Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PNFH1mbQs9zUT1J3u8vikFQB42k.roa
File: PNFH1mbQs9zUT1J3u8vikFQB42k.roa (raw, json)
Hash identifier: Xd79jXt7xWytXBBS7NpQ6bCt//pIzd7RcATo9hjPC+4=
Subject key identifier: 3C:D1:47:D6:66:D0:B3:DC:D4:4F:52:77:BB:CB:E2:90:54:01:E3:69
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5345
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PNFH1mbQs9zUT1J3u8vikFQB42k.roa
Signing time: Thu 09 May 2024 14:53:57 +0000
ROA not before: Thu 09 May 2024 14:53:57 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21317 (0x5345)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 14:53:57 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3CD147D666D0B3DCD44F5277BBCBE2905401E369
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:2d:78:41:86:84:7f:03:e7:71:36:ec:65:ef:
f6:c6:81:aa:f3:84:8b:3a:01:98:18:f8:3b:0e:39:
3c:70:65:b8:a7:1d:89:db:03:48:9b:cc:8b:95:c9:
4a:a3:dc:bb:57:ed:72:5e:4c:a1:5f:ef:90:7c:57:
20:e6:a2:f0:ba:57:c4:fe:be:72:b5:94:48:f6:70:
54:e7:7d:ef:9a:4c:0a:3b:06:0a:7d:21:9a:1f:ba:
93:2c:30:f4:ec:dd:63:d7:34:0e:33:ca:7b:99:1e:
ef:c3:5a:15:ce:06:38:52:1a:35:83:78:9f:80:a2:
8b:75:b5:19:cc:7d:53:47:98:0c:d9:42:0a:d4:f2:
e5:9d:0e:2f:55:34:22:a4:cd:ec:77:74:2c:66:67:
33:94:be:04:11:b9:35:8a:d0:6f:44:c4:e5:26:e2:
ca:2f:2b:8c:58:5b:65:8e:e1:53:8d:89:62:ae:ad:
47:36:8c:b9:94:0c:39:37:e5:8e:b6:ef:c1:16:b9:
53:5e:84:49:28:18:91:b4:6f:77:49:7f:fa:e1:57:
a0:81:ce:c7:8b:9f:05:54:fb:9d:33:31:59:92:a7:
bf:2b:bb:31:22:89:51:90:f2:65:a0:33:01:43:a3:
a2:fe:ac:7a:61:42:e3:cb:02:e2:a2:3a:43:f0:e4:
3d:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:D1:47:D6:66:D0:B3:DC:D4:4F:52:77:BB:CB:E2:90:54:01:E3:69
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PNFH1mbQs9zUT1J3u8vikFQB42k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
16:b4:0a:0b:38:aa:b6:c2:90:78:4f:64:b0:b4:1d:6b:ee:8f:
af:72:95:64:cf:4d:55:c8:65:43:7a:fb:b2:19:a0:5a:fb:c5:
35:27:01:15:0a:66:2e:0e:40:0d:2c:a2:8a:45:e2:56:e0:4a:
f8:e2:54:7f:8f:6a:0b:08:90:44:78:eb:2b:e0:89:52:78:dc:
b5:69:0c:40:aa:1c:64:e8:31:34:e5:ab:89:b0:7e:8e:58:e1:
a8:cf:18:82:f5:eb:58:ca:b0:3a:b9:36:d1:f3:24:db:3f:4d:
05:49:df:77:6b:ad:65:7c:9a:cf:20:83:70:70:0d:d3:27:fd:
a5:71:7b:2d:ff:03:a0:91:f6:23:38:de:0e:ca:ec:bf:a9:63:
8c:3e:70:26:69:d8:f7:8c:c5:32:d9:9e:e6:0b:73:c4:e7:68:
f0:66:29:de:e6:a6:e3:23:03:4e:52:4e:b6:de:15:47:7f:9f:
50:29:4b:6d:68:18:33:1c:76:60:c1:1e:69:f5:31:7e:1a:7b:
82:f4:7a:1a:85:11:14:79:b3:10:d2:64:6e:b7:f0:2b:e8:7e:
d3:d7:62:3a:1c:a5:c0:a7:d6:8b:b8:a9:df:56:1c:af:f9:ab:
39:0a:a8:af:ac:65:36:26:a0:49:cf:11:ce:63:8d:4c:c2:fc:
f1:8f:20:8e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICU0UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDkx
NDUzNTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNDRDE0N0Q2NjZEMEIz
RENENDRGNTI3N0JCQ0JFMjkwNTQwMUUzNjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrLXhBhoR/A+dxNuxl7/bGgarzhIs6AZgY+DsOOTxwZbinHYnb
A0ibzIuVyUqj3LtX7XJeTKFf75B8VyDmovC6V8T+vnK1lEj2cFTnfe+aTAo7Bgp9
IZofupMsMPTs3WPXNA4zynuZHu/DWhXOBjhSGjWDeJ+Aoot1tRnMfVNHmAzZQgrU
8uWdDi9VNCKkzex3dCxmZzOUvgQRuTWK0G9ExOUm4sovK4xYW2WO4VONiWKurUc2
jLmUDDk35Y6278EWuVNehEkoGJG0b3dJf/rhV6CBzseLnwVU+50zMVmSp78ruzEi
iVGQ8mWgMwFDo6L+rHphQuPLAuKiOkPw5D2zAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUPNFH1mbQs9zUT1J3u8vikFQB42kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BORkgxbWJRczl6VVQx
SjN1OHZpa0ZRQjQyay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABa0Cgs4qrbCkHhP
ZLC0HWvuj69ylWTPTVXIZUN6+7IZoFr7xTUnARUKZi4OQA0soopF4lbgSvjiVH+P
agsIkER46yvgiVJ43LVpDECqHGToMTTlq4mwfo5Y4ajPGIL161jKsDq5NtHzJNs/
TQVJ33drrWV8ms8gg3BwDdMn/aVxey3/A6CR9iM43g7K7L+pY4w+cCZp2PeMxTLZ
nuYLc8TnaPBmKd7mpuMjA05STrbeFUd/n1ApS21oGDMcdmDBHmn1MX4ae4L0ehqF
ERR5sxDSZG638CvoftPXYjocpcCn1ou4qd9WHK/5qzkKqK+sZTYmoEnPEc5jjUzC
/PGPII4=
-----END CERTIFICATE-----
Generated at Thu May 9 21:56:18 2024 by rpki-client on console.sobornost.net