Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Y6t1a-9RNt7p4wvcyyPPbqq532k.roa
File: Y6t1a-9RNt7p4wvcyyPPbqq532k.roa (raw, json)
Hash identifier: SfkCZcO7DJkvSsslA47Evu8aKxezEjEbIIjSG3aD49g=
Subject key identifier: 63:AB:75:6B:EF:51:36:DE:E9:E3:0B:DC:CB:23:CF:6E:AA:B9:DF:69
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4EB5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Y6t1a-9RNt7p4wvcyyPPbqq532k.roa
Signing time: Fri 03 May 2024 12:53:55 +0000
ROA not before: Fri 03 May 2024 12:53:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20149 (0x4eb5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 12:53:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=63AB756BEF5136DEE9E30BDCCB23CF6EAAB9DF69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:19:13:4b:e2:80:7e:5b:f5:dc:2d:9c:9d:98:
62:fe:92:ac:6f:a1:f7:5e:31:16:9c:83:38:cd:28:
e8:4a:21:52:a1:85:f3:9c:41:1b:e7:f5:b4:8e:1c:
67:ec:0a:bb:d5:2a:4d:ed:23:45:7f:d5:61:91:c0:
9c:4f:ac:d4:69:38:60:6c:b8:4d:87:95:de:4c:5c:
2b:b8:e3:43:7b:13:c1:71:86:a3:e7:91:5d:dd:b7:
bb:8a:24:2d:76:fe:02:85:01:ca:dd:e2:b2:60:8a:
ae:0e:b3:81:7c:a2:24:0a:7c:ea:d4:76:a1:b0:ef:
ef:47:a2:6c:67:f4:15:6d:4b:35:e1:a4:c5:1e:da:
97:a1:47:07:b8:df:39:50:34:24:9e:d6:93:ec:96:
d8:c9:03:02:4a:4a:d4:81:84:06:8e:36:31:6b:54:
7b:af:bc:ee:04:b3:00:81:f7:25:8e:6a:d8:8c:ec:
ad:da:c0:b4:77:f6:80:e4:41:83:48:54:97:8c:84:
9c:1d:d0:2a:4f:8e:e0:66:16:e6:c9:67:8a:d7:a4:
3d:92:9d:72:c2:aa:c9:cc:fb:cd:2d:fb:a2:c9:e5:
94:5d:1d:37:55:d0:e6:35:7a:74:36:59:94:81:eb:
8b:2a:4f:d7:1f:34:0c:ce:e6:a0:61:6d:f5:78:5d:
a3:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:AB:75:6B:EF:51:36:DE:E9:E3:0B:DC:CB:23:CF:6E:AA:B9:DF:69
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Y6t1a-9RNt7p4wvcyyPPbqq532k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
a2:e3:38:8f:c0:32:45:d4:88:17:bd:39:42:e0:20:dd:d3:d9:
ba:06:59:2a:ac:69:6d:47:df:5c:a7:5c:0b:c4:b7:44:8d:8d:
8e:75:60:5f:e3:1b:13:c8:db:2e:6b:19:18:21:9e:bf:97:3b:
d5:28:bc:cc:09:80:bf:b3:0a:56:03:b6:d4:16:80:ac:ff:9a:
e5:01:e6:d0:e9:2c:21:e6:5b:cf:e3:fb:21:52:28:40:ae:53:
86:78:01:64:dd:f8:49:90:74:fe:52:86:ee:79:5b:7d:3d:ba:
9b:1a:44:ed:0e:e4:2c:c3:48:be:93:5b:4c:9d:96:06:e3:2e:
89:26:15:a4:87:87:0d:69:a4:6d:b0:d5:a8:8f:2a:fd:63:c1:
7a:ee:2a:d8:04:a3:2f:da:27:67:37:6c:67:5f:dc:4e:cf:78:
97:5a:bb:a5:d2:6c:46:40:fd:14:c8:e5:a4:41:49:9e:5b:ab:
a7:83:6a:c7:43:88:7d:6e:6e:a4:2c:e8:95:be:a1:22:0a:27:
0a:89:21:a4:7f:1a:19:6b:0c:93:10:06:a9:3d:99:3a:f0:ce:
b6:9f:a7:f0:67:51:20:a6:91:85:79:b7:e2:96:52:2b:74:0e:
c5:69:7e:0b:b0:9b:47:1d:f7:8b:4b:d4:72:69:75:a9:0c:4b:
34:d4:bb:4c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTrUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMx
MjUzNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYzQUI3NTZCRUY1MTM2
REVFOUUzMEJEQ0NCMjNDRjZFQUFCOURGNjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDgGRNL4oB+W/XcLZydmGL+kqxvofdeMRacgzjNKOhKIVKhhfOc
QRvn9bSOHGfsCrvVKk3tI0V/1WGRwJxPrNRpOGBsuE2Hld5MXCu440N7E8FxhqPn
kV3dt7uKJC12/gKFAcrd4rJgiq4Os4F8oiQKfOrUdqGw7+9Homxn9BVtSzXhpMUe
2pehRwe43zlQNCSe1pPsltjJAwJKStSBhAaONjFrVHuvvO4EswCB9yWOatiM7K3a
wLR39oDkQYNIVJeMhJwd0CpPjuBmFubJZ4rXpD2SnXLCqsnM+80t+6LJ5ZRdHTdV
0OY1enQ2WZSB64sqT9cfNAzO5qBhbfV4XaOFAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUY6t1a+9RNt7p4wvcyyPPbqq532kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1k2dDFhLTlSTnQ3cDR3
dmN5eVBQYnFxNTMyay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKLjOI/AMkXUiBe9
OULgIN3T2boGWSqsaW1H31ynXAvEt0SNjY51YF/jGxPI2y5rGRghnr+XO9UovMwJ
gL+zClYDttQWgKz/muUB5tDpLCHmW8/j+yFSKECuU4Z4AWTd+EmQdP5Shu55W309
upsaRO0O5CzDSL6TW0ydlgbjLokmFaSHhw1ppG2w1aiPKv1jwXruKtgEoy/aJ2c3
bGdf3E7PeJdau6XSbEZA/RTI5aRBSZ5bq6eDasdDiH1ubqQs6JW+oSIKJwqJIaR/
GhlrDJMQBqk9mTrwzrafp/BnUSCmkYV5t+KWUit0DsVpfguwm0cd94tL1HJpdakM
SzTUu0w=
-----END CERTIFICATE-----
Generated at Fri May 3 17:05:21 2024 by rpki-client on console.sobornost.net