Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YSwtYI8kojLdDj8z3feAk7rotnw.roa
File: YSwtYI8kojLdDj8z3feAk7rotnw.roa (raw, json)
Hash identifier: f5OsoADhUfYQD71vZ1tGUcNWL1ssZtuoPyUpWCTWi8U=
Subject key identifier: 61:2C:2D:60:8F:24:A2:32:DD:0E:3F:33:DD:F7:80:93:BA:E8:B6:7C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 563D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YSwtYI8kojLdDj8z3feAk7rotnw.roa
Signing time: Mon 13 May 2024 13:54:17 +0000
ROA not before: Mon 13 May 2024 13:54:17 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22077 (0x563d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 13:54:17 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=612C2D608F24A232DD0E3F33DDF78093BAE8B67C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:db:e4:66:96:27:88:fc:2b:10:e0:c8:a1:90:
f6:64:d0:a2:81:37:ef:ee:61:93:04:b7:ff:a0:3d:
bf:45:a4:3f:a2:7d:2f:f5:d0:d0:14:07:49:27:ac:
bb:01:de:29:9f:de:02:5e:e5:7a:c8:3f:49:8f:0d:
c4:78:f5:07:de:c2:7f:52:ea:d8:9c:6b:3c:23:72:
2f:c9:56:37:0d:6c:8a:b5:4a:ad:2f:55:e5:e9:eb:
32:16:8e:a7:91:3e:bf:11:cb:d8:c4:7a:c3:6b:7f:
41:6a:cf:08:9a:3f:52:1a:bd:1b:5b:9c:a1:e5:8a:
45:fd:5f:b0:c1:26:5b:98:c4:ca:dd:ed:31:83:09:
75:4b:7d:36:41:ef:f1:c7:a5:60:71:24:29:b9:c4:
e3:56:43:27:b6:6f:42:bb:0f:d9:a9:f5:fc:4a:de:
03:c1:ae:31:e0:55:c8:55:8f:b9:25:1a:79:20:0a:
85:10:1f:96:bb:d9:c0:88:e4:45:a4:65:8a:42:a2:
bf:6c:39:8b:22:e3:9e:50:95:4f:13:98:f6:3d:98:
f2:e6:b3:29:7d:96:20:da:d5:65:ce:ed:f0:e7:11:
36:85:9c:b5:58:0f:d6:02:51:39:43:a7:b0:14:65:
ce:fa:9b:30:bc:40:70:d1:1a:ec:09:da:01:75:bb:
bb:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:2C:2D:60:8F:24:A2:32:DD:0E:3F:33:DD:F7:80:93:BA:E8:B6:7C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YSwtYI8kojLdDj8z3feAk7rotnw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
98:94:a7:04:bc:9d:bc:f1:4c:82:21:78:e5:44:2e:4f:7a:81:
3e:1a:b5:be:b6:86:83:8c:a5:13:4c:d4:7e:40:46:e8:b4:e1:
46:d6:6f:23:3c:fd:7e:8b:c8:ff:63:93:89:49:e8:b5:bc:44:
9c:04:bb:02:68:01:f1:8b:d6:a0:3e:4e:a5:15:dc:60:e6:95:
81:64:6e:3c:18:06:b3:6f:d5:0a:d7:d6:21:ff:7d:6a:3a:89:
e4:81:ea:7c:1e:8b:5a:a8:56:4b:a7:2d:01:d1:86:79:66:50:
a8:33:66:1f:3b:3f:f3:2f:07:90:9c:24:cc:88:97:64:5e:56:
d0:29:ba:3b:6e:20:51:dd:d8:55:7d:da:e0:0c:4d:86:c4:23:
9f:e7:9f:04:ba:7f:c6:ca:dd:b5:c4:1a:a3:9d:00:00:33:2c:
81:52:d8:dc:e0:ad:82:ec:e5:3d:23:d2:e9:11:15:a2:a2:64:
a2:c9:d2:39:f3:ba:e8:c6:38:8b:fd:86:f3:bb:76:1a:30:bf:
2e:1a:8f:30:5b:22:a9:06:dd:50:b4:dd:63:fe:c2:12:7b:9c:
36:de:7e:ec:b4:a9:7e:7e:42:6f:36:9f:04:b9:ba:99:f6:56:
c6:cb:28:3c:4e:ff:4b:70:bf:53:ea:4d:ca:65:46:bd:2b:fb:
ef:71:c0:04
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVj0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMx
MzU0MTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYxMkMyRDYwOEYyNEEy
MzJERDBFM0YzM0RERjc4MDkzQkFFOEI2N0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQ2+RmlieI/CsQ4MihkPZk0KKBN+/uYZMEt/+gPb9FpD+ifS/1
0NAUB0knrLsB3imf3gJe5XrIP0mPDcR49Qfewn9S6ticazwjci/JVjcNbIq1Sq0v
VeXp6zIWjqeRPr8Ry9jEesNrf0FqzwiaP1IavRtbnKHlikX9X7DBJluYxMrd7TGD
CXVLfTZB7/HHpWBxJCm5xONWQye2b0K7D9mp9fxK3gPBrjHgVchVj7klGnkgCoUQ
H5a72cCI5EWkZYpCor9sOYsi455QlU8TmPY9mPLmsyl9liDa1WXO7fDnETaFnLVY
D9YCUTlDp7AUZc76mzC8QHDRGuwJ2gF1u7vBAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUYSwtYI8kojLdDj8z3feAk7rotnwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lTd3RZSThrb2pMZERq
OHozZmVBazdyb3Rudy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJiUpwS8nbzxTIIh
eOVELk96gT4atb62hoOMpRNM1H5ARui04UbWbyM8/X6LyP9jk4lJ6LW8RJwEuwJo
AfGL1qA+TqUV3GDmlYFkbjwYBrNv1QrX1iH/fWo6ieSB6nwei1qoVkunLQHRhnlm
UKgzZh87P/MvB5CcJMyIl2ReVtApujtuIFHd2FV92uAMTYbEI5/nnwS6f8bK3bXE
GqOdAAAzLIFS2NzgrYLs5T0j0ukRFaKiZKLJ0jnzuujGOIv9hvO7dhowvy4ajzBb
IqkG3VC03WP+whJ7nDbefuy0qX5+Qm82nwS5upn2VsbLKDxO/0twv1PqTcplRr0r
++9xwAQ=
-----END CERTIFICATE-----
Generated at Mon May 13 17:38:33 2024 by rpki-client on console.sobornost.net