Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NLrs15TBM_irxo0kmUQPQmgIYSM.roa
File: NLrs15TBM_irxo0kmUQPQmgIYSM.roa (raw, json)
Hash identifier: dB3pI3Q8KkhM18+jBMcVanOMvA8h1AwfRBAgDDmPVtM=
Subject key identifier: 34:BA:EC:D7:94:C1:33:F8:AB:C6:8D:24:99:44:0F:42:68:08:61:23
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3545
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NLrs15TBM_irxo0kmUQPQmgIYSM.roa
Signing time: Sat 30 Mar 2024 14:52:08 +0000
ROA not before: Sat 30 Mar 2024 14:52:08 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13637 (0x3545)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 14:52:08 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=34BAECD794C133F8ABC68D2499440F4268086123
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:4d:dc:ce:8b:f9:28:ce:b0:23:e6:5c:d4:b3:
6e:81:c5:6b:8e:3c:9e:8d:e9:ad:d9:e9:61:61:f8:
d0:07:43:ca:0d:ec:88:18:fe:74:cc:20:d2:30:40:
ad:03:5f:c2:8d:20:87:5f:37:c8:ac:87:83:ab:ce:
ad:f0:ca:80:9a:33:dd:1b:a9:19:3a:f6:29:95:e7:
d8:db:22:9f:42:3d:6a:5c:46:9d:b9:b7:ed:0d:97:
e7:af:80:bd:52:cb:a5:b5:f1:12:20:3d:9c:ae:33:
5a:73:d5:d1:72:46:15:a0:e9:e0:74:c4:d1:cc:0f:
c1:c9:d7:5d:fd:42:1d:d8:40:24:25:20:4e:1c:bf:
d0:f1:b8:9f:72:a3:de:b4:c5:eb:c2:42:8e:53:e5:
8e:dc:67:63:13:7b:78:e7:ea:6a:2c:1b:2a:3a:58:
ad:03:7b:83:eb:de:a2:68:95:08:08:39:06:98:3d:
37:f9:f2:00:de:d9:f5:32:18:20:30:44:dd:37:f0:
4e:e9:45:3a:2b:21:97:f4:2c:9c:97:20:1e:04:98:
66:a5:a2:1e:16:0f:02:e0:2c:7e:7b:4c:4f:2c:13:
74:42:6b:1a:7a:ef:1d:64:19:cd:c8:45:9d:c9:bb:
49:76:42:97:41:f0:05:cb:77:66:8a:bd:b6:35:e4:
22:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:BA:EC:D7:94:C1:33:F8:AB:C6:8D:24:99:44:0F:42:68:08:61:23
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NLrs15TBM_irxo0kmUQPQmgIYSM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
79:26:d1:ac:d6:26:c8:41:95:3b:c5:62:03:ee:a1:0c:fa:1f:
d7:88:20:79:47:ba:24:47:3d:2c:44:fb:0f:7a:35:30:da:b1:
1b:54:7c:ff:61:3f:6b:9f:f8:08:2f:ce:75:a9:17:5b:05:f3:
d8:bd:0c:e0:0c:69:b5:07:cb:51:a3:37:4f:4a:dc:ba:d1:30:
59:36:1a:9c:f4:7d:4a:7e:30:2b:3b:93:2a:87:46:7f:cc:db:
8e:97:05:1b:74:8a:bf:f6:5a:66:59:95:61:30:5d:b1:fa:5c:
d5:c2:2a:70:3d:bb:22:ff:47:13:b0:d0:29:2b:11:b5:70:a6:
30:0c:27:bd:14:9a:e5:25:7d:6d:95:96:5b:b1:05:55:13:4d:
ac:6c:ff:3a:0f:87:2f:e3:13:f2:87:57:10:1a:ab:32:2b:22:
a1:d3:be:30:9c:7e:be:02:7d:49:40:11:49:59:ae:c9:7d:e6:
8b:7d:67:66:cf:57:8d:ab:fb:54:07:b6:c3:6b:62:23:79:77:
59:4a:4c:83:b5:2e:8d:86:7b:6e:87:36:9a:fc:aa:82:63:20:
51:4f:bf:6e:c1:10:59:46:df:f1:50:03:da:a8:3a:f0:3d:48:
c1:01:e4:d6:16:79:ae:4f:b7:36:0c:08:d8:8f:13:23:b2:47:
4e:09:e0:a4
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNUUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAx
NDUyMDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM0QkFFQ0Q3OTRDMTMz
RjhBQkM2OEQyNDk5NDQwRjQyNjgwODYxMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClTdzOi/kozrAj5lzUs26BxWuOPJ6N6a3Z6WFh+NAHQ8oN7IgY
/nTMINIwQK0DX8KNIIdfN8ish4Orzq3wyoCaM90bqRk69imV59jbIp9CPWpcRp25
t+0Nl+evgL1Sy6W18RIgPZyuM1pz1dFyRhWg6eB0xNHMD8HJ1139Qh3YQCQlIE4c
v9DxuJ9yo960xevCQo5T5Y7cZ2MTe3jn6mosGyo6WK0De4Pr3qJolQgIOQaYPTf5
8gDe2fUyGCAwRN038E7pRTorIZf0LJyXIB4EmGaloh4WDwLgLH57TE8sE3RCaxp6
7x1kGc3IRZ3Ju0l2QpdB8AXLd2aKvbY15CI9AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUNLrs15TBM/irxo0kmUQPQmgIYSMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05McnMxNVRCTV9pcnhv
MGttVVFQUW1nSVlTTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHkm0azWJshBlTvF
YgPuoQz6H9eIIHlHuiRHPSxE+w96NTDasRtUfP9hP2uf+AgvznWpF1sF89i9DOAM
abUHy1GjN09K3LrRMFk2Gpz0fUp+MCs7kyqHRn/M246XBRt0ir/2WmZZlWEwXbH6
XNXCKnA9uyL/RxOw0CkrEbVwpjAMJ70UmuUlfW2VlluxBVUTTaxs/zoPhy/jE/KH
VxAaqzIrIqHTvjCcfr4CfUlAEUlZrsl95ot9Z2bPV42r+1QHtsNrYiN5d1lKTIO1
Lo2Ge26HNpr8qoJjIFFPv27BEFlG3/FQA9qoOvA9SMEB5NYWea5PtzYMCNiPEyOy
R04J4KQ=
-----END CERTIFICATE-----
Generated at Sat Mar 30 18:21:33 2024 by rpki-client on console.sobornost.net