Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gfLDzGb0aOEbdnW-fXUm9Qs3sOg.roa
File: gfLDzGb0aOEbdnW-fXUm9Qs3sOg.roa (raw, json)
Hash identifier: q6fM4tOr112vQ8a08SnI/PtfixpDSQQYMK7OBx1e6kE=
Subject key identifier: 81:F2:C3:CC:66:F4:68:E1:1B:76:75:BE:7D:75:26:F5:0B:37:B0:E8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A15
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gfLDzGb0aOEbdnW-fXUm9Qs3sOg.roa
Signing time: Sat 27 Apr 2024 08:53:24 +0000
ROA not before: Sat 27 Apr 2024 08:53:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18965 (0x4a15)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 08:53:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=81F2C3CC66F468E11B7675BE7D7526F50B37B0E8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:10:0c:4f:c5:ba:03:8d:e3:5a:69:e7:18:f9:
c2:e0:6b:eb:ec:a7:3f:c9:e9:4b:a8:53:ab:a3:33:
65:94:93:7c:9f:a1:af:a7:4a:6d:2a:5a:db:53:b3:
3b:d9:ac:02:f4:37:af:ef:aa:15:12:11:36:98:92:
0e:6a:00:1f:51:bb:c5:65:97:56:7c:32:93:ec:3b:
bd:b9:78:a3:ce:db:8c:8d:72:c5:01:b4:32:49:f7:
62:3d:f3:b0:e0:80:e9:fb:fe:61:61:c4:31:f5:04:
88:ac:66:fb:8a:ed:91:76:d0:b0:16:5d:08:e3:f8:
b0:6e:74:1c:a2:5f:e4:c9:51:d6:ef:7c:00:51:a2:
e2:53:38:40:26:5e:8b:9e:fa:fc:25:df:65:98:9a:
82:af:4d:eb:a8:b2:47:60:19:71:21:50:f9:c7:15:
1f:15:11:0a:0c:94:6a:be:30:84:60:4b:1d:1a:da:
16:95:8a:8a:3e:53:a6:75:5b:57:8a:c9:90:11:e0:
bb:21:cc:ee:7b:16:6b:06:dc:e2:b7:35:57:1b:15:
a1:0e:64:40:0a:14:97:57:40:02:a7:18:e4:3d:95:
76:f3:98:c4:c1:14:01:d2:15:69:cc:99:37:70:59:
69:f4:ef:3c:be:ed:9a:0c:41:d3:d8:35:52:e0:9c:
38:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:F2:C3:CC:66:F4:68:E1:1B:76:75:BE:7D:75:26:F5:0B:37:B0:E8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gfLDzGb0aOEbdnW-fXUm9Qs3sOg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
6f:8f:45:99:fb:a6:ad:9d:af:0c:be:d3:f9:0d:47:da:d5:eb:
ef:31:7f:a3:98:a2:28:83:66:4e:db:bf:8f:d0:cc:7d:7a:ab:
6d:80:9a:bc:a6:dd:47:91:e2:5e:03:4f:b6:e1:b6:d2:90:dd:
53:c5:e4:ba:87:34:40:14:8b:3e:7b:b3:28:82:ae:76:c2:07:
49:91:d2:f0:79:6e:16:b6:6b:40:6e:1f:b9:c6:1e:4b:84:dd:
c0:2c:d3:ac:b1:bb:a5:0f:44:7d:a0:93:66:e0:24:8c:01:f0:
3c:4d:01:fc:3a:c5:76:f1:6e:71:3b:f4:8f:2d:7d:4d:c0:eb:
aa:93:75:d4:58:54:a4:52:3a:34:88:af:6f:48:df:72:9e:00:
6b:8f:ff:c6:51:31:2e:9d:bd:ad:81:04:22:c7:1c:bc:12:a2:
f4:a7:95:38:6e:d6:ac:0e:7b:4a:7e:0a:17:fa:b2:ae:69:60:
46:37:b6:78:f6:ad:96:b9:04:56:06:7d:6b:37:9b:0c:bb:24:
8f:43:f3:9f:c9:6a:71:ba:66:19:5f:b5:69:c4:29:03:96:f7:
d9:45:ae:cd:a8:3c:4b:f6:a6:48:1e:c7:cd:e5:c9:7d:86:cc:
37:81:f7:55:32:d2:5c:a6:fc:1a:34:06:c5:84:7c:52:53:05:
9f:5f:43:27
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICShUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcw
ODUzMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgxRjJDM0NDNjZGNDY4
RTExQjc2NzVCRTdENzUyNkY1MEIzN0IwRTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6EAxPxboDjeNaaecY+cLga+vspz/J6UuoU6ujM2WUk3yfoa+n
Sm0qWttTszvZrAL0N6/vqhUSETaYkg5qAB9Ru8Vll1Z8MpPsO725eKPO24yNcsUB
tDJJ92I987DggOn7/mFhxDH1BIisZvuK7ZF20LAWXQjj+LBudByiX+TJUdbvfABR
ouJTOEAmXoue+vwl32WYmoKvTeuoskdgGXEhUPnHFR8VEQoMlGq+MIRgSx0a2haV
ioo+U6Z1W1eKyZAR4LshzO57FmsG3OK3NVcbFaEOZEAKFJdXQAKnGOQ9lXbzmMTB
FAHSFWnMmTdwWWn07zy+7ZoMQdPYNVLgnDiFAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUgfLDzGb0aOEbdnW+fXUm9Qs3sOgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2dmTER6R2IwYU9FYmRu
Vy1mWFVtOVFzM3NPZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAG+PRZn7pq2drwy+
0/kNR9rV6+8xf6OYoiiDZk7bv4/QzH16q22Amrym3UeR4l4DT7bhttKQ3VPF5LqH
NEAUiz57syiCrnbCB0mR0vB5bha2a0BuH7nGHkuE3cAs06yxu6UPRH2gk2bgJIwB
8DxNAfw6xXbxbnE79I8tfU3A66qTddRYVKRSOjSIr29I33KeAGuP/8ZRMS6dva2B
BCLHHLwSovSnlThu1qwOe0p+Chf6sq5pYEY3tnj2rZa5BFYGfWs3mwy7JI9D85/J
anG6ZhlftWnEKQOW99lFrs2oPEv2pkgex83lyX2GzDeB91Uy0lym/Bo0BsWEfFJT
BZ9fQyc=
-----END CERTIFICATE-----
Generated at Sat Apr 27 12:54:23 2024 by rpki-client on console.sobornost.net