Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/haARxXp4X457tvLuUs6fHfQvfdE.roa
File: haARxXp4X457tvLuUs6fHfQvfdE.roa (raw, json)
Hash identifier: lxtE5l7lXOd/8ZJGgkdt6frrbaWHPZb2bRwVsJNu8aM=
Subject key identifier: 85:A0:11:C5:7A:78:5F:8E:7B:B6:F2:EE:52:CE:9F:1D:F4:2F:7D:D1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4131
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/haARxXp4X457tvLuUs6fHfQvfdE.roa
Signing time: Mon 15 Apr 2024 12:22:53 +0000
ROA not before: Mon 15 Apr 2024 12:22:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16689 (0x4131)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 12:22:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=85A011C57A785F8E7BB6F2EE52CE9F1DF42F7DD1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:2b:9e:cf:e8:25:ef:6f:52:e3:ff:65:71:fc:
ff:e1:6f:07:98:2d:4c:91:7e:43:7d:65:6c:69:b3:
ad:cd:16:0a:a6:8e:a3:77:7c:1b:4a:ff:d6:7f:65:
a6:d9:a0:81:97:89:d3:8e:4a:5e:5a:2f:30:04:78:
00:47:01:52:ca:9f:c8:ee:45:47:b6:1c:72:71:27:
52:97:d6:07:0a:dc:ec:f4:41:e5:a7:aa:62:4c:5e:
74:f5:3a:14:f1:a8:4b:98:a1:58:ba:94:25:f5:a8:
66:9a:d4:bf:de:5b:ba:b2:c5:47:f4:ac:bd:a9:41:
19:b0:16:d3:2f:6c:05:b3:5a:83:ae:9c:77:a0:07:
cb:7c:15:ff:7b:81:c2:bf:aa:ca:a3:96:b1:f1:43:
1c:43:7c:58:94:24:d7:2f:9f:91:0d:8c:d2:2e:d6:
cc:17:fa:12:92:45:2e:02:55:a6:38:f0:7c:6c:ce:
b7:ce:d8:0f:ef:0a:d6:17:fe:a3:0e:8a:b1:4f:26:
2a:80:c1:d9:41:74:b8:a1:c4:0c:2b:d5:31:25:66:
05:ea:e0:7b:91:8b:8f:8f:8d:c4:f8:cc:78:46:bf:
45:94:b0:75:70:24:90:15:cc:65:69:b9:89:17:6a:
ec:cb:29:3c:a0:da:21:b6:82:2f:f8:b6:92:ab:6c:
c5:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:A0:11:C5:7A:78:5F:8E:7B:B6:F2:EE:52:CE:9F:1D:F4:2F:7D:D1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/haARxXp4X457tvLuUs6fHfQvfdE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
35:13:52:40:86:6d:e6:07:d2:90:37:af:db:b3:59:88:2f:c1:
33:84:65:d5:df:5b:f4:60:32:56:e3:19:93:67:ce:a7:0c:02:
22:96:ae:74:29:6a:f5:99:ab:14:6d:46:c2:eb:f8:ed:51:fd:
f7:7a:4a:2f:df:ff:89:72:65:c8:90:f5:47:5b:62:9a:0e:53:
1e:41:57:d0:5f:63:a0:7c:10:e7:dc:3b:f9:f9:3b:da:a4:18:
60:9a:0c:24:17:cc:8b:c7:16:f0:a8:5e:3e:88:cc:0d:32:8a:
d6:b7:bc:9a:40:3d:a0:51:c8:da:f6:dc:a6:cc:a2:9d:78:3d:
08:40:0b:ba:90:ae:45:df:69:3d:e4:20:1e:64:be:28:1f:ef:
89:59:d0:6e:fa:33:a0:f3:a6:3e:23:e8:66:40:aa:93:11:3b:
c8:59:02:23:90:83:f9:4d:6a:f8:ba:ea:f2:1d:98:06:9b:2d:
2d:2c:60:10:db:ca:24:c8:ac:45:ff:ac:35:e4:5b:33:3c:c0:
62:e0:6b:1f:88:2d:10:6e:44:94:d5:5a:ae:50:ea:7b:a7:4b:
3a:cd:ed:af:72:6f:c6:d7:58:09:e3:58:b1:a7:e3:88:36:b3:
55:a2:1b:f9:6c:ff:5f:a5:bc:a8:be:d5:01:33:c1:e2:2a:a2:
11:1a:d5:7a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQTEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
MjIyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg1QTAxMUM1N0E3ODVG
OEU3QkI2RjJFRTUyQ0U5RjFERjQyRjdERDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBK57P6CXvb1Lj/2Vx/P/hbweYLUyRfkN9ZWxps63NFgqmjqN3
fBtK/9Z/ZabZoIGXidOOSl5aLzAEeABHAVLKn8juRUe2HHJxJ1KX1gcK3Oz0QeWn
qmJMXnT1OhTxqEuYoVi6lCX1qGaa1L/eW7qyxUf0rL2pQRmwFtMvbAWzWoOunHeg
B8t8Ff97gcK/qsqjlrHxQxxDfFiUJNcvn5ENjNIu1swX+hKSRS4CVaY48HxszrfO
2A/vCtYX/qMOirFPJiqAwdlBdLihxAwr1TElZgXq4HuRi4+PjcT4zHhGv0WUsHVw
JJAVzGVpuYkXauzLKTyg2iG2gi/4tpKrbMV1AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUhaARxXp4X457tvLuUs6fHfQvfdEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hhQVJ4WHA0WDQ1N3R2
THVVczZmSGZRdmZkRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADUTUkCGbeYH0pA3
r9uzWYgvwTOEZdXfW/RgMlbjGZNnzqcMAiKWrnQpavWZqxRtRsLr+O1R/fd6Si/f
/4lyZciQ9UdbYpoOUx5BV9BfY6B8EOfcO/n5O9qkGGCaDCQXzIvHFvCoXj6IzA0y
ita3vJpAPaBRyNr23KbMop14PQhAC7qQrkXfaT3kIB5kvigf74lZ0G76M6Dzpj4j
6GZAqpMRO8hZAiOQg/lNavi66vIdmAabLS0sYBDbyiTIrEX/rDXkWzM8wGLgax+I
LRBuRJTVWq5Q6nunSzrN7a9yb8bXWAnjWLGn44g2s1WiG/ls/1+lvKi+1QEzweIq
ohEa1Xo=
-----END CERTIFICATE-----
Generated at Mon Apr 15 19:41:48 2024 by rpki-client on console.sobornost.net