Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hb2drlYLwngwFTBqsKA6bT9h3J0.roa
File: hb2drlYLwngwFTBqsKA6bT9h3J0.roa (raw, json)
Hash identifier: YIIb81Q/ih0ggxkN31nOIr9FishQCx2/HDkQK1NqlLo=
Subject key identifier: 85:BD:9D:AE:56:0B:C2:78:30:15:30:6A:B0:A0:3A:6D:3F:61:DC:9D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4EDD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hb2drlYLwngwFTBqsKA6bT9h3J0.roa
Signing time: Fri 03 May 2024 17:53:45 +0000
ROA not before: Fri 03 May 2024 17:53:45 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20189 (0x4edd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 17:53:45 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=85BD9DAE560BC2783015306AB0A03A6D3F61DC9D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:2c:49:61:85:a9:e1:66:58:37:5e:4e:0c:2c:
9c:9c:a5:92:be:f3:58:e3:75:23:62:c8:36:d9:a0:
dc:d8:fa:3d:27:a9:24:b6:be:86:8f:eb:15:f8:cf:
82:42:b4:5e:77:d3:79:2b:c7:07:f4:11:2f:ed:f2:
aa:7f:76:6e:7d:5f:b5:1c:ac:f0:e4:9b:f8:28:3c:
a7:3e:7e:16:75:eb:70:99:8e:29:ea:34:8e:68:42:
54:00:c5:b8:51:3d:38:c1:2d:e0:64:44:00:8d:24:
f4:73:55:7c:cd:b7:b0:ec:ba:7e:b5:01:55:26:7d:
1b:0c:fa:b8:56:d8:29:e9:b7:88:f0:f7:1c:b0:b8:
68:a0:81:be:7b:a8:14:82:0d:dd:5d:2c:b0:bc:72:
4d:d5:99:d9:15:dd:31:e2:b8:19:a9:45:7a:c7:59:
2b:08:91:9e:55:73:65:25:75:8d:46:b4:08:07:10:
32:c3:df:ba:22:cb:53:d9:0f:ab:36:15:bf:83:1b:
73:8f:8a:c4:4e:e8:39:c0:6b:2f:0b:8b:f0:48:f8:
05:6d:31:77:5f:86:03:62:25:0b:e4:cd:3b:92:0a:
d6:04:a4:e3:2c:84:cd:31:e0:d8:17:93:44:75:81:
78:ac:1b:0a:43:95:51:e0:40:35:19:26:7b:2a:f3:
60:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:BD:9D:AE:56:0B:C2:78:30:15:30:6A:B0:A0:3A:6D:3F:61:DC:9D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hb2drlYLwngwFTBqsKA6bT9h3J0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
6e:3f:94:93:83:39:37:70:82:30:0a:c8:25:3b:32:76:b4:92:
31:ee:75:48:8a:fb:5a:08:16:d1:93:28:42:c0:5d:e4:09:7f:
50:f7:53:9c:01:96:a4:f4:56:10:fc:26:81:57:97:75:40:78:
30:3c:b7:d9:0d:25:d3:17:dc:65:95:09:df:39:15:99:70:9d:
2c:c7:8d:fc:d9:f3:d4:92:24:df:23:0d:38:23:31:1e:57:6a:
83:54:a0:de:ea:08:19:04:d3:0d:1b:08:0f:53:fe:50:67:4a:
d9:fc:7b:10:c2:b4:5f:dc:54:91:94:1a:48:13:c0:2e:81:cb:
6e:c9:e7:71:e8:26:42:99:86:c5:de:38:c8:26:91:90:9c:2b:
0f:e1:ab:b9:92:0e:1d:6b:42:eb:6d:dc:22:76:b3:a8:87:81:
2f:b5:48:04:6b:54:39:ca:0b:a9:bd:8a:ac:9b:30:91:64:37:
25:79:a7:ef:ce:d7:ee:f3:2b:a9:96:12:1f:de:be:d8:ef:f8:
e6:56:e5:f9:ae:a7:1d:3c:c6:84:4a:ab:6f:fa:e3:32:dc:f9:
cd:63:88:ba:ca:d9:2a:cc:ea:e5:04:a5:35:56:eb:af:c8:80:
a1:24:1e:1c:74:a6:03:41:b7:ed:25:80:15:1e:ce:b5:02:62:
fc:27:17:76
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTt0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMx
NzUzNDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg1QkQ5REFFNTYwQkMy
NzgzMDE1MzA2QUIwQTAzQTZEM0Y2MURDOUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKLElhhanhZlg3Xk4MLJycpZK+81jjdSNiyDbZoNzY+j0nqSS2
voaP6xX4z4JCtF5303krxwf0ES/t8qp/dm59X7UcrPDkm/goPKc+fhZ163CZjinq
NI5oQlQAxbhRPTjBLeBkRACNJPRzVXzNt7Dsun61AVUmfRsM+rhW2Cnpt4jw9xyw
uGiggb57qBSCDd1dLLC8ck3VmdkV3THiuBmpRXrHWSsIkZ5Vc2UldY1GtAgHEDLD
37oiy1PZD6s2Fb+DG3OPisRO6DnAay8Li/BI+AVtMXdfhgNiJQvkzTuSCtYEpOMs
hM0x4NgXk0R1gXisGwpDlVHgQDUZJnsq82ALAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUhb2drlYLwngwFTBqsKA6bT9h3J0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hiMmRybFlMd25nd0ZU
QnFzS0E2YlQ5aDNKMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAG4/lJODOTdwgjAK
yCU7Mna0kjHudUiK+1oIFtGTKELAXeQJf1D3U5wBlqT0VhD8JoFXl3VAeDA8t9kN
JdMX3GWVCd85FZlwnSzHjfzZ89SSJN8jDTgjMR5XaoNUoN7qCBkE0w0bCA9T/lBn
Stn8exDCtF/cVJGUGkgTwC6By27J53HoJkKZhsXeOMgmkZCcKw/hq7mSDh1rQutt
3CJ2s6iHgS+1SARrVDnKC6m9iqybMJFkNyV5p+/O1+7zK6mWEh/evtjv+OZW5fmu
px08xoRKq2/64zLc+c1jiLrK2SrM6uUEpTVW66/IgKEkHhx0pgNBt+0lgBUezrUC
YvwnF3Y=
-----END CERTIFICATE-----
Generated at Fri May 3 23:21:24 2024 by rpki-client on console.sobornost.net