Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GJ5tuVbCd3G1AaI3R5FN6FDZbNo.roa
File: GJ5tuVbCd3G1AaI3R5FN6FDZbNo.roa (raw, json)
Hash identifier: AmC/vIUVGdFHPTqo57Gzoes4IiuvAy0km+duqWjmSYo=
Subject key identifier: 18:9E:6D:B9:56:C2:77:71:B5:01:A2:37:47:91:4D:E8:50:D9:6C:DA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3D75
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GJ5tuVbCd3G1AaI3R5FN6FDZbNo.roa
Signing time: Wed 10 Apr 2024 12:52:40 +0000
ROA not before: Wed 10 Apr 2024 12:52:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15733 (0x3d75)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 12:52:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=189E6DB956C27771B501A23747914DE850D96CDA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:fd:4d:90:b9:9e:3b:84:1b:b0:de:86:fa:1d:
36:31:eb:a5:d7:ac:c7:c6:7c:1b:7d:5d:9d:38:cf:
b2:7f:b2:c3:c4:99:63:7f:33:72:a6:03:57:14:b8:
04:b3:01:26:1a:59:db:36:74:a7:12:03:a6:4e:6f:
ce:b3:01:7b:47:a5:52:54:65:c4:51:7b:b8:d2:ec:
39:de:1e:8a:a9:93:0e:9c:e8:87:bb:f4:0f:78:c1:
29:17:bf:2c:0e:ab:94:c4:12:f6:cc:bb:74:3d:b4:
c6:23:dc:b0:d6:0a:db:42:8b:24:9b:b8:75:d4:48:
30:5d:a3:3c:5e:92:18:9b:da:7b:05:a2:12:f8:31:
3d:9c:e5:a0:75:dc:c4:66:15:e8:63:cf:c2:b2:56:
e8:9e:7b:d8:d3:98:6a:15:34:23:24:87:77:b5:11:
6e:55:72:f5:07:6a:c1:b0:3c:f3:c8:f9:e3:36:20:
7e:f9:4c:98:45:f1:0b:7c:99:4e:4a:f8:64:17:41:
5e:20:1e:bb:d8:f9:80:6f:f7:ba:61:03:25:d5:c7:
00:c8:34:7b:b4:3c:49:fc:6e:ca:62:66:10:c2:e1:
82:d0:8d:8e:fd:d2:37:2a:14:24:8d:35:3c:63:2a:
a3:a1:87:b2:fb:9c:39:d2:ee:dc:ac:8f:f2:a4:5a:
6a:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:9E:6D:B9:56:C2:77:71:B5:01:A2:37:47:91:4D:E8:50:D9:6C:DA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GJ5tuVbCd3G1AaI3R5FN6FDZbNo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
39:09:b7:b7:5d:45:77:6f:f6:19:6f:aa:1a:e6:ec:64:bf:72:
ab:cb:24:c2:ee:d7:20:04:a7:32:fa:df:06:30:8c:92:bc:c2:
e2:c7:dd:60:66:bc:f3:86:22:3d:a2:bb:4f:8f:9f:ac:a6:2b:
f2:a7:a4:c0:2d:8e:43:d3:20:6f:d3:a6:1b:27:df:a3:de:70:
5b:02:ef:12:c0:b6:e5:12:16:ee:9a:3c:2d:94:13:45:0e:07:
99:58:01:f5:25:a5:b8:1a:c6:bd:b0:e8:2f:40:a4:60:43:a9:
56:40:f9:37:56:d8:e8:27:7b:58:4f:66:13:16:07:bf:35:e8:
b5:82:ae:51:b3:88:19:fb:c5:7f:b2:25:87:96:3a:52:ec:ab:
53:29:98:15:a9:4c:bb:67:7a:8f:e4:ad:58:92:1b:84:63:b0:
9e:2e:64:4e:e4:87:1f:4a:33:35:01:a0:16:e3:3a:cf:9c:00:
64:83:8a:31:e3:37:b2:19:3a:49:a2:0b:70:a8:ab:31:27:cb:
1d:55:80:62:bb:13:a7:47:e1:1b:cb:7c:93:c1:ab:8f:a8:37:
30:0b:94:ed:10:2b:fb:5b:4a:0f:0c:52:05:e2:3b:d6:45:41:
36:c7:df:48:eb:ab:a2:7d:47:c8:7e:8f:3d:07:40:6b:eb:42:
52:f3:2f:f1
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPXUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAx
MjUyNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE4OUU2REI5NTZDMjc3
NzFCNTAxQTIzNzQ3OTE0REU4NTBEOTZDREEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3/U2QuZ47hBuw3ob6HTYx66XXrMfGfBt9XZ04z7J/ssPEmWN/
M3KmA1cUuASzASYaWds2dKcSA6ZOb86zAXtHpVJUZcRRe7jS7DneHoqpkw6c6Ie7
9A94wSkXvywOq5TEEvbMu3Q9tMYj3LDWCttCiySbuHXUSDBdozxekhib2nsFohL4
MT2c5aB13MRmFehjz8KyVuiee9jTmGoVNCMkh3e1EW5VcvUHasGwPPPI+eM2IH75
TJhF8Qt8mU5K+GQXQV4gHrvY+YBv97phAyXVxwDINHu0PEn8bspiZhDC4YLQjY79
0jcqFCSNNTxjKqOhh7L7nDnS7tysj/KkWmpRAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUGJ5tuVbCd3G1AaI3R5FN6FDZbNowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dKNXR1VmJDZDNHMUFh
STNSNUZONkZEWmJOby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADkJt7ddRXdv9hlv
qhrm7GS/cqvLJMLu1yAEpzL63wYwjJK8wuLH3WBmvPOGIj2iu0+Pn6ymK/KnpMAt
jkPTIG/Tphsn36PecFsC7xLAtuUSFu6aPC2UE0UOB5lYAfUlpbgaxr2w6C9ApGBD
qVZA+TdW2Ogne1hPZhMWB7816LWCrlGziBn7xX+yJYeWOlLsq1MpmBWpTLtneo/k
rViSG4RjsJ4uZE7khx9KMzUBoBbjOs+cAGSDijHjN7IZOkmiC3CoqzEnyx1VgGK7
E6dH4RvLfJPBq4+oNzALlO0QK/tbSg8MUgXiO9ZFQTbH30jrq6J9R8h+jz0HQGvr
QlLzL/E=
-----END CERTIFICATE-----
Generated at Wed Apr 10 19:53:41 2024 by rpki-client on console.sobornost.net