Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YdP5v0Zr9Zu3AdHhPGmKj74FqYs.roa
File: YdP5v0Zr9Zu3AdHhPGmKj74FqYs.roa (raw, json)
Hash identifier: gPLh+40WfZxFjfkLkmph6/uHyOVtKv3iLRE4o9Fe8jE=
Subject key identifier: 61:D3:F9:BF:46:6B:F5:9B:B7:01:D1:E1:3C:69:8A:8F:BE:05:A9:8B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4BB9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YdP5v0Zr9Zu3AdHhPGmKj74FqYs.roa
Signing time: Mon 29 Apr 2024 13:23:31 +0000
ROA not before: Mon 29 Apr 2024 13:23:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19385 (0x4bb9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 13:23:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=61D3F9BF466BF59BB701D1E13C698A8FBE05A98B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:29:79:5b:af:cb:f7:7e:02:30:77:32:af:16:
30:9f:5e:3c:f2:27:c9:b3:3e:74:ac:33:0e:30:30:
e5:a3:1b:0c:79:d5:11:05:64:aa:c5:58:7a:13:51:
f0:7a:c1:54:be:e7:be:12:e5:4a:79:c0:91:79:ad:
0d:11:27:e1:49:fc:e1:41:fe:0d:1a:0b:17:0f:49:
e6:ae:8f:ba:92:65:6c:a7:fd:8f:a2:1f:ea:9e:b0:
a3:33:59:3c:72:15:1e:83:a8:90:aa:c8:5b:90:9b:
98:8c:af:43:ff:37:ff:00:47:19:bc:99:11:cf:28:
25:96:dc:9d:ab:48:18:19:e5:a0:c8:14:2f:21:b8:
b8:7c:51:e5:6e:02:5c:3f:ad:cc:e6:e9:c0:82:47:
29:4a:7e:94:62:14:56:04:5c:ba:9b:39:21:dd:4c:
71:a8:65:12:ca:60:f4:79:b9:c9:ed:3c:b7:98:6d:
c9:63:29:8a:db:b0:41:a8:eb:78:b5:a8:72:6f:e3:
a9:4e:a5:1e:47:74:f3:e3:82:d4:41:7e:98:21:14:
cf:48:76:5e:8c:d4:9d:f9:00:27:9f:42:c9:17:2b:
2d:38:9b:38:44:e9:cc:21:25:17:b8:a0:33:23:e8:
69:c7:22:b5:8a:58:81:92:81:eb:37:f8:6c:f1:99:
80:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:D3:F9:BF:46:6B:F5:9B:B7:01:D1:E1:3C:69:8A:8F:BE:05:A9:8B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YdP5v0Zr9Zu3AdHhPGmKj74FqYs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
33:e4:9c:d2:34:48:0e:a9:68:cc:a9:d4:5d:c2:29:86:8a:af:
24:5c:c6:e3:58:b9:8f:08:7b:02:ce:9b:4a:56:32:93:aa:36:
ab:99:b5:cf:cf:a7:71:34:ac:e7:89:67:40:49:ba:8c:8b:a4:
0d:e0:45:98:6a:46:80:b2:0c:37:67:c6:dc:89:f7:51:81:c6:
cf:ee:35:5e:37:2c:4e:0c:0d:3a:72:b2:fe:14:9c:46:c0:c3:
c3:3a:33:f7:e4:00:d6:24:3a:a2:b1:78:56:3a:27:ac:63:dd:
6e:9a:18:7f:89:ef:39:73:b4:74:92:05:44:b1:b5:d9:90:f4:
5f:2b:b2:7d:25:3a:7d:2b:ce:8c:d1:5f:41:fd:27:e2:17:46:
cc:34:2f:4f:f9:4c:0e:f7:d8:6e:25:01:96:55:00:14:9a:55:
8a:26:4b:29:ca:f5:10:be:36:73:e9:fc:58:32:71:f0:46:d5:
9a:57:5a:b4:1c:56:f3:10:bd:4a:e4:24:6a:40:ea:9e:c5:23:
17:05:69:5b:3e:ef:6f:e4:96:5a:d0:34:d3:65:20:61:a9:b1:
d8:47:a9:53:fe:47:5c:2a:e3:bd:d2:d9:30:5c:ca:63:f7:3e:
be:be:bc:29:50:ba:8a:e1:20:87:2b:1f:bc:64:b3:b8:b2:cb:
b9:61:ce:8a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICS7kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkx
MzIzMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYxRDNGOUJGNDY2QkY1
OUJCNzAxRDFFMTNDNjk4QThGQkUwNUE5OEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9KXlbr8v3fgIwdzKvFjCfXjzyJ8mzPnSsMw4wMOWjGwx51REF
ZKrFWHoTUfB6wVS+574S5Up5wJF5rQ0RJ+FJ/OFB/g0aCxcPSeauj7qSZWyn/Y+i
H+qesKMzWTxyFR6DqJCqyFuQm5iMr0P/N/8ARxm8mRHPKCWW3J2rSBgZ5aDIFC8h
uLh8UeVuAlw/rczm6cCCRylKfpRiFFYEXLqbOSHdTHGoZRLKYPR5ucntPLeYbclj
KYrbsEGo63i1qHJv46lOpR5HdPPjgtRBfpghFM9Idl6M1J35ACefQskXKy04mzhE
6cwhJRe4oDMj6GnHIrWKWIGSges3+GzxmYD5AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUYdP5v0Zr9Zu3AdHhPGmKj74FqYswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lkUDV2MFpyOVp1M0Fk
SGhQR21Lajc0RnFZcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADPknNI0SA6paMyp
1F3CKYaKryRcxuNYuY8IewLOm0pWMpOqNquZtc/Pp3E0rOeJZ0BJuoyLpA3gRZhq
RoCyDDdnxtyJ91GBxs/uNV43LE4MDTpysv4UnEbAw8M6M/fkANYkOqKxeFY6J6xj
3W6aGH+J7zlztHSSBUSxtdmQ9F8rsn0lOn0rzozRX0H9J+IXRsw0L0/5TA732G4l
AZZVABSaVYomSynK9RC+NnPp/FgycfBG1ZpXWrQcVvMQvUrkJGpA6p7FIxcFaVs+
72/kllrQNNNlIGGpsdhHqVP+R1wq473S2TBcymP3Pr6+vClQuorhIIcrH7xks7iy
y7lhzoo=
-----END CERTIFICATE-----
Generated at Mon Apr 29 19:13:36 2024 by rpki-client on console.sobornost.net