Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YSBxvrnWBH22t3ydeS2XTzCYtxU.roa
File: YSBxvrnWBH22t3ydeS2XTzCYtxU.roa (raw, json)
Hash identifier: W4luWljmRGrH+LVKwQXjONFVCL1HbYR4bWfToDaC0I4=
Subject key identifier: 61:20:71:BE:B9:D6:04:7D:B6:B7:7C:9D:79:2D:97:4F:30:98:B7:15
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54C9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YSBxvrnWBH22t3ydeS2XTzCYtxU.roa
Signing time: Sat 11 May 2024 15:24:03 +0000
ROA not before: Sat 11 May 2024 15:24:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21705 (0x54c9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 15:24:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=612071BEB9D6047DB6B77C9D792D974F3098B715
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:94:df:61:42:58:9f:63:cb:39:8f:b4:a5:b7:
40:16:00:8e:0f:c6:7d:f4:95:c5:76:2f:07:81:46:
90:47:b6:2c:5d:55:9d:84:1a:3b:73:b8:a9:56:5e:
56:e4:0b:b8:da:06:ca:f7:ac:5b:85:64:21:f2:79:
1b:d2:6c:44:59:04:9d:e4:89:81:d8:0c:f7:09:b0:
85:f5:b0:f1:6e:57:2d:27:7e:2f:30:93:ad:fa:e4:
c4:b6:c6:c9:23:5e:51:03:69:15:61:15:19:70:c5:
b8:23:33:e2:0a:69:db:b5:b8:a0:12:81:24:1c:b7:
6c:2d:8f:44:33:bd:62:51:e7:4f:f9:c3:ee:1f:38:
48:5f:15:d6:eb:28:1d:f2:d0:3c:fc:85:a1:7d:da:
93:8f:0a:b2:22:3d:e8:b5:3c:49:40:28:e2:7a:b1:
4c:d4:95:5c:73:d6:75:92:28:a7:ea:86:ac:e2:da:
24:69:2a:47:30:07:1a:2e:ac:f2:2e:09:32:9f:0e:
f7:4c:7a:87:52:7a:b9:27:7b:47:7b:36:0d:16:8c:
84:f0:d4:56:91:be:c5:e4:0d:3e:65:88:f8:b9:88:
f2:d2:a4:b5:4b:f2:fb:21:50:b5:1e:be:b2:b6:e9:
76:52:9a:98:9d:0b:d8:69:d5:d7:57:30:05:3f:21:
49:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:20:71:BE:B9:D6:04:7D:B6:B7:7C:9D:79:2D:97:4F:30:98:B7:15
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YSBxvrnWBH22t3ydeS2XTzCYtxU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
7b:8a:e4:9f:d5:45:02:82:00:6b:7a:6a:90:9c:65:4d:2b:8d:
10:eb:9f:75:28:29:8a:c7:96:b1:7d:3b:c1:0c:0d:3b:ec:16:
4d:95:36:9c:34:1d:12:1e:47:79:93:12:24:7e:85:e4:ae:2f:
e0:ac:a4:d9:26:78:8e:f3:27:62:5e:55:c1:12:89:28:27:78:
3b:72:4f:0b:18:c0:50:2b:f2:ff:e4:d2:47:b0:f8:54:ba:bb:
88:a0:5c:6f:ca:dc:49:81:9f:72:6f:47:ed:fb:a3:d6:13:54:
d7:a4:f3:44:ef:46:e7:3f:40:1a:df:8c:03:ef:f7:55:0d:a2:
2a:77:a1:a3:44:ef:ab:11:36:5e:17:89:19:20:93:ee:2a:3a:
d6:fd:10:a4:a4:3a:ba:e3:a0:4e:f5:5d:9c:77:1f:88:08:a3:
c9:06:22:6e:fa:2e:17:c2:5a:b6:75:6c:0a:60:9b:9f:a9:e5:
c5:65:7b:5b:ef:06:48:88:4d:a8:57:90:77:7d:8c:37:24:da:
b7:21:97:c2:6c:1e:5a:fd:e9:90:a0:8b:71:26:5f:be:2b:14:
cc:d7:61:e2:21:aa:97:f3:3a:8c:03:8a:cf:f4:04:bb:b5:40:
66:d0:7a:5d:6a:0e:f8:85:f4:48:de:1d:6c:fc:99:5b:f5:46:
72:a4:b3:5c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVMkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEx
NTI0MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYxMjA3MUJFQjlENjA0
N0RCNkI3N0M5RDc5MkQ5NzRGMzA5OEI3MTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4lN9hQlifY8s5j7Slt0AWAI4Pxn30lcV2LweBRpBHtixdVZ2E
GjtzuKlWXlbkC7jaBsr3rFuFZCHyeRvSbERZBJ3kiYHYDPcJsIX1sPFuVy0nfi8w
k6365MS2xskjXlEDaRVhFRlwxbgjM+IKadu1uKASgSQct2wtj0QzvWJR50/5w+4f
OEhfFdbrKB3y0Dz8haF92pOPCrIiPei1PElAKOJ6sUzUlVxz1nWSKKfqhqzi2iRp
KkcwBxourPIuCTKfDvdMeodSerkne0d7Ng0WjITw1FaRvsXkDT5liPi5iPLSpLVL
8vshULUevrK26XZSmpidC9hp1ddXMAU/IUlbAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUYSBxvrnWBH22t3ydeS2XTzCYtxUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lTQnh2cm5XQkgyMnQz
eWRlUzJYVHpDWXR4VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHuK5J/VRQKCAGt6
apCcZU0rjRDrn3UoKYrHlrF9O8EMDTvsFk2VNpw0HRIeR3mTEiR+heSuL+CspNkm
eI7zJ2JeVcESiSgneDtyTwsYwFAr8v/k0kew+FS6u4igXG/K3EmBn3JvR+37o9YT
VNek80TvRuc/QBrfjAPv91UNoip3oaNE76sRNl4XiRkgk+4qOtb9EKSkOrrjoE71
XZx3H4gIo8kGIm76LhfCWrZ1bApgm5+p5cVle1vvBkiITahXkHd9jDck2rchl8Js
Hlr96ZCgi3EmX74rFMzXYeIhqpfzOowDis/0BLu1QGbQel1qDviF9EjeHWz8mVv1
RnKks1w=
-----END CERTIFICATE-----
Generated at Sat May 11 22:22:18 2024 by rpki-client on console.sobornost.net