Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/aKpWkNXesAelFUWcTvHqfHb947M.roa
File: aKpWkNXesAelFUWcTvHqfHb947M.roa (raw, json)
Hash identifier: 6rKUcqs0T+7ZhGPKX8xQ93eoiNFEr1Jxjtw/wkDRM5I=
Subject key identifier: 68:AA:56:90:D5:DE:B0:07:A5:15:45:9C:4E:F1:EA:7C:76:FD:E3:B3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E25
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aKpWkNXesAelFUWcTvHqfHb947M.roa
Signing time: Thu 11 Apr 2024 10:52:46 +0000
ROA not before: Thu 11 Apr 2024 10:52:46 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15909 (0x3e25)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 10:52:46 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=68AA5690D5DEB007A515459C4EF1EA7C76FDE3B3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:d9:85:eb:fb:a9:79:fb:b9:bd:f6:e1:25:26:
ad:5e:6a:59:da:a1:e1:1b:60:5a:a8:56:95:d2:45:
11:30:a9:7a:d8:53:67:8e:5b:a0:d9:a9:3d:c6:18:
37:f5:17:d0:71:5f:a3:21:1f:2d:38:af:68:20:d4:
39:32:a4:bd:22:d1:2a:7a:7b:b3:af:10:1d:17:84:
da:46:a7:14:46:fb:ab:81:10:75:2d:0e:75:e0:e8:
fb:92:93:70:63:83:66:2b:32:7c:5c:4d:b9:d8:8f:
aa:23:9c:fb:5e:ef:b4:d6:04:82:95:21:f3:61:8a:
f5:d9:a1:41:e0:c6:29:c5:5b:0e:ef:75:58:78:e3:
ea:d9:e2:75:50:c8:68:77:e2:f3:40:3c:b9:d6:ae:
b3:29:5c:cb:3a:00:38:05:8d:97:ef:da:6d:04:aa:
bc:c6:ea:b7:92:14:86:05:48:c8:11:52:97:8a:e9:
88:83:58:01:9b:2b:19:6e:87:b8:ca:e5:89:d2:ef:
8c:90:4e:80:3a:91:43:d6:4d:b2:52:4f:d8:98:b6:
9f:9b:fe:02:94:85:a1:9f:d1:77:50:88:e4:71:fe:
7e:a4:7d:2d:df:f2:d9:b2:93:2e:60:db:0d:d2:68:
75:58:e7:de:3e:72:47:9b:32:9e:ed:0e:59:18:7f:
2f:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:AA:56:90:D5:DE:B0:07:A5:15:45:9C:4E:F1:EA:7C:76:FD:E3:B3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aKpWkNXesAelFUWcTvHqfHb947M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
17:47:b4:c8:ba:e3:49:b1:e2:c8:01:73:33:69:e4:d8:bc:34:
51:1b:30:98:d9:ef:f2:e9:d7:10:bb:2b:41:f5:4a:cb:01:43:
4c:7f:c7:73:c3:91:c7:9b:fc:cc:81:c3:14:8a:52:4a:a6:91:
e4:a8:58:ac:1f:2e:9b:60:24:c4:9f:cb:a3:a5:a5:44:42:e1:
be:18:47:b7:6f:f0:1e:60:3f:1e:47:34:fa:b9:44:fd:c0:20:
99:b4:65:0b:59:47:2f:20:1b:39:21:81:83:0f:4f:aa:3b:a4:
bf:5b:78:3b:fd:0f:06:13:07:e8:1d:7a:3c:4a:ad:1f:6c:99:
9a:40:22:7d:bc:2e:3e:e0:72:f0:b5:f4:5b:26:59:64:48:f0:
17:19:79:ad:4d:ad:a6:c8:77:5c:78:dc:a1:7b:50:8a:9a:e2:
97:c5:77:92:af:59:49:a6:84:56:da:94:37:1a:4f:dc:1a:32:
b3:15:c3:91:9c:c9:38:55:12:66:87:30:10:d6:0c:bc:b1:96:
f5:79:ab:60:2b:d3:49:07:07:d0:39:c8:b3:14:08:48:2e:3a:
0f:ed:3c:1e:ea:e8:e2:e7:03:75:4d:46:fc:fc:01:0c:b3:c5:
ea:99:09:ef:70:13:8d:08:8f:a0:fc:6f:f7:c1:cd:d9:e1:c0:
81:60:1c:6b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPiUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEx
MDUyNDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY4QUE1NjkwRDVERUIw
MDdBNTE1NDU5QzRFRjFFQTdDNzZGREUzQjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDn2YXr+6l5+7m99uElJq1ealnaoeEbYFqoVpXSRREwqXrYU2eO
W6DZqT3GGDf1F9BxX6MhHy04r2gg1DkypL0i0Sp6e7OvEB0XhNpGpxRG+6uBEHUt
DnXg6PuSk3Bjg2YrMnxcTbnYj6ojnPte77TWBIKVIfNhivXZoUHgxinFWw7vdVh4
4+rZ4nVQyGh34vNAPLnWrrMpXMs6ADgFjZfv2m0EqrzG6reSFIYFSMgRUpeK6YiD
WAGbKxluh7jK5YnS74yQToA6kUPWTbJST9iYtp+b/gKUhaGf0XdQiORx/n6kfS3f
8tmyky5g2w3SaHVY594+ckebMp7tDlkYfy8dAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUaKpWkNXesAelFUWcTvHqfHb947MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2FLcFdrTlhlc0FlbEZV
V2NUdkhxZkhiOTQ3TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABdHtMi640mx4sgB
czNp5Ni8NFEbMJjZ7/Lp1xC7K0H1SssBQ0x/x3PDkceb/MyBwxSKUkqmkeSoWKwf
LptgJMSfy6OlpURC4b4YR7dv8B5gPx5HNPq5RP3AIJm0ZQtZRy8gGzkhgYMPT6o7
pL9beDv9DwYTB+gdejxKrR9smZpAIn28Lj7gcvC19FsmWWRI8BcZea1NrabId1x4
3KF7UIqa4pfFd5KvWUmmhFbalDcaT9waMrMVw5GcyThVEmaHMBDWDLyxlvV5q2Ar
00kHB9A5yLMUCEguOg/tPB7q6OLnA3VNRvz8AQyzxeqZCe9wE40Ij6D8b/fBzdnh
wIFgHGs=
-----END CERTIFICATE-----
Generated at Thu Apr 11 17:36:05 2024 by rpki-client on console.sobornost.net