Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_4I1ec0zI1LAX4OW1FI_9k3_Cqs.roa
File: _4I1ec0zI1LAX4OW1FI_9k3_Cqs.roa (raw, json)
Hash identifier: 5n9btJOOkIewLOCPmmJOles61IkkOdsSYkBSqNvitLw=
Subject key identifier: FF:82:35:79:CD:33:23:52:C0:5F:83:96:D4:52:3F:F6:4D:FF:0A:AB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C75
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_4I1ec0zI1LAX4OW1FI_9k3_Cqs.roa
Signing time: Tue 30 Apr 2024 12:53:34 +0000
ROA not before: Tue 30 Apr 2024 12:53:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19573 (0x4c75)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 12:53:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FF823579CD332352C05F8396D4523FF64DFF0AAB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:a2:09:c0:63:f9:2b:03:fd:7a:65:27:15:13:
67:9e:92:54:66:80:c3:40:84:3a:93:4c:41:97:68:
22:06:f2:6e:db:a9:9d:1c:16:9b:76:20:98:f3:14:
99:d9:79:f2:46:c7:87:4c:0d:10:83:95:f3:36:be:
97:af:97:d4:28:e1:89:4c:d9:6a:7b:5f:0c:da:3a:
24:bd:9a:ca:2f:56:a2:db:38:dd:62:5c:52:12:a9:
1c:50:91:99:9f:38:28:c9:6a:60:5e:27:2c:36:e0:
03:29:17:ab:c2:29:5a:69:25:28:86:be:61:c3:e2:
fd:9e:17:c7:d4:2d:ee:c2:ec:50:44:85:32:5c:9e:
d3:f3:ad:44:d4:56:f9:64:79:70:2e:b5:14:66:70:
70:cf:52:96:91:20:8e:1e:2b:9b:79:22:6c:22:61:
cd:97:a0:3d:8c:4d:68:4b:fa:d5:d6:94:75:ae:cb:
e0:44:0f:ab:1f:1d:d1:62:09:4c:38:2c:bf:a4:04:
fd:2f:5f:38:1c:25:27:85:8d:49:f2:4b:d9:db:aa:
b6:22:cd:16:aa:39:7f:5a:f5:3d:b2:12:c0:8a:26:
ef:29:9a:b2:6e:8b:97:f6:14:a6:75:59:d8:0c:f9:
cf:35:cd:26:c2:d8:5a:19:23:86:b3:6d:95:e0:25:
a2:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:82:35:79:CD:33:23:52:C0:5F:83:96:D4:52:3F:F6:4D:FF:0A:AB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_4I1ec0zI1LAX4OW1FI_9k3_Cqs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b8:11:ac:2d:78:91:1d:df:ad:82:2d:97:9d:58:10:a0:0f:65:
12:7f:fa:3b:a0:70:39:65:cc:ab:8a:d4:67:37:46:67:de:0d:
53:ea:6a:a3:d6:67:42:e6:81:71:ea:64:2d:17:51:0e:4f:7a:
c0:83:17:ba:61:6a:a2:6a:12:81:5e:20:cf:1f:48:31:25:bb:
74:24:82:d0:7a:2a:dd:be:27:7d:90:2f:f5:f2:f1:8e:92:80:
26:e3:fa:45:57:6f:21:4c:6e:b0:4f:4a:3a:fd:d0:47:80:f4:
fb:51:e5:3f:9c:aa:0e:6f:cd:39:bb:e8:01:cb:b5:9e:8b:04:
ac:f4:fb:b2:0e:e0:a6:00:56:a6:84:4c:4a:de:f0:f5:98:f4:
ed:f4:71:6c:22:70:57:79:4d:9e:bb:3c:98:34:60:11:91:c3:
f2:1c:9d:50:8c:48:ed:77:98:06:7b:e7:ca:6b:92:2f:96:89:
f6:ae:22:40:6d:e7:5a:d6:00:30:04:a5:67:88:1d:d0:af:44:
f7:46:6a:ab:eb:15:c0:7d:93:16:49:bd:5f:e8:c0:57:79:93:
4f:c9:bb:44:62:2e:27:b7:3a:d4:97:ef:8d:8c:ad:7c:dc:62:
64:43:83:74:a2:35:f3:dd:02:fd:4b:18:c0:35:11:e5:51:8f:
de:7b:01:a7
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTHUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAx
MjUzMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZGODIzNTc5Q0QzMzIz
NTJDMDVGODM5NkQ0NTIzRkY2NERGRjBBQUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKognAY/krA/16ZScVE2eeklRmgMNAhDqTTEGXaCIG8m7bqZ0c
Fpt2IJjzFJnZefJGx4dMDRCDlfM2vpevl9Qo4YlM2Wp7XwzaOiS9msovVqLbON1i
XFISqRxQkZmfOCjJamBeJyw24AMpF6vCKVppJSiGvmHD4v2eF8fULe7C7FBEhTJc
ntPzrUTUVvlkeXAutRRmcHDPUpaRII4eK5t5ImwiYc2XoD2MTWhL+tXWlHWuy+BE
D6sfHdFiCUw4LL+kBP0vXzgcJSeFjUnyS9nbqrYizRaqOX9a9T2yEsCKJu8pmrJu
i5f2FKZ1WdgM+c81zSbC2FoZI4azbZXgJaK7AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU/4I1ec0zI1LAX4OW1FI/9k3/CqswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L180STFlYzB6STFMQVg0
T1cxRklfOWszX0Nxcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALgRrC14kR3frYIt
l51YEKAPZRJ/+jugcDllzKuK1Gc3RmfeDVPqaqPWZ0LmgXHqZC0XUQ5PesCDF7ph
aqJqEoFeIM8fSDElu3QkgtB6Kt2+J32QL/Xy8Y6SgCbj+kVXbyFMbrBPSjr90EeA
9PtR5T+cqg5vzTm76AHLtZ6LBKz0+7IO4KYAVqaETEre8PWY9O30cWwicFd5TZ67
PJg0YBGRw/IcnVCMSO13mAZ758prki+WifauIkBt51rWADAEpWeIHdCvRPdGaqvr
FcB9kxZJvV/owFd5k0/Ju0RiLie3OtSX742MrXzcYmRDg3SiNfPdAv1LGMA1EeVR
j957Aac=
-----END CERTIFICATE-----
Generated at Tue Apr 30 16:38:53 2024 by rpki-client on console.sobornost.net