Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Yh4YflNpx_222zfnRZWGa9U8aUM.roa
File: Yh4YflNpx_222zfnRZWGa9U8aUM.roa (raw, json)
Hash identifier: 54r+nx9RVCen//87R+Xc+k+b7xhwD7v8FvuzPDDIzJQ=
Subject key identifier: 62:1E:18:7E:53:69:C7:FD:B6:DB:37:E7:45:95:86:6B:D5:3C:69:43
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3FA5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Yh4YflNpx_222zfnRZWGa9U8aUM.roa
Signing time: Sat 13 Apr 2024 10:53:14 +0000
ROA not before: Sat 13 Apr 2024 10:53:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16293 (0x3fa5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 10:53:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=621E187E5369C7FDB6DB37E74595866BD53C6943
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:1a:bc:c3:47:a9:ba:05:a2:37:fe:1d:56:73:
45:d0:0f:df:b1:c8:a9:16:5f:d2:c4:71:10:79:9f:
3a:96:96:ed:5e:c4:97:4c:c9:40:23:33:e2:f8:c1:
96:85:2f:4b:52:6a:73:82:0f:86:d4:b7:19:0a:fc:
4d:26:b2:8f:a0:27:0b:7f:d0:1f:b8:01:4b:09:2a:
cd:f1:c8:ec:58:68:61:d4:af:c0:20:22:a4:b2:91:
3a:8e:ad:84:b1:5a:43:67:92:47:45:1c:70:a5:c8:
23:43:4e:7d:24:39:48:72:21:76:74:da:87:55:e3:
3d:b3:38:a8:26:d0:e1:bf:00:52:02:5e:80:c5:74:
63:95:56:32:9e:b4:86:a4:e8:d2:ac:4a:11:36:5b:
a3:0b:d5:62:a0:89:1a:a1:a7:3e:9d:a1:73:c4:d6:
0d:58:90:22:84:98:93:db:a2:29:c6:eb:72:f7:f6:
16:53:58:86:d5:ac:a3:c7:c7:00:98:64:b7:a7:7d:
36:70:bd:f7:1a:66:06:f4:0c:02:59:75:44:76:94:
b1:85:fa:b6:8b:a3:25:19:8f:54:e2:bd:53:27:ed:
ed:54:34:7a:bd:16:9c:dc:43:90:2a:9e:3b:aa:b3:
8f:d4:f7:fd:6b:06:ba:c8:c2:d9:97:54:55:e6:60:
b7:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:1E:18:7E:53:69:C7:FD:B6:DB:37:E7:45:95:86:6B:D5:3C:69:43
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Yh4YflNpx_222zfnRZWGa9U8aUM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
20:a0:94:7a:0c:80:b0:27:e7:e3:8c:43:bc:ab:04:d7:17:29:
a1:df:0c:dd:83:d0:6e:a8:d9:68:d6:ac:e0:2e:f5:4f:da:84:
4a:49:a6:f1:ce:b2:32:d6:5d:ed:10:34:35:d7:bb:87:e1:13:
d7:1b:82:b9:6c:9d:2f:21:ef:78:3a:f2:b0:b8:dc:33:d1:72:
0a:83:5c:7e:00:82:a4:d1:a5:7c:33:1a:b1:b6:a3:86:3f:2e:
71:9b:c4:f9:b8:8f:a7:b9:54:7b:b4:39:54:96:ef:f1:97:82:
a1:43:f2:0d:4c:0a:48:c1:a5:c1:06:19:84:81:98:5d:63:26:
8a:fc:26:a3:59:c6:bf:3f:43:da:2d:a7:ff:b5:80:db:2d:7d:
89:0c:c7:d0:e2:b4:69:76:65:3c:20:c1:02:ee:eb:4a:e0:0b:
61:1e:30:18:7c:ac:3a:6f:55:88:b9:5b:27:b1:4d:49:9b:f3:
25:81:56:21:aa:c9:e3:04:73:99:4f:a3:f7:08:d7:55:01:c8:
25:4d:6e:6d:8d:bb:e2:05:69:47:33:7c:10:a1:77:11:49:d6:
63:ef:3a:ac:bc:b6:7a:86:05:8b:37:37:79:a4:a9:ee:fa:28:
60:36:1b:e1:5e:87:f8:f6:00:c6:f8:8a:40:ec:d5:97:4d:c2:
f5:96:d5:62
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICP6UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMx
MDUzMTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYyMUUxODdFNTM2OUM3
RkRCNkRCMzdFNzQ1OTU4NjZCRDUzQzY5NDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLGrzDR6m6BaI3/h1Wc0XQD9+xyKkWX9LEcRB5nzqWlu1exJdM
yUAjM+L4wZaFL0tSanOCD4bUtxkK/E0mso+gJwt/0B+4AUsJKs3xyOxYaGHUr8Ag
IqSykTqOrYSxWkNnkkdFHHClyCNDTn0kOUhyIXZ02odV4z2zOKgm0OG/AFICXoDF
dGOVVjKetIak6NKsShE2W6ML1WKgiRqhpz6doXPE1g1YkCKEmJPboinG63L39hZT
WIbVrKPHxwCYZLenfTZwvfcaZgb0DAJZdUR2lLGF+raLoyUZj1TivVMn7e1UNHq9
FpzcQ5Aqnjuqs4/U9/1rBrrIwtmXVFXmYLcvAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUYh4YflNpx/222zfnRZWGa9U8aUMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1loNFlmbE5weF8yMjJ6
Zm5SWldHYTlVOGFVTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACCglHoMgLAn5+OM
Q7yrBNcXKaHfDN2D0G6o2WjWrOAu9U/ahEpJpvHOsjLWXe0QNDXXu4fhE9cbgrls
nS8h73g68rC43DPRcgqDXH4AgqTRpXwzGrG2o4Y/LnGbxPm4j6e5VHu0OVSW7/GX
gqFD8g1MCkjBpcEGGYSBmF1jJor8JqNZxr8/Q9otp/+1gNstfYkMx9DitGl2ZTwg
wQLu60rgC2EeMBh8rDpvVYi5WyexTUmb8yWBViGqyeMEc5lPo/cI11UByCVNbm2N
u+IFaUczfBChdxFJ1mPvOqy8tnqGBYs3N3mkqe76KGA2G+Feh/j2AMb4ikDs1ZdN
wvWW1WI=
-----END CERTIFICATE-----
Generated at Sat Apr 13 17:22:19 2024 by rpki-client on console.sobornost.net