Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fumR_ZJHS0S1FnCRhw64D7It0mk.roa
File: fumR_ZJHS0S1FnCRhw64D7It0mk.roa (raw, json)
Hash identifier: sECi9HC+VdmJylTyMapPR8N9Qc31mfC+ps2FYw1psF0=
Subject key identifier: 7E:E9:91:FD:92:47:4B:44:B5:16:70:91:87:0E:B8:0F:B2:2D:D2:69
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5419
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fumR_ZJHS0S1FnCRhw64D7It0mk.roa
Signing time: Fri 10 May 2024 17:24:28 +0000
ROA not before: Fri 10 May 2024 17:24:28 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21529 (0x5419)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 17:24:28 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7EE991FD92474B44B5167091870EB80FB22DD269
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:e3:f0:4c:ee:04:0e:c9:71:7b:db:26:f0:5f:
11:da:2f:d4:cb:5f:7f:b2:39:a3:7a:f6:58:bb:8a:
0a:0f:6b:92:0f:72:63:96:a6:ef:c1:22:a1:4b:20:
18:5b:e8:68:0f:8d:6b:b3:cf:e9:02:c9:bc:18:98:
76:bb:cf:b6:89:8a:2d:f0:15:62:c8:d2:bc:a5:cc:
65:65:1f:88:97:75:9d:8c:3b:0a:21:89:88:0a:ec:
86:3f:18:dd:5f:77:32:75:b5:1c:54:21:1c:40:8c:
9d:e9:64:a5:90:ab:f5:92:48:f0:59:30:80:fb:56:
48:69:12:1b:7b:1f:7b:92:7b:56:7c:d3:ad:7d:a4:
dc:74:fa:fc:9e:49:95:cc:79:ac:0f:4a:0b:55:f5:
6c:97:86:98:2c:64:6c:19:4b:c4:69:74:42:82:37:
8e:89:71:9a:ad:38:00:d9:31:11:5b:c5:cc:b2:ef:
53:34:01:96:a6:78:de:67:5f:fd:b9:df:46:8d:0e:
7b:78:d9:ff:d2:70:9a:8d:1f:1f:3b:ee:cc:c4:b8:
ca:36:95:46:2f:ca:cd:d5:44:0a:4e:f1:9e:f2:15:
7f:5f:aa:b2:84:d2:6b:25:77:48:73:76:ba:f0:0b:
a1:4b:59:c5:27:8e:ab:c4:63:38:04:c9:3b:fd:83:
c6:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:E9:91:FD:92:47:4B:44:B5:16:70:91:87:0E:B8:0F:B2:2D:D2:69
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fumR_ZJHS0S1FnCRhw64D7It0mk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
6e:46:9e:ee:ec:b9:66:99:45:12:05:ef:ba:70:32:a9:74:8a:
09:11:0a:a1:3b:ba:38:04:76:91:17:c6:f1:11:6d:f0:03:8c:
b6:dc:4d:df:9c:68:19:49:19:ef:6f:12:8f:e6:de:2f:2c:77:
fb:56:53:31:2c:e4:40:1c:d9:6f:b6:2b:51:a2:05:a0:06:cc:
7f:57:86:25:51:d0:1c:23:ec:de:ad:6e:bf:cc:bd:ae:7b:4d:
8f:36:02:53:a9:73:2c:59:4d:d4:c7:b2:98:c9:cc:c5:2a:e0:
1d:0c:dc:2a:ec:08:75:d7:f4:76:6f:d9:08:a1:38:34:b9:97:
3b:f4:c8:0f:c3:d2:0e:cb:45:26:21:6e:2b:4b:76:82:44:2c:
00:09:ad:e6:ae:bb:4e:ad:02:1f:3e:11:c9:e9:26:80:ae:e1:
78:88:39:34:c7:c4:4d:a1:73:3d:a4:93:52:ee:a8:d3:d0:37:
fc:f5:59:aa:24:be:d4:09:df:21:98:26:7c:8f:1a:5a:89:1c:
9f:94:5a:ff:dd:2c:7e:55:9c:15:db:a5:0a:9b:a3:83:f0:68:
7b:a1:1c:7e:e1:36:e7:67:0d:cf:9d:79:f3:c7:db:fc:4b:cc:
83:09:a9:82:14:d6:07:26:61:af:61:43:0a:fb:4e:83:7d:0e:
5b:66:f3:e7
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVBkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAx
NzI0MjhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdFRTk5MUZEOTI0NzRC
NDRCNTE2NzA5MTg3MEVCODBGQjIyREQyNjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDH4/BM7gQOyXF72ybwXxHaL9TLX3+yOaN69li7igoPa5IPcmOW
pu/BIqFLIBhb6GgPjWuzz+kCybwYmHa7z7aJii3wFWLI0rylzGVlH4iXdZ2MOwoh
iYgK7IY/GN1fdzJ1tRxUIRxAjJ3pZKWQq/WSSPBZMID7VkhpEht7H3uSe1Z80619
pNx0+vyeSZXMeawPSgtV9WyXhpgsZGwZS8RpdEKCN46JcZqtOADZMRFbxcyy71M0
AZameN5nX/2530aNDnt42f/ScJqNHx877szEuMo2lUYvys3VRApO8Z7yFX9fqrKE
0msld0hzdrrwC6FLWcUnjqvEYzgEyTv9g8abAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUfumR/ZJHS0S1FnCRhw64D7It0mkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2Z1bVJfWkpIUzBTMUZu
Q1JodzY0RDdJdDBtay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAG5Gnu7suWaZRRIF
77pwMql0igkRCqE7ujgEdpEXxvERbfADjLbcTd+caBlJGe9vEo/m3i8sd/tWUzEs
5EAc2W+2K1GiBaAGzH9XhiVR0Bwj7N6tbr/Mva57TY82AlOpcyxZTdTHspjJzMUq
4B0M3CrsCHXX9HZv2QihODS5lzv0yA/D0g7LRSYhbitLdoJELAAJreauu06tAh8+
EcnpJoCu4XiIOTTHxE2hcz2kk1LuqNPQN/z1WaokvtQJ3yGYJnyPGlqJHJ+UWv/d
LH5VnBXbpQqbo4PwaHuhHH7hNudnDc+defPH2/xLzIMJqYIU1gcmYa9hQwr7ToN9
Dltm8+c=
-----END CERTIFICATE-----
Generated at Fri May 10 21:04:12 2024 by rpki-client on console.sobornost.net