Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Ge4ky82jweEz9rBdpoT43R5SG20.roa
File: Ge4ky82jweEz9rBdpoT43R5SG20.roa (raw, json)
Hash identifier: hq+o7XtYcfrMWQXld4YrSOLD2CZJM+9vicesfkFHWOg=
Subject key identifier: 19:EE:24:CB:CD:A3:C1:E1:33:F6:B0:5D:A6:84:F8:DD:1E:52:1B:6D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 40F9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ge4ky82jweEz9rBdpoT43R5SG20.roa
Signing time: Mon 15 Apr 2024 05:22:53 +0000
ROA not before: Mon 15 Apr 2024 05:22:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16633 (0x40f9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 05:22:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=19EE24CBCDA3C1E133F6B05DA684F8DD1E521B6D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:40:99:6c:2c:d8:f3:b9:1b:b3:1b:13:6a:c8:
ad:e6:70:b7:32:36:e9:1f:dd:f1:ee:88:ab:f5:54:
cc:5b:14:41:a2:c1:90:2f:03:75:bf:75:47:94:fe:
0f:99:84:52:b4:be:20:50:f1:62:8f:80:57:e8:3f:
92:25:94:2f:5c:6f:41:c1:01:35:ee:61:13:01:bd:
2c:af:fd:ba:d0:a7:a7:0c:26:4f:60:41:e9:3c:44:
84:9a:d6:5a:0f:81:fe:59:99:f3:1d:fd:a3:50:00:
84:71:14:2e:7e:c1:95:b0:8d:84:b2:0f:e1:1c:74:
47:3f:af:49:d4:53:23:17:bc:71:c3:3d:be:0a:f7:
43:8f:4c:3f:d6:78:fe:d6:9e:85:82:7d:14:74:dd:
3c:d6:24:47:dd:f5:ed:27:0c:c3:0e:3b:42:59:e0:
16:3f:54:8c:fd:95:82:8c:ca:50:ee:ea:27:48:51:
81:be:af:ed:12:26:92:b8:9a:db:ea:ad:17:58:ba:
82:33:21:44:41:79:81:9e:21:68:77:29:c1:82:9d:
d8:f3:93:03:1f:68:6e:7d:e4:a1:62:33:66:2a:98:
37:0b:44:a3:bf:85:e1:eb:68:6b:d8:37:81:32:4c:
55:6a:33:49:1e:f9:0f:d5:23:91:a5:b7:09:a9:fe:
8b:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:EE:24:CB:CD:A3:C1:E1:33:F6:B0:5D:A6:84:F8:DD:1E:52:1B:6D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ge4ky82jweEz9rBdpoT43R5SG20.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
88:d3:1c:c6:a9:62:5f:30:a4:d1:3a:f0:3b:36:46:c9:db:d1:
d1:2d:aa:da:20:fb:f3:f1:92:ed:5b:32:2d:04:c3:84:59:52:
e7:97:df:ab:a2:7b:3a:6d:aa:b4:06:35:30:78:21:b4:fc:67:
d3:4e:55:af:4e:d0:48:ee:cd:fd:c1:06:33:48:be:b0:fe:0e:
a8:a2:d0:9f:07:98:83:bb:2b:7f:99:47:19:de:15:51:cd:66:
d9:27:a5:27:7d:0c:08:96:f7:a5:bd:bf:38:18:1d:95:24:04:
1e:b2:ee:7b:d2:81:b9:4e:98:20:cc:1e:77:97:36:13:7e:a2:
a4:4d:c1:ee:fa:26:9e:8c:a2:42:5d:55:41:92:3a:64:1c:fb:
df:5f:21:26:13:f9:3e:81:96:3a:42:dc:3e:e6:8f:13:31:94:
30:44:75:87:2c:29:6a:f9:b0:d9:80:24:48:07:82:db:30:88:
82:93:bd:22:94:0b:3e:fa:8f:e2:69:9e:b8:b0:65:07:de:e7:
40:70:05:3a:21:65:5a:20:67:d9:91:9b:67:7a:9a:53:b0:65:
d2:0d:a6:f9:07:81:2c:26:8b:d3:ab:78:c0:29:c4:08:dd:ce:
3a:36:7c:3b:7e:07:b7:a8:11:30:2c:0b:e3:38:ae:7a:e2:5b:
e1:a8:10:93
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQPkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUw
NTIyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE5RUUyNENCQ0RBM0Mx
RTEzM0Y2QjA1REE2ODRGOEREMUU1MjFCNkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD1QJlsLNjzuRuzGxNqyK3mcLcyNukf3fHuiKv1VMxbFEGiwZAv
A3W/dUeU/g+ZhFK0viBQ8WKPgFfoP5IllC9cb0HBATXuYRMBvSyv/brQp6cMJk9g
Qek8RISa1loPgf5ZmfMd/aNQAIRxFC5+wZWwjYSyD+EcdEc/r0nUUyMXvHHDPb4K
90OPTD/WeP7WnoWCfRR03TzWJEfd9e0nDMMOO0JZ4BY/VIz9lYKMylDu6idIUYG+
r+0SJpK4mtvqrRdYuoIzIURBeYGeIWh3KcGCndjzkwMfaG595KFiM2YqmDcLRKO/
heHraGvYN4EyTFVqM0ke+Q/VI5Gltwmp/oubAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUGe4ky82jweEz9rBdpoT43R5SG20wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dlNGt5ODJqd2VFejly
QmRwb1Q0M1I1U0cyMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIjTHMapYl8wpNE6
8Ds2Rsnb0dEtqtog+/Pxku1bMi0Ew4RZUueX36uiezptqrQGNTB4IbT8Z9NOVa9O
0Ejuzf3BBjNIvrD+Dqii0J8HmIO7K3+ZRxneFVHNZtknpSd9DAiW96W9vzgYHZUk
BB6y7nvSgblOmCDMHneXNhN+oqRNwe76Jp6MokJdVUGSOmQc+99fISYT+T6BljpC
3D7mjxMxlDBEdYcsKWr5sNmAJEgHgtswiIKTvSKUCz76j+JpnriwZQfe50BwBToh
ZVogZ9mRm2d6mlOwZdINpvkHgSwmi9OreMApxAjdzjo2fDt+B7eoETAsC+M4rnri
W+GoEJM=
-----END CERTIFICATE-----
Generated at Mon Apr 15 11:57:30 2024 by rpki-client on console.sobornost.net