Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/evIHySZV_sxmVy22vqeLBJ3CnE8.roa
File: evIHySZV_sxmVy22vqeLBJ3CnE8.roa (raw, json)
Hash identifier: rzZulZqApBBtZMMF6aRhCK5Lj149gNSJPqyK/0dM0nk=
Subject key identifier: 7A:F2:07:C9:26:55:FE:CC:66:57:2D:B6:BE:A7:8B:04:9D:C2:9C:4F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3BF9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/evIHySZV_sxmVy22vqeLBJ3CnE8.roa
Signing time: Mon 08 Apr 2024 13:22:35 +0000
ROA not before: Mon 08 Apr 2024 13:22:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15353 (0x3bf9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 13:22:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7AF207C92655FECC66572DB6BEA78B049DC29C4F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:9d:ae:9b:5d:87:18:c5:6e:9b:89:c7:3e:e4:
01:44:62:e5:6e:17:19:68:c7:51:3d:fe:39:96:de:
34:25:fd:2e:21:78:68:ae:a1:0c:45:c6:91:a8:61:
30:b4:25:23:dc:26:94:6d:8f:ef:78:6e:98:89:77:
4e:a9:7b:97:19:93:98:1c:a0:29:32:d5:d3:12:44:
0d:18:b4:71:a4:6d:fb:fc:b6:cc:2f:a0:09:51:a3:
37:5c:d0:56:8e:45:81:37:26:d7:88:ae:f9:a8:ef:
c2:a5:73:a2:91:ec:a9:7e:86:22:19:91:d2:c5:67:
94:ad:c2:f6:33:70:7a:a0:52:a0:36:0e:0a:d9:82:
55:f1:4b:3a:0a:69:d8:b5:be:a6:4a:26:cb:b3:f9:
57:ec:60:ce:64:f7:9b:91:64:9b:b7:aa:0d:31:85:
f8:51:3c:d6:b8:e4:2a:ef:c8:99:29:c2:ae:06:ed:
a9:a5:6b:cf:6e:a3:4c:21:5c:8f:3c:27:6a:40:3d:
0f:6c:80:9e:ca:7f:4d:47:ce:2d:4c:ac:71:98:47:
cf:4e:91:4c:bc:3a:aa:58:82:1d:84:43:46:6e:86:
5f:61:ff:81:d2:ac:99:23:c8:e6:05:f6:cd:42:4a:
2f:75:6b:83:2f:aa:bd:a6:a3:f9:33:a2:5e:fd:91:
8c:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:F2:07:C9:26:55:FE:CC:66:57:2D:B6:BE:A7:8B:04:9D:C2:9C:4F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/evIHySZV_sxmVy22vqeLBJ3CnE8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
a5:79:02:ae:5a:c6:a7:0a:92:dd:bc:ba:6b:65:91:ef:90:46:
87:da:0d:98:1e:2c:26:4a:24:ca:ad:4d:8f:e8:f4:4c:2a:71:
7f:6c:64:e9:5c:4a:1e:7e:6e:75:74:f8:02:4f:e9:f5:94:ef:
62:3f:a5:0e:d6:ee:a8:9d:4f:ee:a4:6b:80:b9:c0:05:b0:24:
20:4c:74:14:de:e2:59:71:9b:82:3e:0a:03:d2:7c:07:5c:0d:
2e:f8:e3:59:f7:7c:c5:07:ba:03:9a:2b:1e:6f:2d:5f:6c:cb:
02:68:2a:81:32:c7:bc:27:ea:75:8f:60:45:72:60:18:67:d6:
4d:c2:40:ad:19:4a:fb:38:1c:60:02:c3:d4:08:b3:a6:37:02:
ab:a2:2b:bf:c1:84:c2:c6:ba:7a:a5:98:93:f5:0e:ff:ee:92:
db:4f:91:7f:64:d6:38:d9:7a:ed:44:21:d3:4f:54:57:3d:47:
c7:09:f8:db:b5:34:1b:1b:2c:c3:9d:94:33:42:70:5c:32:ee:
fa:dc:91:cb:a3:f8:8f:6f:6b:cd:d5:0c:53:36:d9:e6:d8:ca:
a0:6f:ac:a1:42:63:c5:48:b1:44:4a:fe:6e:f9:2d:ea:39:ab:
ce:d6:34:9e:8b:d2:b4:3c:85:31:eb:3b:ea:2e:71:6a:48:1f:
5f:cc:f7:33
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICO/kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgx
MzIyMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdBRjIwN0M5MjY1NUZF
Q0M2NjU3MkRCNkJFQTc4QjA0OURDMjlDNEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuna6bXYcYxW6bicc+5AFEYuVuFxlox1E9/jmW3jQl/S4heGiu
oQxFxpGoYTC0JSPcJpRtj+94bpiJd06pe5cZk5gcoCky1dMSRA0YtHGkbfv8tswv
oAlRozdc0FaORYE3JteIrvmo78Klc6KR7Kl+hiIZkdLFZ5StwvYzcHqgUqA2DgrZ
glXxSzoKadi1vqZKJsuz+VfsYM5k95uRZJu3qg0xhfhRPNa45CrvyJkpwq4G7aml
a89uo0whXI88J2pAPQ9sgJ7Kf01Hzi1MrHGYR89OkUy8OqpYgh2EQ0Zuhl9h/4HS
rJkjyOYF9s1CSi91a4Mvqr2mo/kzol79kYwtAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUevIHySZV/sxmVy22vqeLBJ3CnE8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2V2SUh5U1pWX3N4bVZ5
MjJ2cWVMQkozQ25FOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKV5Aq5axqcKkt28
umtlke+QRofaDZgeLCZKJMqtTY/o9EwqcX9sZOlcSh5+bnV0+AJP6fWU72I/pQ7W
7qidT+6ka4C5wAWwJCBMdBTe4llxm4I+CgPSfAdcDS7441n3fMUHugOaKx5vLV9s
ywJoKoEyx7wn6nWPYEVyYBhn1k3CQK0ZSvs4HGACw9QIs6Y3AquiK7/BhMLGunql
mJP1Dv/ukttPkX9k1jjZeu1EIdNPVFc9R8cJ+Nu1NBsbLMOdlDNCcFwy7vrckcuj
+I9va83VDFM22ebYyqBvrKFCY8VIsURK/m75Leo5q87WNJ6L0rQ8hTHrO+oucWpI
H1/M9zM=
-----END CERTIFICATE-----
Generated at Mon Apr 8 20:06:37 2024 by rpki-client on console.sobornost.net