Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/UtFhwuItiTZ3AfqLiZcDvf9o3aA.roa
File: UtFhwuItiTZ3AfqLiZcDvf9o3aA.roa (raw, json)
Hash identifier: 4DA8GolfNFhQeeVr41M3skt9GR+WKiUe7zuqTnDYkl0=
Subject key identifier: 52:D1:61:C2:E2:2D:89:36:77:01:FA:8B:89:97:03:BD:FF:68:DD:A0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 446D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UtFhwuItiTZ3AfqLiZcDvf9o3aA.roa
Signing time: Fri 19 Apr 2024 19:53:04 +0000
ROA not before: Fri 19 Apr 2024 19:53:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17517 (0x446d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 19:53:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=52D161C2E22D89367701FA8B899703BDFF68DDA0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:ce:1f:56:22:c8:d9:aa:a1:42:44:14:fd:54:
6b:c6:99:13:64:52:71:aa:ad:ee:bd:96:99:e8:62:
a4:9b:17:77:83:81:af:7b:f9:e8:ee:8c:11:f5:e4:
2f:6b:6d:c0:cc:12:07:80:b6:d4:11:e4:08:08:00:
9a:61:eb:44:09:1c:f2:f7:9f:c4:e2:6c:d2:24:a9:
82:c3:a5:ca:4a:80:e1:d6:44:13:f2:77:f4:c0:a4:
6c:fe:0c:61:cf:14:67:44:4e:7e:7d:6a:47:a2:65:
64:fc:9f:bd:db:75:1e:5e:ca:55:e1:6d:89:4c:1c:
73:4a:49:ec:4c:66:24:76:60:32:e4:98:ef:e8:c9:
da:c9:cf:21:e6:4e:3d:8a:5e:9c:a5:c5:77:57:74:
e6:e5:63:c8:f9:1b:9c:64:8f:08:df:13:40:9d:11:
c4:3a:c6:82:c7:f2:96:15:8c:e8:1b:99:d4:29:2c:
1d:b8:8d:02:da:fd:49:9f:7a:20:ed:a6:c6:59:85:
58:d4:4c:4a:3c:67:88:3d:5a:07:e3:61:ca:1e:51:
45:3f:8e:78:cc:1a:48:72:7d:aa:9c:bc:7f:ad:21:
e6:e8:56:71:93:3b:9c:ea:7e:12:3e:6e:77:11:07:
48:b0:96:2e:fd:4a:e5:06:91:a9:82:10:4e:8f:8f:
29:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:D1:61:C2:E2:2D:89:36:77:01:FA:8B:89:97:03:BD:FF:68:DD:A0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UtFhwuItiTZ3AfqLiZcDvf9o3aA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
59:9b:ae:27:48:4b:db:78:b9:37:2f:07:6f:33:90:f6:01:c4:
f2:c9:96:67:5d:ed:bd:38:47:1d:d9:a1:64:92:6c:bb:30:2c:
4b:b6:3e:ed:37:91:a3:36:b9:00:4a:da:6a:b8:6b:8a:28:79:
cb:6e:3c:40:84:c7:cd:93:9e:98:d5:83:51:e3:b3:6c:ae:56:
45:c9:5c:96:a8:dd:a1:24:79:89:f3:ce:22:4a:15:24:17:b7:
d2:b1:a2:91:12:61:b1:25:7f:c9:91:58:60:2c:1f:47:64:68:
2e:23:20:17:ff:83:28:d1:99:62:d0:d6:71:f4:67:d0:47:25:
c5:be:c7:c9:9b:e0:17:9f:25:60:26:86:6a:03:94:8a:2b:f9:
f4:41:ec:d0:17:70:38:82:37:bc:69:a2:9c:b9:42:b8:d8:36:
69:d7:da:77:74:3d:2a:08:50:52:11:05:ad:df:7f:e8:77:0e:
1b:7d:a6:21:ac:1a:ea:70:70:8f:bc:3e:01:7f:96:30:5a:0e:
31:09:2a:e5:87:c4:da:02:c4:68:34:b8:cc:06:24:a5:e1:48:
dc:d5:6e:31:0a:ea:52:be:49:35:08:85:39:e3:6c:22:99:6b:
eb:f5:26:3a:39:5d:bc:a4:18:7d:dc:fb:d1:67:64:f1:be:03:
c9:bf:42:47
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRG0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkx
OTUzMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDUyRDE2MUMyRTIyRDg5
MzY3NzAxRkE4Qjg5OTcwM0JERkY2OEREQTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDzh9WIsjZqqFCRBT9VGvGmRNkUnGqre69lpnoYqSbF3eDga97
+ejujBH15C9rbcDMEgeAttQR5AgIAJph60QJHPL3n8TibNIkqYLDpcpKgOHWRBPy
d/TApGz+DGHPFGdETn59akeiZWT8n73bdR5eylXhbYlMHHNKSexMZiR2YDLkmO/o
ydrJzyHmTj2KXpylxXdXdOblY8j5G5xkjwjfE0CdEcQ6xoLH8pYVjOgbmdQpLB24
jQLa/UmfeiDtpsZZhVjUTEo8Z4g9WgfjYcoeUUU/jnjMGkhyfaqcvH+tIeboVnGT
O5zqfhI+bncRB0iwli79SuUGkamCEE6PjykbAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUUtFhwuItiTZ3AfqLiZcDvf9o3aAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1V0Rmh3dUl0aVRaM0Fm
cUxpWmNEdmY5bzNhQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFmbridIS9t4uTcv
B28zkPYBxPLJlmdd7b04Rx3ZoWSSbLswLEu2Pu03kaM2uQBK2mq4a4ooectuPECE
x82TnpjVg1Hjs2yuVkXJXJao3aEkeYnzziJKFSQXt9KxopESYbElf8mRWGAsH0dk
aC4jIBf/gyjRmWLQ1nH0Z9BHJcW+x8mb4BefJWAmhmoDlIor+fRB7NAXcDiCN7xp
opy5QrjYNmnX2nd0PSoIUFIRBa3ff+h3Dht9piGsGupwcI+8PgF/ljBaDjEJKuWH
xNoCxGg0uMwGJKXhSNzVbjEK6lK+STUIhTnjbCKZa+v1Jjo5XbykGH3c+9FnZPG+
A8m/Qkc=
-----END CERTIFICATE-----
Generated at Sat Apr 20 07:46:16 2024 by rpki-client on console.sobornost.net