Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PpErUbgmiGsUW0AvaZa0295wpXs.roa
File: PpErUbgmiGsUW0AvaZa0295wpXs.roa (raw, json)
Hash identifier: joMlkx0W/cdnnu27pc31CbY9ccBmlSkrIy33dd4sE1E=
Subject key identifier: 3E:91:2B:51:B8:26:88:6B:14:5B:40:2F:69:96:B4:DB:DE:70:A5:7B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4261
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PpErUbgmiGsUW0AvaZa0295wpXs.roa
Signing time: Wed 17 Apr 2024 02:23:25 +0000
ROA not before: Wed 17 Apr 2024 02:23:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16993 (0x4261)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 02:23:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3E912B51B826886B145B402F6996B4DBDE70A57B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:a6:d3:84:be:7d:13:94:df:31:a4:75:68:ab:
6c:ee:4f:40:b3:3f:60:85:b5:f8:a4:f7:5d:d3:ef:
40:b0:5d:2c:28:af:e8:4b:9c:d5:28:27:8b:65:8f:
c8:83:42:97:24:78:95:16:01:3e:d2:54:7e:af:d9:
a3:7a:35:3c:eb:72:db:ab:f0:98:ca:7b:98:87:0f:
31:d0:f5:be:d9:a0:82:ad:74:a8:dc:66:18:0f:8f:
05:6d:37:00:35:4d:45:c8:5f:77:2a:60:94:52:9b:
07:ed:cb:50:3a:7e:83:ad:77:d1:8c:60:75:5b:50:
d6:b0:82:d3:47:fe:66:8d:0a:2f:71:0f:85:a4:d2:
bf:e4:a3:1f:e5:a7:64:db:20:dd:3d:d7:e5:ea:d1:
f1:0b:19:f0:9c:2c:9a:c5:34:fe:37:d2:c3:3c:65:
43:6c:74:97:d3:51:78:b7:b5:d1:1e:86:de:86:a0:
dc:86:b3:16:30:4c:46:c7:6c:20:3f:77:1d:28:2e:
e0:e4:cf:4e:ae:e8:c1:78:14:4d:1c:f5:47:ad:fc:
ca:39:f5:64:ab:cf:59:c1:d7:49:4e:32:a8:f8:b8:
87:99:b3:ea:52:5c:dc:1b:5b:ad:cf:c0:46:e3:4f:
a8:8f:63:e0:20:21:3c:4b:cf:f9:d3:15:f3:2d:d4:
87:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:91:2B:51:B8:26:88:6B:14:5B:40:2F:69:96:B4:DB:DE:70:A5:7B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PpErUbgmiGsUW0AvaZa0295wpXs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
6b:6f:f3:d3:58:a4:13:6c:e0:14:ac:11:29:f4:7c:97:db:8f:
ee:26:a0:27:ed:16:80:1a:7b:d5:1f:fd:f7:be:6e:14:91:ff:
02:8b:d6:7c:a4:b5:69:72:04:6c:4c:19:e1:4d:6e:da:81:92:
7a:b8:59:5c:0e:87:c6:ff:cb:99:b8:8d:8c:f2:22:0a:00:56:
b8:a0:1a:8e:5f:34:81:95:b6:ca:6e:e3:3f:d1:21:cc:22:db:
9c:c7:c0:32:03:60:93:84:5a:24:04:57:35:b9:49:10:83:17:
e7:ba:43:5e:e5:3b:c8:58:f4:5a:db:c9:dd:a9:34:e2:10:ab:
66:05:2f:e7:68:64:86:f0:9a:b1:50:3f:16:9d:74:35:b4:8c:
a8:59:10:79:4b:39:85:43:89:aa:5a:99:63:69:6d:e7:68:8d:
3a:ec:62:d4:1c:17:1c:00:f5:b7:84:8a:e8:2b:a8:29:ab:12:
4c:a6:e3:09:ca:1e:cb:e9:70:56:18:a7:3e:40:46:0a:65:f3:
a7:76:d1:65:5c:58:ab:79:a9:f3:50:7d:60:69:de:5f:e4:b6:
b1:5f:5f:17:e4:32:46:14:04:af:26:b6:a4:fa:df:bc:d7:30:
8c:7f:52:d5:5b:5d:fd:af:12:11:15:ab:6a:02:4b:67:bd:cf:
de:9d:7f:79
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQmEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcw
MjIzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNFOTEyQjUxQjgyNjg4
NkIxNDVCNDAyRjY5OTZCNERCREU3MEE1N0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9ptOEvn0TlN8xpHVoq2zuT0CzP2CFtfik913T70CwXSwor+hL
nNUoJ4tlj8iDQpckeJUWAT7SVH6v2aN6NTzrctur8JjKe5iHDzHQ9b7ZoIKtdKjc
ZhgPjwVtNwA1TUXIX3cqYJRSmwfty1A6foOtd9GMYHVbUNawgtNH/maNCi9xD4Wk
0r/kox/lp2TbIN091+Xq0fELGfCcLJrFNP430sM8ZUNsdJfTUXi3tdEeht6GoNyG
sxYwTEbHbCA/dx0oLuDkz06u6MF4FE0c9Uet/Mo59WSrz1nB10lOMqj4uIeZs+pS
XNwbW63PwEbjT6iPY+AgITxLz/nTFfMt1IcDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUPpErUbgmiGsUW0AvaZa0295wpXswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BwRXJVYmdtaUdzVVcw
QXZhWmEwMjk1d3BYcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGtv89NYpBNs4BSs
ESn0fJfbj+4moCftFoAae9Uf/fe+bhSR/wKL1nyktWlyBGxMGeFNbtqBknq4WVwO
h8b/y5m4jYzyIgoAVrigGo5fNIGVtspu4z/RIcwi25zHwDIDYJOEWiQEVzW5SRCD
F+e6Q17lO8hY9Frbyd2pNOIQq2YFL+doZIbwmrFQPxaddDW0jKhZEHlLOYVDiapa
mWNpbedojTrsYtQcFxwA9beEiugrqCmrEkym4wnKHsvpcFYYpz5ARgpl86d20WVc
WKt5qfNQfWBp3l/ktrFfXxfkMkYUBK8mtqT637zXMIx/UtVbXf2vEhEVq2oCS2e9
z96df3k=
-----END CERTIFICATE-----
Generated at Wed Apr 17 08:40:33 2024 by rpki-client on console.sobornost.net