Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/S9ofmh-NIZEjkQ6Xju4BNyd7jNc.roa
File: S9ofmh-NIZEjkQ6Xju4BNyd7jNc.roa (raw, json)
Hash identifier: pUH00SUsH3vZ5orz8xrLL8Vb/+d/YAH/O+aVmxMxCz0=
Subject key identifier: 4B:DA:1F:9A:1F:8D:21:91:23:91:0E:97:8E:EE:01:37:27:7B:8C:D7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 33C1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S9ofmh-NIZEjkQ6Xju4BNyd7jNc.roa
Signing time: Thu 28 Mar 2024 14:22:07 +0000
ROA not before: Thu 28 Mar 2024 14:22:07 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13249 (0x33c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 14:22:07 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4BDA1F9A1F8D219123910E978EEE0137277B8CD7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:89:45:b6:b8:0f:b8:4d:50:b1:43:9f:48:69:
48:a4:6b:62:49:cf:f6:af:06:2d:fc:55:b0:2b:3a:
5b:b5:ff:cc:41:6b:85:c4:26:00:f1:9a:8c:8e:e3:
e9:48:c7:c5:f3:b8:d7:b9:39:94:de:a6:9c:cb:8f:
ac:81:53:8c:c3:5d:9f:ac:9e:b2:79:39:dd:b9:f4:
1e:a1:2d:0b:6d:3c:e9:f2:b6:29:d5:32:bc:b5:b9:
96:1d:3a:f2:9d:65:a2:33:17:b7:c8:84:52:4f:de:
d5:e8:38:0d:1f:5e:80:b3:e0:32:07:6e:fc:59:79:
44:d9:09:dc:48:0b:61:bc:48:90:18:05:98:6f:bf:
82:9e:46:db:03:7d:0a:5c:65:31:d7:84:ef:a8:3e:
93:9e:90:8a:c1:d0:68:df:2b:66:3a:ad:17:e7:82:
fa:0a:ec:48:f5:45:2c:b2:ba:40:0d:00:94:04:91:
f2:eb:35:ff:6a:26:e7:04:59:0e:f8:dd:45:c9:09:
e1:d2:16:cb:4a:59:f0:c3:64:1c:be:04:3f:0f:f6:
28:f9:05:ce:5d:92:b4:34:e8:70:3a:fd:86:bb:7d:
53:37:91:3b:2f:76:14:bb:6e:4c:2d:d0:db:01:2d:
85:9b:44:fb:10:07:6e:3a:eb:ff:2e:7b:f2:38:bc:
ae:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:DA:1F:9A:1F:8D:21:91:23:91:0E:97:8E:EE:01:37:27:7B:8C:D7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S9ofmh-NIZEjkQ6Xju4BNyd7jNc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b8:b8:7f:c1:86:68:18:80:7c:37:a0:fa:87:14:ae:9a:85:8d:
9d:ec:f6:9c:af:82:7b:29:a9:c3:83:94:e8:cd:59:7a:05:bf:
f9:61:0e:b8:21:fa:84:48:e5:33:d9:c7:e0:21:b5:1d:5f:a7:
1d:1b:13:5f:ab:01:bc:49:cb:3d:6b:a3:d5:e3:8b:4a:8f:66:
75:d7:92:94:81:3f:a9:ff:a5:4f:e3:7e:ae:82:35:77:f1:f7:
bc:3c:d5:8a:20:2c:d8:7a:00:bc:c7:7e:6f:8c:6e:ff:9a:f5:
bb:ad:de:d6:d1:14:91:74:df:47:ab:c3:16:30:64:88:81:8e:
75:a2:4f:df:7b:c7:c5:61:ce:99:b3:66:09:01:d3:49:5a:77:
15:cb:e6:39:77:d3:7d:3c:bb:e0:81:c6:c4:69:63:da:51:9e:
0e:7b:2a:26:f9:71:cc:76:ea:48:e0:36:27:d8:87:de:2b:49:
49:a4:0b:bb:77:9a:46:6e:f1:c3:6e:6f:3e:74:5a:a2:a5:a3:
11:bb:12:28:f5:e2:86:c4:11:56:d3:a4:af:ea:60:69:47:c5:
1f:43:5e:c8:4d:4f:3e:43:ad:9b:c0:9f:e3:58:18:a3:36:73:
6e:ba:9f:4b:66:d7:0c:42:8a:58:96:40:71:6d:65:e1:1b:c0:
54:dc:01:99
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICM8EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgx
NDIyMDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRCREExRjlBMUY4RDIx
OTEyMzkxMEU5NzhFRUUwMTM3Mjc3QjhDRDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoiUW2uA+4TVCxQ59IaUika2JJz/avBi38VbArOlu1/8xBa4XE
JgDxmoyO4+lIx8XzuNe5OZTeppzLj6yBU4zDXZ+snrJ5Od259B6hLQttPOnytinV
Mry1uZYdOvKdZaIzF7fIhFJP3tXoOA0fXoCz4DIHbvxZeUTZCdxIC2G8SJAYBZhv
v4KeRtsDfQpcZTHXhO+oPpOekIrB0GjfK2Y6rRfngvoK7Ej1RSyyukANAJQEkfLr
Nf9qJucEWQ743UXJCeHSFstKWfDDZBy+BD8P9ij5Bc5dkrQ06HA6/Ya7fVM3kTsv
dhS7bkwt0NsBLYWbRPsQB2466/8ue/I4vK4pAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUS9ofmh+NIZEjkQ6Xju4BNyd7jNcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1M5b2ZtaC1OSVpFamtR
NlhqdTRCTnlkN2pOYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALi4f8GGaBiAfDeg
+ocUrpqFjZ3s9pyvgnspqcODlOjNWXoFv/lhDrgh+oRI5TPZx+AhtR1fpx0bE1+r
AbxJyz1ro9Xji0qPZnXXkpSBP6n/pU/jfq6CNXfx97w81YogLNh6ALzHfm+Mbv+a
9but3tbRFJF030erwxYwZIiBjnWiT997x8VhzpmzZgkB00ladxXL5jl30308u+CB
xsRpY9pRng57Kib5ccx26kjgNifYh94rSUmkC7t3mkZu8cNubz50WqKloxG7Eij1
4obEEVbTpK/qYGlHxR9DXshNTz5DrZvAn+NYGKM2c266n0tm1wxCiliWQHFtZeEb
wFTcAZk=
-----END CERTIFICATE-----
Generated at Thu Mar 28 21:02:48 2024 by rpki-client on console.sobornost.net