Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/FrubdPQy_TKE0Pg7IpRjNfagoew.roa
File: FrubdPQy_TKE0Pg7IpRjNfagoew.roa (raw, json)
Hash identifier: AkbDgeThH0H0OYhCzUPniCi8w7Y7AYox1eCIbRTtZxE=
Subject key identifier: 16:BB:9B:74:F4:32:FD:32:84:D0:F8:3B:22:94:63:35:F6:A0:A1:EC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3DC5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FrubdPQy_TKE0Pg7IpRjNfagoew.roa
Signing time: Wed 10 Apr 2024 22:52:43 +0000
ROA not before: Wed 10 Apr 2024 22:52:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15813 (0x3dc5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 22:52:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=16BB9B74F432FD3284D0F83B22946335F6A0A1EC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:25:73:13:1b:a5:d2:f9:de:a4:f7:9a:b1:f8:
0d:63:d3:40:9e:2c:6a:47:9c:30:7a:31:9e:5d:1b:
ca:d4:9b:68:0d:ad:d4:8f:95:c4:98:e2:d4:96:0f:
4f:76:bd:07:0c:eb:1d:12:58:9b:e0:28:ca:d1:c0:
2e:03:d9:63:95:43:00:3b:89:61:be:6e:fd:26:3b:
e1:8e:35:ba:ee:66:3e:90:4c:03:7d:1e:5e:a6:04:
c6:b1:92:4f:b0:5f:3e:09:ba:77:a6:91:7a:34:eb:
ec:68:17:76:59:4e:a3:69:ff:94:59:d5:a6:44:9c:
71:3a:6a:8e:9a:b7:df:a8:63:ac:c7:f5:ce:59:d0:
9a:bf:4d:57:3a:97:95:43:56:1d:9e:75:c0:26:62:
72:2e:2e:6a:ca:29:af:ad:5e:83:5c:41:f6:ec:12:
2f:4c:b9:c6:86:21:ed:8a:fa:49:ab:c1:8c:1c:d4:
1e:fb:8d:ec:ac:c9:c2:d9:4e:1f:3f:9c:03:48:ce:
08:6a:63:ad:17:a3:b4:d5:b5:29:dd:09:51:91:7b:
61:40:79:dc:a4:bc:28:ac:9d:be:7a:4c:da:fc:2f:
d6:b3:c4:1e:68:e1:5a:7e:d4:ed:a3:30:bd:d9:94:
cd:ef:de:c6:d9:9b:c7:8d:7d:2e:98:f2:89:7c:40:
10:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:BB:9B:74:F4:32:FD:32:84:D0:F8:3B:22:94:63:35:F6:A0:A1:EC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FrubdPQy_TKE0Pg7IpRjNfagoew.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
68:7f:b4:f3:30:1b:c9:e7:09:ec:84:85:6b:fd:8a:fe:93:12:
99:05:dd:a5:70:17:86:6d:58:c6:21:be:24:85:fe:c9:b3:aa:
c9:28:eb:58:be:86:76:1a:cf:cf:c0:b4:20:89:5a:5b:26:e1:
d3:ae:f1:e8:a3:2c:5c:e4:31:d1:8e:f5:cb:db:b7:8a:2e:bc:
66:2a:37:72:e8:69:21:a4:2c:af:14:61:b2:66:f0:9e:9e:24:
0e:98:dc:c0:ab:3c:c6:88:e5:81:a1:6b:8f:7f:0c:e2:2d:7e:
d7:2a:56:31:cd:30:51:24:8c:6d:c2:09:b7:2d:9b:6c:51:ab:
86:29:b8:a0:24:cf:de:bb:ad:87:6d:dd:6a:ab:36:ed:93:41:
aa:35:46:96:9c:9b:70:84:10:a0:4a:65:5b:ef:b7:a2:05:ec:
62:2f:0f:f8:09:6e:06:18:94:df:16:94:e7:15:6b:b8:6a:d3:
37:0f:0e:9e:ca:70:34:77:0e:83:4c:4f:a1:e9:37:a6:59:10:
71:a9:be:ee:21:a2:7a:00:f6:be:d9:37:f6:2b:42:59:09:09:
92:d8:48:e5:05:ca:c0:6b:e2:5a:96:45:d6:54:e6:7c:d1:8c:
23:ed:98:2a:4f:d4:a5:ac:85:38:21:d2:25:e2:22:d8:f2:92:
9a:70:5c:62
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPcUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAy
MjUyNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE2QkI5Qjc0RjQzMkZE
MzI4NEQwRjgzQjIyOTQ2MzM1RjZBMEExRUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD1JXMTG6XS+d6k95qx+A1j00CeLGpHnDB6MZ5dG8rUm2gNrdSP
lcSY4tSWD092vQcM6x0SWJvgKMrRwC4D2WOVQwA7iWG+bv0mO+GONbruZj6QTAN9
Hl6mBMaxkk+wXz4JunemkXo06+xoF3ZZTqNp/5RZ1aZEnHE6ao6at9+oY6zH9c5Z
0Jq/TVc6l5VDVh2edcAmYnIuLmrKKa+tXoNcQfbsEi9MucaGIe2K+kmrwYwc1B77
jeysycLZTh8/nANIzghqY60Xo7TVtSndCVGRe2FAedykvCisnb56TNr8L9azxB5o
4Vp+1O2jML3ZlM3v3sbZm8eNfS6Y8ol8QBD7AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUFrubdPQy/TKE0Pg7IpRjNfagoewwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ZydWJkUFF5X1RLRTBQ
ZzdJcFJqTmZhZ29ldy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGh/tPMwG8nnCeyE
hWv9iv6TEpkF3aVwF4ZtWMYhviSF/smzqsko61i+hnYaz8/AtCCJWlsm4dOu8eij
LFzkMdGO9cvbt4ouvGYqN3LoaSGkLK8UYbJm8J6eJA6Y3MCrPMaI5YGha49/DOIt
ftcqVjHNMFEkjG3CCbctm2xRq4YpuKAkz967rYdt3WqrNu2TQao1Rpacm3CEEKBK
ZVvvt6IF7GIvD/gJbgYYlN8WlOcVa7hq0zcPDp7KcDR3DoNMT6HpN6ZZEHGpvu4h
onoA9r7ZN/YrQlkJCZLYSOUFysBr4lqWRdZU5nzRjCPtmCpP1KWshTgh0iXiItjy
kppwXGI=
-----END CERTIFICATE-----
Generated at Thu Apr 11 07:01:24 2024 by rpki-client on console.sobornost.net