Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Qu59KX35dafwNTP3Uz6hUFqtj_8.roa
File: Qu59KX35dafwNTP3Uz6hUFqtj_8.roa (raw, json)
Hash identifier: A/IL9gP3Ty2BJP09v/yWCcwyFr7aXEyRmlt2gs3VN90=
Subject key identifier: 42:EE:7D:29:7D:F9:75:A7:F0:35:33:F7:53:3E:A1:50:5A:AD:8F:FF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4ECD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Qu59KX35dafwNTP3Uz6hUFqtj_8.roa
Signing time: Fri 03 May 2024 15:53:46 +0000
ROA not before: Fri 03 May 2024 15:53:46 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20173 (0x4ecd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 15:53:46 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=42EE7D297DF975A7F03533F7533EA1505AAD8FFF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:42:3e:4e:40:08:de:85:1f:ee:d9:c9:0e:af:
a0:c4:b6:0b:32:90:f6:11:85:49:35:55:b3:89:ef:
22:0c:7f:ad:a7:18:48:ca:dc:00:79:a6:a2:3f:94:
1f:5d:f5:7f:ab:f0:dd:74:4b:d3:59:dc:3f:ea:f0:
d5:4c:96:44:69:bf:0e:43:6c:bd:f9:2b:a3:22:1c:
7e:dc:9f:9a:ae:58:7b:90:46:b9:6a:04:e4:34:63:
93:9f:d3:4f:d3:1d:90:13:58:6d:5d:80:8d:f2:96:
5b:c9:c2:3b:6e:40:3e:4e:5f:59:cf:ab:30:99:45:
56:b8:e0:14:8e:db:90:5a:d8:b6:18:c1:f0:e0:a2:
78:23:52:3b:da:55:54:2a:34:16:ac:45:b1:80:dc:
5b:8a:88:50:c9:4e:b8:ea:33:29:65:3d:23:b4:ce:
b0:96:45:10:6a:a8:75:a6:84:6c:58:7d:1a:30:27:
d5:af:98:05:3a:be:8c:31:93:fa:a0:6e:24:ec:d5:
ca:79:0a:c4:2a:62:40:ff:70:1d:22:d0:73:cc:19:
eb:db:db:10:54:63:a2:bc:9b:08:1c:fe:86:e6:48:
dd:88:53:ec:25:e7:6e:20:9b:44:85:3a:6a:76:4c:
f0:62:d0:c6:f6:fc:01:79:c9:40:d9:1c:eb:ab:0d:
57:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:EE:7D:29:7D:F9:75:A7:F0:35:33:F7:53:3E:A1:50:5A:AD:8F:FF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Qu59KX35dafwNTP3Uz6hUFqtj_8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
50:f1:3b:0e:82:d0:8d:e2:5f:20:e6:df:bf:df:8f:cf:42:9f:
55:1f:e5:95:16:3e:5b:86:7d:89:47:41:e9:64:17:f6:ae:5b:
dc:0b:b8:6e:8b:61:d8:19:d7:0c:62:84:27:d8:47:62:dd:f9:
b5:80:2f:7d:0f:b1:17:09:96:bb:03:20:6a:61:fc:bf:c9:72:
74:cd:25:d5:55:2a:18:7f:bd:a9:fa:bd:cb:5e:b1:03:08:72:
00:ec:1d:0e:91:ec:5d:c6:4b:81:f0:1b:83:69:e4:ec:88:9c:
18:7e:4e:1a:d7:95:69:f0:95:7a:90:c4:6c:41:63:80:42:4a:
80:c1:e5:e5:41:95:42:88:75:0c:b5:17:8d:50:b2:80:22:39:
32:be:98:97:b6:5e:cb:4f:59:5c:1b:b5:17:4a:a4:96:ab:8b:
76:dd:1f:81:51:73:88:aa:49:79:7d:97:80:43:6f:e2:0e:8f:
1b:ca:7d:36:a0:06:ed:da:63:ba:21:ad:32:e2:52:dd:0e:bf:
f2:c3:7c:f0:c6:f8:5b:9d:0d:02:6a:79:bb:9c:d3:25:25:b3:
ae:e4:a9:73:54:b8:59:6c:cb:56:cd:4f:f0:f8:7a:9d:e7:3d:
3b:33:99:09:a6:02:77:15:ca:87:1c:fb:6b:c6:c4:be:95:7b:
eb:9d:13:2e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTs0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMx
NTUzNDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQyRUU3RDI5N0RGOTc1
QTdGMDM1MzNGNzUzM0VBMTUwNUFBRDhGRkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCbQj5OQAjehR/u2ckOr6DEtgsykPYRhUk1VbOJ7yIMf62nGEjK
3AB5pqI/lB9d9X+r8N10S9NZ3D/q8NVMlkRpvw5DbL35K6MiHH7cn5quWHuQRrlq
BOQ0Y5Of00/THZATWG1dgI3yllvJwjtuQD5OX1nPqzCZRVa44BSO25Ba2LYYwfDg
ongjUjvaVVQqNBasRbGA3FuKiFDJTrjqMyllPSO0zrCWRRBqqHWmhGxYfRowJ9Wv
mAU6vowxk/qgbiTs1cp5CsQqYkD/cB0i0HPMGevb2xBUY6K8mwgc/obmSN2IU+wl
524gm0SFOmp2TPBi0Mb2/AF5yUDZHOurDVdRAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUQu59KX35dafwNTP3Uz6hUFqtj/8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1F1NTlLWDM1ZGFmd05U
UDNVejZoVUZxdGpfOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFDxOw6C0I3iXyDm
37/fj89Cn1Uf5ZUWPluGfYlHQelkF/auW9wLuG6LYdgZ1wxihCfYR2Ld+bWAL30P
sRcJlrsDIGph/L/JcnTNJdVVKhh/van6vctesQMIcgDsHQ6R7F3GS4HwG4Np5OyI
nBh+ThrXlWnwlXqQxGxBY4BCSoDB5eVBlUKIdQy1F41QsoAiOTK+mJe2XstPWVwb
tRdKpJari3bdH4FRc4iqSXl9l4BDb+IOjxvKfTagBu3aY7ohrTLiUt0Ov/LDfPDG
+FudDQJqebuc0yUls67kqXNUuFlsy1bNT/D4ep3nPTszmQmmAncVyocc+2vGxL6V
e+udEy4=
-----END CERTIFICATE-----
Generated at Fri May 3 20:57:19 2024 by rpki-client on console.sobornost.net