Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PgcyX-cLuSgp9C4b6e5oyJ2wVAQ.roa
File: PgcyX-cLuSgp9C4b6e5oyJ2wVAQ.roa (raw, json)
Hash identifier: UzDNTK2i29QmAGEGMjjOGafAy/9zrW0eAStk0Ln0+b8=
Subject key identifier: 3E:07:32:5F:E7:0B:B9:28:29:F4:2E:1B:E9:EE:68:C8:9D:B0:54:04
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3485
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PgcyX-cLuSgp9C4b6e5oyJ2wVAQ.roa
Signing time: Fri 29 Mar 2024 14:52:10 +0000
ROA not before: Fri 29 Mar 2024 14:52:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13445 (0x3485)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 14:52:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3E07325FE70BB92829F42E1BE9EE68C89DB05404
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:e3:73:f1:3e:70:02:de:ff:a5:b0:65:41:30:
d7:d1:54:10:ec:60:35:63:f5:93:17:6d:0c:74:fd:
be:94:10:ed:5e:9c:65:38:c5:2e:ad:1d:39:de:3d:
20:02:05:49:4e:f8:43:f5:ee:ba:11:4f:0d:dd:93:
e1:a4:34:13:eb:49:4e:07:c0:a2:a2:d9:8b:72:09:
18:65:7f:e0:c3:2d:71:6e:b6:63:0e:8d:35:6b:51:
a8:02:50:5b:70:6a:f2:fb:b0:e3:2b:79:3e:0e:0e:
34:4f:72:16:8d:7d:93:ef:67:e3:82:11:5c:8c:c2:
a5:53:7c:29:b2:86:80:0c:cb:3e:92:fe:70:53:20:
23:84:99:c3:34:01:c3:e7:c5:9c:4e:1f:0d:4b:d2:
f5:ac:c2:89:ec:e3:d2:41:c6:4a:51:c2:4c:54:e9:
bf:58:7d:7c:45:19:ea:35:13:34:dd:29:fe:b4:3f:
d4:f9:cd:9e:cd:75:92:14:65:9e:79:cd:4a:8a:16:
c1:3d:35:73:a9:cd:e8:4e:f3:53:83:54:12:90:5b:
eb:ab:aa:15:01:12:c3:24:0d:2f:f1:52:2c:a3:be:
62:88:d5:53:ec:11:e9:86:3a:dd:27:b7:60:57:96:
64:e2:25:b1:5f:46:b8:c2:f1:20:10:55:74:0f:a0:
f2:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:07:32:5F:E7:0B:B9:28:29:F4:2E:1B:E9:EE:68:C8:9D:B0:54:04
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PgcyX-cLuSgp9C4b6e5oyJ2wVAQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b4:3b:1f:00:9a:4c:02:ac:40:30:58:62:8d:31:ad:5e:dc:46:
b0:50:12:5e:7a:2d:be:a5:a5:24:fd:7c:56:c8:14:07:58:31:
f9:0c:c4:8a:75:f7:ba:d8:b3:e0:71:f7:77:49:fe:73:8e:ed:
86:52:e0:23:70:47:a9:fa:89:f8:57:6d:c2:f3:ae:f6:2f:14:
55:ed:12:d6:1c:40:c1:d2:bf:fd:6d:d5:7e:f5:bb:6b:91:32:
8a:7e:bb:b5:9f:df:58:4d:13:b7:07:b2:d0:15:af:de:11:df:
e6:8e:af:d1:b3:ff:b4:92:2d:a6:93:72:7e:dc:5e:6e:e8:db:
d6:1b:6e:e8:d3:1c:6a:4a:c7:c4:b1:52:49:cf:1e:b7:df:21:
23:27:f4:ea:b3:5a:34:0c:64:85:a1:29:9e:ec:95:17:27:1b:
45:df:e4:69:d1:c7:67:ae:87:76:fd:67:af:71:57:d0:0c:52:
02:50:b6:1a:b8:35:3d:51:f8:07:7f:f3:c7:27:f8:ee:26:82:
d1:de:03:87:63:08:c9:96:1f:cf:dc:61:7b:36:f2:de:79:37:
d2:8d:a6:d7:50:1c:a3:ee:d0:74:50:0e:d8:95:a8:5e:52:67:
a2:0f:77:d8:43:89:2b:7c:1b:c3:fa:63:26:17:65:48:55:8d:
8f:e5:4f:e0
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNIUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkx
NDUyMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNFMDczMjVGRTcwQkI5
MjgyOUY0MkUxQkU5RUU2OEM4OURCMDU0MDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD343PxPnAC3v+lsGVBMNfRVBDsYDVj9ZMXbQx0/b6UEO1enGU4
xS6tHTnePSACBUlO+EP17roRTw3dk+GkNBPrSU4HwKKi2YtyCRhlf+DDLXFutmMO
jTVrUagCUFtwavL7sOMreT4ODjRPchaNfZPvZ+OCEVyMwqVTfCmyhoAMyz6S/nBT
ICOEmcM0AcPnxZxOHw1L0vWswons49JBxkpRwkxU6b9YfXxFGeo1EzTdKf60P9T5
zZ7NdZIUZZ55zUqKFsE9NXOpzehO81ODVBKQW+urqhUBEsMkDS/xUiyjvmKI1VPs
EemGOt0nt2BXlmTiJbFfRrjC8SAQVXQPoPIFAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUPgcyX+cLuSgp9C4b6e5oyJ2wVAQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BnY3lYLWNMdVNncDlD
NGI2ZTVveUoyd1ZBUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALQ7HwCaTAKsQDBY
Yo0xrV7cRrBQEl56Lb6lpST9fFbIFAdYMfkMxIp197rYs+Bx93dJ/nOO7YZS4CNw
R6n6ifhXbcLzrvYvFFXtEtYcQMHSv/1t1X71u2uRMop+u7Wf31hNE7cHstAVr94R
3+aOr9Gz/7SSLaaTcn7cXm7o29YbbujTHGpKx8SxUknPHrffISMn9OqzWjQMZIWh
KZ7slRcnG0Xf5GnRx2euh3b9Z69xV9AMUgJQthq4NT1R+Ad/88cn+O4mgtHeA4dj
CMmWH8/cYXs28t55N9KNptdQHKPu0HRQDtiVqF5SZ6IPd9hDiSt8G8P6YyYXZUhV
jY/lT+A=
-----END CERTIFICATE-----
Generated at Fri Mar 29 21:15:56 2024 by rpki-client on console.sobornost.net