Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RZm7R-cR4vIwZteoLIWMRRFT2to.roa
File: RZm7R-cR4vIwZteoLIWMRRFT2to.roa (raw, json)
Hash identifier: QsEhUkvW2d7yS/TvzbS1Zlv86jlCxfpHBZtwk8wcUcA=
Subject key identifier: 45:99:BB:47:E7:11:E2:F2:30:66:D7:A8:2C:85:8C:45:11:53:DA:DA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 45E1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RZm7R-cR4vIwZteoLIWMRRFT2to.roa
Signing time: Sun 21 Apr 2024 18:23:16 +0000
ROA not before: Sun 21 Apr 2024 18:23:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17889 (0x45e1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 21 18:23:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4599BB47E711E2F23066D7A82C858C451153DADA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:2b:5c:b2:1c:19:f9:c3:41:12:1d:02:3e:47:
53:2b:a8:d6:46:b5:78:1c:26:87:d8:bc:85:f6:f9:
2e:86:67:21:89:4f:11:7d:e0:04:87:4f:8c:f6:7c:
cc:65:4f:02:cf:35:ad:21:f2:66:97:94:bb:10:d3:
0d:d2:3c:3e:45:4a:df:fe:dd:48:87:0a:b0:ca:0a:
ad:22:3c:83:0a:73:ce:48:1e:63:52:ca:bd:f6:16:
fc:60:a2:b2:10:a2:60:93:d4:0a:55:ec:1c:a5:8f:
1e:b5:35:82:99:ca:b8:2c:74:9a:c1:f2:ef:2d:c6:
01:cd:06:6f:0c:42:ec:f8:db:73:9d:75:6b:39:7a:
ba:b1:5b:8a:e8:37:4a:3a:80:35:fc:b0:76:ff:38:
b3:fe:36:37:79:4c:0b:1d:e1:a9:c0:d7:d7:d6:ec:
72:75:9d:4b:63:5a:66:97:1c:1b:8a:6a:f1:73:8f:
81:d0:bb:c7:f9:f3:39:86:d9:a6:98:8e:3b:4d:f3:
4a:8a:02:66:34:ae:40:f9:9d:33:f9:d3:c1:54:63:
39:29:a7:43:6e:13:58:53:9b:ef:c7:12:f6:e3:71:
67:cc:16:f0:2c:3e:3c:4a:f5:cd:15:2a:a4:85:52:
9a:b9:2f:f3:fd:9f:ed:3c:23:f1:2c:76:a9:80:03:
0f:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:99:BB:47:E7:11:E2:F2:30:66:D7:A8:2C:85:8C:45:11:53:DA:DA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RZm7R-cR4vIwZteoLIWMRRFT2to.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
52:71:ab:39:c3:f5:3a:77:32:64:9b:5a:e4:bf:e2:4b:95:e8:
80:a9:bf:56:eb:54:d3:cd:40:a0:02:05:00:1a:98:64:d1:af:
9e:ad:5c:b9:ad:0b:59:b4:4a:9e:6b:5f:70:5a:be:e8:6d:5c:
19:69:cd:89:e4:ec:3f:d6:c7:c8:39:5c:65:30:60:6d:93:d0:
f5:85:82:e9:40:a2:f3:2d:91:6d:6c:c2:36:8b:f7:7f:0a:ce:
50:f8:97:0e:1f:a2:b1:1e:1d:47:6c:35:31:7b:71:2a:6c:04:
33:01:a9:59:54:3a:5b:28:22:df:30:d8:8d:e8:09:fc:fd:54:
e6:42:7c:65:8a:35:e9:04:f9:f5:4b:bb:9e:2d:e1:98:d5:e3:
44:c8:a9:c5:bf:bf:10:85:6f:17:77:7e:b7:54:e1:4b:a9:e7:
d5:36:48:b7:5a:ab:e8:92:59:65:2e:7b:0e:c7:f8:e1:2d:4a:
f4:68:e0:86:5e:3c:c7:f9:0e:ff:73:8c:ec:cc:b2:65:af:e0:
37:57:bf:9c:ce:5f:d7:cc:3e:c2:0c:cb:d4:0a:1c:1b:86:12:
2c:b8:19:c2:95:a7:38:14:4f:22:f1:e5:c5:14:86:bb:0c:69:
e1:78:ef:2b:a0:dc:8c:ae:28:cf:bf:ec:8d:12:8d:84:05:52:
de:e8:cc:b2
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICReEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjEx
ODIzMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ1OTlCQjQ3RTcxMUUy
RjIzMDY2RDdBODJDODU4QzQ1MTE1M0RBREEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDaK1yyHBn5w0ESHQI+R1MrqNZGtXgcJofYvIX2+S6GZyGJTxF9
4ASHT4z2fMxlTwLPNa0h8maXlLsQ0w3SPD5FSt/+3UiHCrDKCq0iPIMKc85IHmNS
yr32FvxgorIQomCT1ApV7Byljx61NYKZyrgsdJrB8u8txgHNBm8MQuz423OddWs5
erqxW4roN0o6gDX8sHb/OLP+Njd5TAsd4anA19fW7HJ1nUtjWmaXHBuKavFzj4HQ
u8f58zmG2aaYjjtN80qKAmY0rkD5nTP508FUYzkpp0NuE1hTm+/HEvbjcWfMFvAs
PjxK9c0VKqSFUpq5L/P9n+08I/EsdqmAAw9ZAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQURZm7R+cR4vIwZteoLIWMRRFT2towHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JabTdSLWNSNHZJd1p0
ZW9MSVdNUlJGVDJ0by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFJxqznD9Tp3MmSb
WuS/4kuV6ICpv1brVNPNQKACBQAamGTRr56tXLmtC1m0Sp5rX3BavuhtXBlpzYnk
7D/Wx8g5XGUwYG2T0PWFgulAovMtkW1swjaL938KzlD4lw4forEeHUdsNTF7cSps
BDMBqVlUOlsoIt8w2I3oCfz9VOZCfGWKNekE+fVLu54t4ZjV40TIqcW/vxCFbxd3
frdU4Uup59U2SLdaq+iSWWUuew7H+OEtSvRo4IZePMf5Dv9zjOzMsmWv4DdXv5zO
X9fMPsIMy9QKHBuGEiy4GcKVpzgUTyLx5cUUhrsMaeF47yug3IyuKM+/7I0SjYQF
Ut7ozLI=
-----END CERTIFICATE-----
Generated at Sun Apr 21 22:16:48 2024 by rpki-client on console.sobornost.net