Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/K9fNyoa-jbeHPvW_ARKYJEIXnko.roa
File: K9fNyoa-jbeHPvW_ARKYJEIXnko.roa (raw, json)
Hash identifier: FisTQdLIR/N4x8H5M8Yw19tWAFk8jZS/uW2iazVJiyk=
Subject key identifier: 2B:D7:CD:CA:86:BE:8D:B7:87:3E:F5:BF:01:12:98:24:42:17:9E:4A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4581
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/K9fNyoa-jbeHPvW_ARKYJEIXnko.roa
Signing time: Sun 21 Apr 2024 06:23:05 +0000
ROA not before: Sun 21 Apr 2024 06:23:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17793 (0x4581)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 21 06:23:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2BD7CDCA86BE8DB7873EF5BF0112982442179E4A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:45:7f:ac:70:12:9b:c2:c6:7d:45:b2:f0:f5:
62:3b:7f:ac:a3:61:8f:0d:d5:76:8f:80:be:43:9c:
f1:70:50:bd:28:43:92:da:fa:34:e4:b5:13:49:75:
94:07:f0:99:5c:33:51:b1:8d:1d:69:95:b4:9e:0d:
e4:63:53:15:d7:66:e0:33:93:aa:a2:e1:c2:37:e5:
92:4f:6b:89:f8:06:71:31:6d:9c:98:13:c2:c2:1b:
02:64:f7:77:67:c1:e4:6c:dc:41:b8:e8:92:32:d7:
b8:6a:61:f7:58:06:5b:16:60:36:57:be:7d:0d:26:
73:67:30:84:10:e4:42:86:69:62:4d:03:79:0f:74:
3c:1d:07:a5:35:d3:5e:97:7f:5a:09:f0:9d:79:92:
33:7c:41:8a:ee:00:83:34:d0:94:4d:0c:dd:bf:04:
9f:4a:86:95:a2:37:50:9f:fb:8f:db:61:85:71:23:
f3:ee:3c:ad:ec:b4:2a:3d:6a:94:3c:6e:1c:78:40:
d4:29:05:94:fa:bf:a0:ff:52:7b:c9:7d:ab:ac:a8:
2e:3f:fd:91:f7:c4:ea:f5:ea:91:92:19:7d:db:dd:
63:8b:15:29:67:64:c0:32:be:a8:3e:9d:54:64:06:
28:fa:53:01:4e:81:14:58:4d:df:dc:7a:04:24:b5:
bd:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:D7:CD:CA:86:BE:8D:B7:87:3E:F5:BF:01:12:98:24:42:17:9E:4A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/K9fNyoa-jbeHPvW_ARKYJEIXnko.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
99:af:50:53:c2:cc:de:29:bd:75:b2:e1:25:80:10:b3:e1:2b:
ae:3a:a4:45:1d:cf:f7:9c:ea:50:46:e9:4c:93:31:a7:cc:e7:
fa:c7:65:ca:71:2c:c7:48:9d:f4:d6:25:b5:42:fa:ae:71:66:
5d:a6:0e:06:3b:63:77:d6:09:b7:de:26:ee:5d:6b:bb:49:79:
e5:05:ab:ed:61:2d:a4:b7:08:b5:9a:80:4c:6a:84:3b:3c:f3:
ac:97:e4:2f:41:40:2f:b1:32:f3:36:a8:62:1a:dc:07:20:d2:
69:3f:73:94:71:3c:5c:60:5d:93:fd:e5:f6:5f:e4:e6:7c:0d:
07:60:d0:b0:bc:00:08:5a:53:ef:ea:78:75:d6:3c:7f:3d:55:
d5:be:6e:6c:a2:07:94:cc:d1:e4:6c:06:0f:7c:19:9c:03:28:
3e:a1:94:ff:93:d6:c1:ee:48:9f:f4:26:16:9f:b3:94:bf:9c:
da:1e:db:93:3c:c7:60:22:bd:7d:23:4e:60:81:8d:c1:cb:de:
e6:50:cc:89:94:b7:f0:d3:8f:34:d0:dc:36:6f:5d:03:eb:cb:
e5:f6:4c:7e:e5:1e:0b:38:9d:ec:07:f0:86:69:b6:22:83:09:
a4:a1:ef:0a:70:c1:9f:51:90:0d:26:03:b7:44:c2:df:a0:19:
84:11:ca:49
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRYEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjEw
NjIzMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDJCRDdDRENBODZCRThE
Qjc4NzNFRjVCRjAxMTI5ODI0NDIxNzlFNEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeRX+scBKbwsZ9RbLw9WI7f6yjYY8N1XaPgL5DnPFwUL0oQ5La
+jTktRNJdZQH8JlcM1GxjR1plbSeDeRjUxXXZuAzk6qi4cI35ZJPa4n4BnExbZyY
E8LCGwJk93dnweRs3EG46JIy17hqYfdYBlsWYDZXvn0NJnNnMIQQ5EKGaWJNA3kP
dDwdB6U1016Xf1oJ8J15kjN8QYruAIM00JRNDN2/BJ9KhpWiN1Cf+4/bYYVxI/Pu
PK3stCo9apQ8bhx4QNQpBZT6v6D/UnvJfausqC4//ZH3xOr16pGSGX3b3WOLFSln
ZMAyvqg+nVRkBij6UwFOgRRYTd/cegQktb0zAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUK9fNyoa+jbeHPvW/ARKYJEIXnkowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0s5Zk55b2EtamJlSFB2
V19BUktZSkVJWG5rby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJmvUFPCzN4pvXWy
4SWAELPhK646pEUdz/ec6lBG6UyTMafM5/rHZcpxLMdInfTWJbVC+q5xZl2mDgY7
Y3fWCbfeJu5da7tJeeUFq+1hLaS3CLWagExqhDs886yX5C9BQC+xMvM2qGIa3Acg
0mk/c5RxPFxgXZP95fZf5OZ8DQdg0LC8AAhaU+/qeHXWPH89VdW+bmyiB5TM0eRs
Bg98GZwDKD6hlP+T1sHuSJ/0Jhafs5S/nNoe25M8x2AivX0jTmCBjcHL3uZQzImU
t/DTjzTQ3DZvXQPry+X2TH7lHgs4newH8IZptiKDCaSh7wpwwZ9RkA0mA7dEwt+g
GYQRykk=
-----END CERTIFICATE-----
Generated at Sun Apr 21 13:43:41 2024 by rpki-client on console.sobornost.net