Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XJaAsCe8a9u204hs5w_HMkO0gB8.roa
File: XJaAsCe8a9u204hs5w_HMkO0gB8.roa (raw, json)
Hash identifier: ZH16pHGnSlmj86zWl4n8lbtJcDKgiAk1YLzCUUyZWVk=
Subject key identifier: 5C:96:80:B0:27:BC:6B:DB:B6:D3:88:6C:E7:0F:C7:32:43:B4:80:1F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3915
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XJaAsCe8a9u204hs5w_HMkO0gB8.roa
Signing time: Thu 04 Apr 2024 16:52:22 +0000
ROA not before: Thu 04 Apr 2024 16:52:22 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14613 (0x3915)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 4 16:52:22 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5C9680B027BC6BDBB6D3886CE70FC73243B4801F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:a1:a0:bb:37:c1:6d:4e:fa:b8:fb:10:2e:47:
05:4c:ce:dc:08:8f:cc:79:40:8e:08:21:0a:b8:be:
66:97:03:de:7f:0e:1c:7f:9d:7b:29:ba:01:b4:43:
d1:37:3b:a7:1f:d1:50:7d:51:f3:a7:9b:82:61:fa:
f6:e5:d2:13:a9:83:d1:17:fe:5d:84:ef:d7:08:8e:
08:95:ad:8c:45:41:6c:eb:a4:db:69:b4:a4:3f:a2:
ec:8d:48:7a:19:9d:1c:36:20:52:4d:66:b2:f5:6e:
46:c0:e5:30:36:22:bd:71:c7:3c:5b:56:3f:97:b9:
f1:2c:44:48:3f:ec:08:1a:8b:b1:9f:36:35:9b:d1:
1d:d6:5a:99:33:da:02:73:ae:39:3b:20:b0:8d:be:
0e:18:f5:3f:94:00:9b:84:81:1f:a4:07:c0:3b:ad:
51:10:ea:d4:3d:ac:7a:97:23:95:11:cd:d5:ea:b0:
f3:cd:26:40:b8:8e:de:fb:2d:33:85:6a:e4:2f:bd:
20:66:11:e3:da:81:b3:11:89:86:15:5b:3a:0b:01:
d3:a9:85:78:df:ad:ae:78:e1:22:8c:95:79:55:3e:
3a:5c:6a:0e:44:fd:b3:c0:29:05:20:0b:7a:ca:21:
ba:1a:1e:b0:ba:09:fb:6c:d3:99:8a:5f:5e:af:76:
71:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:96:80:B0:27:BC:6B:DB:B6:D3:88:6C:E7:0F:C7:32:43:B4:80:1F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XJaAsCe8a9u204hs5w_HMkO0gB8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
68:e1:7c:0f:45:63:94:11:c7:0b:e5:f3:65:50:39:cf:21:cb:
4f:78:18:fe:4d:71:a1:a0:90:05:25:a7:d2:0a:6d:ed:13:f1:
1d:ef:02:a8:ab:2f:7f:de:28:41:94:bf:c0:44:bd:c7:f1:52:
31:b5:34:6b:1d:e2:5b:6e:bd:57:1e:2e:36:c1:cd:54:92:51:
7c:91:21:7d:54:60:7b:4b:86:ab:0a:4e:18:6a:c0:e1:d1:2e:
a9:d7:4a:38:70:70:cc:c2:4c:09:4b:4c:43:b2:75:52:16:4d:
8a:ea:2e:fd:e1:a1:96:e8:f6:24:9b:6c:2f:22:03:2e:b4:d5:
8c:e4:b9:41:24:7a:cb:9b:4c:e9:ca:c3:e3:bd:01:2d:dc:0f:
b9:77:13:46:fc:23:63:2f:64:8d:6e:63:0c:a6:30:ab:1c:c4:
0b:f5:67:99:c8:e1:bb:e0:cc:cd:d1:ea:3c:a0:aa:c1:ad:f2:
b9:73:f0:82:35:1b:69:7d:20:54:ce:43:e9:e1:37:3e:34:f0:
cf:6c:c1:a5:cb:9e:41:37:bd:4a:0a:bd:70:49:4e:3c:4e:f1:
3a:3f:5f:a6:b3:fa:62:94:a1:dd:10:7b:01:d9:e9:00:c4:11:
a8:31:f6:b5:18:6b:33:00:23:5c:cc:7d:49:25:3d:97:d7:a3:
f5:0a:c8:c5
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICORUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDQx
NjUyMjJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVDOTY4MEIwMjdCQzZC
REJCNkQzODg2Q0U3MEZDNzMyNDNCNDgwMUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDioaC7N8FtTvq4+xAuRwVMztwIj8x5QI4IIQq4vmaXA95/Dhx/
nXspugG0Q9E3O6cf0VB9UfOnm4Jh+vbl0hOpg9EX/l2E79cIjgiVrYxFQWzrpNtp
tKQ/ouyNSHoZnRw2IFJNZrL1bkbA5TA2Ir1xxzxbVj+XufEsREg/7Agai7GfNjWb
0R3WWpkz2gJzrjk7ILCNvg4Y9T+UAJuEgR+kB8A7rVEQ6tQ9rHqXI5URzdXqsPPN
JkC4jt77LTOFauQvvSBmEePagbMRiYYVWzoLAdOphXjfra544SKMlXlVPjpcag5E
/bPAKQUgC3rKIboaHrC6Cfts05mKX16vdnEPAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUXJaAsCe8a9u204hs5w/HMkO0gB8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hKYUFzQ2U4YTl1MjA0
aHM1d19ITWtPMGdCOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGjhfA9FY5QRxwvl
82VQOc8hy094GP5NcaGgkAUlp9IKbe0T8R3vAqirL3/eKEGUv8BEvcfxUjG1NGsd
4ltuvVceLjbBzVSSUXyRIX1UYHtLhqsKThhqwOHRLqnXSjhwcMzCTAlLTEOydVIW
TYrqLv3hoZbo9iSbbC8iAy601YzkuUEkesubTOnKw+O9AS3cD7l3E0b8I2MvZI1u
YwymMKscxAv1Z5nI4bvgzM3R6jygqsGt8rlz8II1G2l9IFTOQ+nhNz408M9swaXL
nkE3vUoKvXBJTjxO8To/X6az+mKUod0QewHZ6QDEEagx9rUYazMAI1zMfUklPZfX
o/UKyMU=
-----END CERTIFICATE-----
Generated at Thu Apr 4 23:41:04 2024 by rpki-client on console.sobornost.net