Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/W5sw1oHLWwpRIhdCg11ML4nLnHQ.roa
File: W5sw1oHLWwpRIhdCg11ML4nLnHQ.roa (raw, json)
Hash identifier: jTfJ59WhW9KiaIpxujhzS7KpFahGtdOL+NDNjUf1rMo=
Subject key identifier: 5B:9B:30:D6:81:CB:5B:0A:51:22:17:42:83:5D:4C:2F:89:CB:9C:74
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 45F5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/W5sw1oHLWwpRIhdCg11ML4nLnHQ.roa
Signing time: Sun 21 Apr 2024 20:53:07 +0000
ROA not before: Sun 21 Apr 2024 20:53:07 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17909 (0x45f5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 21 20:53:07 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5B9B30D681CB5B0A51221742835D4C2F89CB9C74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:ad:9a:9c:9d:0e:d2:2d:d1:f4:db:76:bf:fa:
a2:b3:73:d9:3b:ef:c7:9b:2e:d3:ee:78:67:fa:27:
ab:cc:65:c9:4c:92:c7:6e:d1:c2:e8:eb:7e:dc:11:
88:92:f7:10:9a:3e:40:27:e5:25:fb:d3:91:5e:4c:
79:74:69:36:01:ce:05:49:b9:10:1f:aa:5a:bf:d6:
93:4a:de:65:66:30:3e:f5:8f:74:12:c5:39:51:42:
37:d7:80:30:94:ea:6f:8f:29:4f:ff:8f:09:cb:f5:
ba:61:d0:e0:cb:0d:9e:9c:b1:ba:1a:00:f6:97:b8:
48:da:88:65:69:84:b5:b3:6c:15:e0:c8:79:4e:e8:
e2:5c:2a:41:0f:f8:01:10:ed:05:cd:7c:46:90:78:
1a:a2:8b:bd:0e:1a:2a:77:27:89:d0:e4:ea:00:0b:
b8:a9:15:8b:0c:b2:fa:13:b3:3f:57:35:ef:80:47:
fe:1f:e2:49:62:b9:77:a9:05:50:35:ed:8e:2b:10:
08:8b:22:1a:9c:b5:74:13:de:3d:ae:23:9c:17:d9:
e7:e4:95:16:54:23:10:0f:51:29:6c:44:fc:c1:01:
5e:f3:c3:d4:09:a1:17:b7:be:e7:f9:58:e2:a1:25:
20:2f:d4:1b:45:66:06:21:f2:e2:a2:5e:b2:ef:37:
a5:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:9B:30:D6:81:CB:5B:0A:51:22:17:42:83:5D:4C:2F:89:CB:9C:74
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/W5sw1oHLWwpRIhdCg11ML4nLnHQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
7c:96:59:df:b0:f3:18:4d:d1:89:7c:8a:21:1f:b4:55:63:b6:
64:2c:bf:c3:5b:80:64:09:74:88:25:72:dd:91:e7:bd:73:4a:
61:69:26:8e:a6:53:f3:30:d2:e0:01:eb:94:ea:cc:7e:b6:2e:
eb:f6:fb:14:e5:b5:5e:fb:52:9a:23:7b:59:83:fe:ba:01:7d:
05:d2:c4:d6:43:7e:af:62:d7:37:46:0e:22:1d:2a:c8:80:ba:
fa:0b:13:90:a9:65:5c:75:fd:73:79:dd:cd:7e:35:6f:58:47:
3d:8b:0d:65:f9:dd:2f:3b:81:23:e5:14:a4:32:be:cd:4c:aa:
24:2d:86:ea:82:cd:3b:ea:a1:fa:10:91:86:72:e3:28:6c:4b:
24:fa:5a:68:cd:ec:d2:bc:d6:93:70:ff:f5:76:cd:d6:1f:f6:
6d:30:b8:00:74:12:63:e6:1c:8d:dd:9f:73:ee:00:8e:f2:c2:
ee:2b:10:7a:df:23:c7:d1:b3:86:37:e6:60:32:5f:91:e4:83:
2b:dc:89:be:7b:06:32:d1:94:8a:71:50:ec:d7:4d:51:d0:cb:
51:2b:da:65:c9:04:a4:24:c1:40:5a:aa:db:de:96:2c:f3:4d:
f9:30:04:c6:5a:72:b7:32:58:7f:e2:d8:e6:30:67:6c:82:58:
16:aa:29:53
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRfUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjEy
MDUzMDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVCOUIzMEQ2ODFDQjVC
MEE1MTIyMTc0MjgzNUQ0QzJGODlDQjlDNzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDrZqcnQ7SLdH023a/+qKzc9k778ebLtPueGf6J6vMZclMksdu
0cLo637cEYiS9xCaPkAn5SX705FeTHl0aTYBzgVJuRAfqlq/1pNK3mVmMD71j3QS
xTlRQjfXgDCU6m+PKU//jwnL9bph0ODLDZ6csboaAPaXuEjaiGVphLWzbBXgyHlO
6OJcKkEP+AEQ7QXNfEaQeBqii70OGip3J4nQ5OoAC7ipFYsMsvoTsz9XNe+AR/4f
4kliuXepBVA17Y4rEAiLIhqctXQT3j2uI5wX2efklRZUIxAPUSlsRPzBAV7zw9QJ
oRe3vuf5WOKhJSAv1BtFZgYh8uKiXrLvN6W3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUW5sw1oHLWwpRIhdCg11ML4nLnHQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1c1c3cxb0hMV3dwUklo
ZENnMTFNTDRuTG5IUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHyWWd+w8xhN0Yl8
iiEftFVjtmQsv8NbgGQJdIglct2R571zSmFpJo6mU/Mw0uAB65TqzH62Luv2+xTl
tV77Upoje1mD/roBfQXSxNZDfq9i1zdGDiIdKsiAuvoLE5CpZVx1/XN53c1+NW9Y
Rz2LDWX53S87gSPlFKQyvs1MqiQthuqCzTvqofoQkYZy4yhsSyT6WmjN7NK81pNw
//V2zdYf9m0wuAB0EmPmHI3dn3PuAI7ywu4rEHrfI8fRs4Y35mAyX5Hkgyvcib57
BjLRlIpxUOzXTVHQy1Er2mXJBKQkwUBaqtvelizzTfkwBMZacrcyWH/i2OYwZ2yC
WBaqKVM=
-----END CERTIFICATE-----
Generated at Mon Apr 22 01:44:00 2024 by rpki-client on console.sobornost.net