Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NYTNlBeIyLdv_bctfHcUYJKshTg.roa
File: NYTNlBeIyLdv_bctfHcUYJKshTg.roa (raw, json)
Hash identifier: BDZMvhR8Plo7pDFMgZJDSGopS7Phr05jk4gxb0mgQWE=
Subject key identifier: 35:84:CD:94:17:88:C8:B7:6F:FD:B7:2D:7C:77:14:60:92:AC:85:38
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4085
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NYTNlBeIyLdv_bctfHcUYJKshTg.roa
Signing time: Sun 14 Apr 2024 14:53:00 +0000
ROA not before: Sun 14 Apr 2024 14:53:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16517 (0x4085)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 14:53:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3584CD941788C8B76FFDB72D7C77146092AC8538
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:2b:ee:8f:ba:35:9a:fc:0f:5d:fc:8c:5c:f1:
89:aa:3b:2d:5b:ce:2a:58:e3:45:8b:58:3b:92:21:
8d:07:19:8f:1f:6f:c3:6e:ae:0a:6b:b3:54:2b:f8:
d4:92:e8:8e:2b:0e:a7:b4:e4:fc:0a:be:b4:5f:19:
70:ec:60:e5:6b:6f:1e:a4:e8:f1:67:ea:cb:8f:d2:
e6:88:f9:4f:88:f0:ac:ef:1a:00:8b:76:bb:9f:91:
95:37:7d:23:67:f5:fe:93:76:ac:79:6c:39:08:ac:
05:f0:77:21:a5:98:73:58:51:1a:ae:25:f7:17:2e:
d3:75:32:d8:d4:9f:2f:af:7c:67:2e:0a:97:f9:b9:
4f:9b:4f:49:02:a2:ba:f0:d8:73:f3:d7:58:c2:b0:
4a:6a:f7:fb:77:fa:12:52:13:a9:81:c4:90:81:18:
ec:10:53:9d:81:5d:33:f7:0f:98:13:fb:77:d5:87:
77:5d:ab:27:26:f4:f9:68:1e:9f:32:47:5d:71:0d:
81:2f:26:2b:81:88:ff:ae:06:43:41:eb:0f:c6:d1:
a9:74:cf:80:be:a1:e8:70:4f:6d:72:a5:3f:7c:ca:
ed:7f:0b:27:07:20:98:d0:d5:aa:08:1b:73:44:ad:
8f:5d:97:5b:5b:2e:9c:de:1c:bb:79:c4:b2:3c:dd:
4f:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:84:CD:94:17:88:C8:B7:6F:FD:B7:2D:7C:77:14:60:92:AC:85:38
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NYTNlBeIyLdv_bctfHcUYJKshTg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b3:02:a3:0a:c1:54:8f:f6:64:7f:24:ba:63:c3:7f:d8:db:86:
9d:59:df:be:38:bc:61:fc:91:f8:ee:44:b5:40:be:6e:49:f5:
8c:27:18:96:f8:b4:a6:9b:47:0a:19:fc:97:8d:55:aa:4c:b7:
31:a0:b3:6c:1a:9a:b2:e0:fb:fe:be:06:28:1d:b3:da:d5:13:
52:78:de:b0:78:8a:f4:fc:d5:ba:61:fd:15:aa:2e:fb:c5:cd:
9f:09:87:6b:50:d6:2f:10:53:b3:61:5b:4f:f5:8f:bc:6d:6b:
23:7c:99:37:4f:d5:8c:a9:36:2b:aa:da:13:da:4a:0c:1a:09:
a5:52:99:30:c1:01:90:6b:5f:fb:c0:d0:56:69:a3:8d:44:bc:
2c:03:15:09:69:cd:98:30:cb:22:98:15:04:b3:f9:ec:07:b0:
f4:c0:05:32:55:13:c5:a6:22:79:1a:b9:e1:60:f8:d9:74:b0:
82:a9:3a:d0:75:7b:5c:92:c1:2e:e9:fa:fa:47:f4:a2:f6:e1:
0e:f2:a1:05:49:71:39:85:4b:1a:48:99:08:94:b2:3e:dd:65:
09:67:f2:58:b9:7a:74:70:9e:87:5e:15:42:2c:38:c5:52:ff:
85:75:b9:fb:c3:f0:b6:70:86:95:bb:11:8c:5d:b9:f9:63:89:
b8:87:f0:1b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQIUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQx
NDUzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM1ODRDRDk0MTc4OEM4
Qjc2RkZEQjcyRDdDNzcxNDYwOTJBQzg1MzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzK+6PujWa/A9d/Ixc8YmqOy1bzipY40WLWDuSIY0HGY8fb8Nu
rgprs1Qr+NSS6I4rDqe05PwKvrRfGXDsYOVrbx6k6PFn6suP0uaI+U+I8KzvGgCL
drufkZU3fSNn9f6Tdqx5bDkIrAXwdyGlmHNYURquJfcXLtN1MtjUny+vfGcuCpf5
uU+bT0kCorrw2HPz11jCsEpq9/t3+hJSE6mBxJCBGOwQU52BXTP3D5gT+3fVh3dd
qycm9PloHp8yR11xDYEvJiuBiP+uBkNB6w/G0al0z4C+oehwT21ypT98yu1/CycH
IJjQ1aoIG3NErY9dl1tbLpzeHLt5xLI83U8vAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUNYTNlBeIyLdv/bctfHcUYJKshTgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05ZVE5sQmVJeUxkdl9i
Y3RmSGNVWUpLc2hUZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALMCowrBVI/2ZH8k
umPDf9jbhp1Z3744vGH8kfjuRLVAvm5J9YwnGJb4tKabRwoZ/JeNVapMtzGgs2wa
mrLg+/6+Bigds9rVE1J43rB4ivT81bph/RWqLvvFzZ8Jh2tQ1i8QU7NhW0/1j7xt
ayN8mTdP1YypNiuq2hPaSgwaCaVSmTDBAZBrX/vA0FZpo41EvCwDFQlpzZgwyyKY
FQSz+ewHsPTABTJVE8WmInkaueFg+Nl0sIKpOtB1e1ySwS7p+vpH9KL24Q7yoQVJ
cTmFSxpImQiUsj7dZQln8li5enRwnodeFUIsOMVS/4V1ufvD8LZwhpW7EYxduflj
ibiH8Bs=
-----END CERTIFICATE-----
Generated at Sun Apr 14 18:59:53 2024 by rpki-client on console.sobornost.net