Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gffRwu6abfvwDYL0FDkiIQS0-s0.roa
File: gffRwu6abfvwDYL0FDkiIQS0-s0.roa (raw, json)
Hash identifier: m1v/Chp6aaljqUZid2ssuRLCkeho/mMeY1lcv2Rr+to=
Subject key identifier: 81:F7:D1:C2:EE:9A:6D:FB:F0:0D:82:F4:14:39:22:21:04:B4:FA:CD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3CBD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gffRwu6abfvwDYL0FDkiIQS0-s0.roa
Signing time: Tue 09 Apr 2024 13:52:40 +0000
ROA not before: Tue 09 Apr 2024 13:52:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15549 (0x3cbd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 13:52:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=81F7D1C2EE9A6DFBF00D82F41439222104B4FACD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:a8:6a:ce:3f:97:c3:f2:98:23:fd:0c:47:99:
8e:26:21:7c:00:4a:c1:ef:6d:db:a7:3f:b1:8e:3c:
de:24:a2:15:16:2a:22:15:60:a7:a0:6d:ad:02:ba:
75:95:2b:95:a8:a1:3a:91:fd:06:d8:1f:17:6f:fc:
a1:c3:ed:52:dc:90:7a:66:1e:45:a5:1c:a8:bd:dc:
b2:0a:a2:c9:3e:95:07:f7:98:94:4a:94:cf:36:7e:
45:f7:a3:06:d6:52:33:51:5c:e0:99:e3:3e:3a:80:
0d:45:04:99:bb:7e:45:92:fe:e0:9d:30:66:e3:ed:
f0:ee:b0:04:25:ad:59:41:d8:26:b3:4d:84:d3:cd:
ee:88:60:a5:14:a1:43:11:a6:a5:65:e8:7c:1a:c1:
a8:2f:be:6b:85:93:09:1f:c6:13:03:1f:36:5b:28:
30:68:b4:45:0c:6e:f2:47:59:5b:ac:7a:cd:ca:6e:
da:37:ae:6f:2f:8c:7f:d0:e4:c8:31:f1:13:05:ea:
e0:c2:c5:6d:65:7b:c6:bf:20:10:60:c3:a3:34:62:
e0:1d:22:f7:69:72:71:22:ce:5c:49:92:94:0e:3b:
04:e2:bb:a1:54:b2:14:99:13:d9:96:7b:71:95:50:
6c:23:bf:99:64:cf:eb:d9:8c:75:dd:d6:ca:e9:07:
13:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:F7:D1:C2:EE:9A:6D:FB:F0:0D:82:F4:14:39:22:21:04:B4:FA:CD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gffRwu6abfvwDYL0FDkiIQS0-s0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
1c:b8:cf:84:e0:46:fb:80:96:c0:a8:e0:4f:b2:e4:12:7b:f3:
dc:35:17:d8:76:52:07:8a:ba:80:03:ec:ef:24:ae:3a:a8:77:
52:0b:ee:0d:e9:4e:86:ef:57:29:72:8d:76:fd:a8:7e:a5:9e:
7d:30:56:7a:14:66:bf:8f:75:75:1c:13:a4:77:08:a0:5c:3d:
72:d9:be:ef:b5:14:08:e5:94:6f:05:8b:1b:bf:6b:07:43:c2:
ea:d1:0b:f9:8b:b3:95:64:0f:91:22:7c:27:89:61:e4:3c:c3:
49:78:0f:e1:f9:ed:76:83:dd:29:3f:88:41:ba:3b:7f:23:73:
78:28:69:c2:ad:09:71:97:bf:10:56:3a:4a:eb:65:ac:cd:90:
17:d1:86:82:33:5c:e4:e0:6b:38:90:19:7c:64:52:8d:85:8c:
c5:14:30:3c:8d:26:7b:b2:6b:07:bd:6a:d4:61:4a:c6:c2:2b:
bb:85:69:59:b4:e8:cf:16:47:c0:3d:df:a5:3b:d7:38:71:a2:
79:61:37:ef:73:ef:15:a4:e0:27:bf:1a:3d:ff:70:62:5c:a5:
d0:e0:28:dc:89:cb:0a:f5:63:00:cc:0f:c4:bf:68:7c:d9:94:
c1:04:6f:ca:1a:59:61:84:d5:62:4e:7e:97:fe:9f:04:3c:ae:
3a:94:72:8f
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPL0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkx
MzUyNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgxRjdEMUMyRUU5QTZE
RkJGMDBEODJGNDE0MzkyMjIxMDRCNEZBQ0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbqGrOP5fD8pgj/QxHmY4mIXwASsHvbdunP7GOPN4kohUWKiIV
YKegba0CunWVK5WooTqR/QbYHxdv/KHD7VLckHpmHkWlHKi93LIKosk+lQf3mJRK
lM82fkX3owbWUjNRXOCZ4z46gA1FBJm7fkWS/uCdMGbj7fDusAQlrVlB2CazTYTT
ze6IYKUUoUMRpqVl6HwawagvvmuFkwkfxhMDHzZbKDBotEUMbvJHWVuses3Kbto3
rm8vjH/Q5Mgx8RMF6uDCxW1le8a/IBBgw6M0YuAdIvdpcnEizlxJkpQOOwTiu6FU
shSZE9mWe3GVUGwjv5lkz+vZjHXd1srpBxN9AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUgffRwu6abfvwDYL0FDkiIQS0+s0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2dmZlJ3dTZhYmZ2d0RZ
TDBGRGtpSVFTMC1zMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABy4z4TgRvuAlsCo
4E+y5BJ789w1F9h2UgeKuoAD7O8krjqod1IL7g3pTobvVylyjXb9qH6lnn0wVnoU
Zr+PdXUcE6R3CKBcPXLZvu+1FAjllG8Fixu/awdDwurRC/mLs5VkD5EifCeJYeQ8
w0l4D+H57XaD3Sk/iEG6O38jc3goacKtCXGXvxBWOkrrZazNkBfRhoIzXOTgaziQ
GXxkUo2FjMUUMDyNJnuyawe9atRhSsbCK7uFaVm06M8WR8A936U71zhxonlhN+9z
7xWk4Ce/Gj3/cGJcpdDgKNyJywr1YwDMD8S/aHzZlMEEb8oaWWGE1WJOfpf+nwQ8
rjqUco8=
-----END CERTIFICATE-----
Generated at Tue Apr 9 20:29:13 2024 by rpki-client on console.sobornost.net