Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/HaPQKUj_972Hy9BDp5npsoh0JdM.roa
File: HaPQKUj_972Hy9BDp5npsoh0JdM.roa (raw, json)
Hash identifier: rbn0iYNskiHH+Q9yFiWD656WniNkI+JgC84ybMkr47g=
Subject key identifier: 1D:A3:D0:29:48:FF:F7:BD:87:CB:D0:43:A7:99:E9:B2:88:74:25:D3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C1D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HaPQKUj_972Hy9BDp5npsoh0JdM.roa
Signing time: Tue 30 Apr 2024 01:53:31 +0000
ROA not before: Tue 30 Apr 2024 01:53:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19485 (0x4c1d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 01:53:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1DA3D02948FFF7BD87CBD043A799E9B2887425D3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:0d:ab:0f:02:e1:e8:d7:aa:4b:91:d9:47:73:
2f:aa:c3:45:3a:d6:65:88:c9:7e:32:22:b9:84:02:
c0:e9:a5:dd:a6:1d:5f:7b:11:c0:8b:57:10:fc:57:
77:96:c7:ff:14:f5:e4:58:ba:13:e4:06:df:00:73:
7d:ab:6b:6e:9e:ac:85:1d:dd:2d:a8:ad:f5:ae:10:
60:07:54:97:4e:8b:c4:d9:22:8b:dc:ce:1f:cc:db:
04:ea:c8:97:eb:bb:79:80:7e:90:13:d9:4b:1e:fd:
55:50:39:c9:68:a6:9a:de:bb:95:4c:a5:60:8e:84:
31:35:5c:30:c5:c7:92:29:bb:8a:78:f7:0d:13:a5:
86:80:68:12:d6:4b:02:49:53:fb:79:50:37:c5:68:
91:3d:80:81:c0:a0:62:69:2a:5b:4a:10:68:d4:28:
75:60:49:02:68:78:9c:82:bc:af:db:1d:c7:e2:74:
b5:2a:08:e9:1f:cf:79:9c:fc:d7:0b:ca:c9:47:cd:
83:fc:f4:d8:8e:26:1e:6c:56:61:3f:fd:a0:ab:0b:
94:66:ee:35:d2:83:35:32:66:40:2a:f4:b5:27:04:
6b:d6:62:4d:0b:6b:9d:bc:cd:e3:eb:4b:9b:0e:6c:
d5:90:02:29:bd:ed:a2:5a:9c:3d:56:6d:53:66:08:
87:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:A3:D0:29:48:FF:F7:BD:87:CB:D0:43:A7:99:E9:B2:88:74:25:D3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HaPQKUj_972Hy9BDp5npsoh0JdM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
10:32:b9:7c:9d:a6:3f:78:9e:ec:f7:53:75:6e:ec:33:91:7f:
db:8c:2e:2c:bb:8d:e7:1f:98:99:72:fa:91:00:53:d7:1f:1a:
c3:fe:2d:09:60:e3:7a:eb:2a:63:0e:83:80:0e:df:d3:e5:4d:
32:4b:80:c8:95:01:9c:5e:5a:8d:86:1f:64:12:b1:d2:10:24:
c7:2c:51:1c:83:bc:f0:56:2b:68:ea:fd:81:f8:61:8c:c5:aa:
98:09:30:7e:a2:15:40:ec:71:87:00:c7:ce:ae:90:6f:3b:c5:
ad:15:18:2b:3b:6b:59:3b:61:56:98:49:13:79:9a:73:45:e6:
29:9d:86:43:39:d2:f5:94:b5:ee:93:61:d4:44:42:0d:83:dc:
aa:87:b9:a8:ff:b3:3b:08:0f:77:b4:ee:f0:4a:2e:14:9b:6b:
18:ae:9a:dc:2f:79:4c:6b:ba:bf:17:af:fd:1d:7d:9f:03:ad:
19:99:77:d3:d1:17:eb:24:2b:70:2f:13:c2:47:97:d1:27:14:
68:f7:1a:68:d6:65:64:dd:e7:d7:0c:dd:ae:c5:e9:ff:57:a3:
18:75:fd:95:83:35:36:6a:d3:db:3b:cf:a7:61:81:19:83:97:
8f:0e:b0:d2:b2:82:c9:1b:d8:de:8f:0c:d1:af:6b:65:24:cf:
8b:20:f8:18
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTB0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAw
MTUzMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFEQTNEMDI5NDhGRkY3
QkQ4N0NCRDA0M0E3OTlFOUIyODg3NDI1RDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChDasPAuHo16pLkdlHcy+qw0U61mWIyX4yIrmEAsDppd2mHV97
EcCLVxD8V3eWx/8U9eRYuhPkBt8Ac32ra26erIUd3S2orfWuEGAHVJdOi8TZIovc
zh/M2wTqyJfru3mAfpAT2Use/VVQOcloppreu5VMpWCOhDE1XDDFx5Ipu4p49w0T
pYaAaBLWSwJJU/t5UDfFaJE9gIHAoGJpKltKEGjUKHVgSQJoeJyCvK/bHcfidLUq
COkfz3mc/NcLyslHzYP89NiOJh5sVmE//aCrC5Rm7jXSgzUyZkAq9LUnBGvWYk0L
a528zePrS5sObNWQAim97aJanD1WbVNmCIfdAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUHaPQKUj/972Hy9BDp5npsoh0JdMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0hhUFFLVWpfOTcySHk5
QkRwNW5wc29oMEpkTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABAyuXydpj94nuz3
U3Vu7DORf9uMLiy7jecfmJly+pEAU9cfGsP+LQlg43rrKmMOg4AO39PlTTJLgMiV
AZxeWo2GH2QSsdIQJMcsURyDvPBWK2jq/YH4YYzFqpgJMH6iFUDscYcAx86ukG87
xa0VGCs7a1k7YVaYSRN5mnNF5imdhkM50vWUte6TYdREQg2D3KqHuaj/szsID3e0
7vBKLhSbaxiumtwveUxrur8Xr/0dfZ8DrRmZd9PRF+skK3AvE8JHl9EnFGj3GmjW
ZWTd59cM3a7F6f9Xoxh1/ZWDNTZq09s7z6dhgRmDl48OsNKygskb2N6PDNGva2Uk
z4sg+Bg=
-----END CERTIFICATE-----
Generated at Tue Apr 30 14:15:40 2024 by rpki-client on console.sobornost.net