwa7eCVLHSaxGOs0VUyaZSRAsf8KE7PA79XZQA6
CPls4HRavs8z9zGfHZpNIzJOyVCKNrptOncOwsQeRjLPovBFJsX3csZPckQiHge8
6p9Fctekvdb/wufwoqYlTRsCPIazaR15ph29DAyJ6urNaczLR1ioI5Gv2AaO/76c
8eq6nAk=
-----END CERTIFICATE-----
Generated at Tue Apr 30 18:40:18 2024 by rpki-client on console.sobornost.net