Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/i9PPozeWOK7fwUqNMdOyb-nN8XE.roa
File: i9PPozeWOK7fwUqNMdOyb-nN8XE.roa (raw, json)
Hash identifier: Nc+9Hk2rXgmq82fFdF7WZnGZI+KORQHo2obO+AZmmB0=
Subject key identifier: 8B:D3:CF:A3:37:96:38:AE:DF:C1:4A:8D:31:D3:B2:6F:E9:CD:F1:71
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E15
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/i9PPozeWOK7fwUqNMdOyb-nN8XE.roa
Signing time: Thu 02 May 2024 16:53:42 +0000
ROA not before: Thu 02 May 2024 16:53:42 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19989 (0x4e15)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 16:53:42 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8BD3CFA3379638AEDFC14A8D31D3B26FE9CDF171
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:43:8c:9c:6e:c9:60:74:a8:7a:19:9c:23:34:
fd:82:78:93:2c:2a:1f:52:58:0d:54:82:d3:57:d1:
4b:31:04:af:eb:f9:c9:6b:1f:a1:c4:a8:b1:a8:8a:
f8:b5:65:8c:dd:df:bb:76:25:27:4a:3a:15:91:8a:
ec:88:14:3b:1e:34:70:74:05:b1:73:a3:c9:f9:70:
1b:4e:83:77:5a:6d:36:35:a4:5e:4c:d3:21:23:0e:
8c:9e:46:72:c1:ab:7a:7c:d0:30:b8:11:27:22:16:
24:67:41:96:93:57:b1:5f:41:b7:ad:c7:fb:15:cd:
f8:eb:a6:1e:26:4d:a6:e3:bb:fd:00:6b:6a:6f:e0:
99:e7:79:58:57:20:bd:d8:ad:32:80:50:2f:48:0c:
b2:ba:1e:ef:a8:15:97:70:ee:4d:af:6d:ef:8a:2e:
33:b5:1e:95:8a:04:43:a2:2f:2d:9b:1f:79:a4:9f:
8d:d4:d9:0e:fb:28:c1:dc:85:e6:44:60:d9:fb:1f:
61:05:25:c1:0f:7c:0d:77:d8:0c:53:2c:6a:96:7e:
9a:41:b6:ec:07:e0:37:6a:22:8d:c0:d0:45:65:ee:
3a:5c:47:a7:76:da:dd:ac:3f:09:5b:db:25:b7:5b:
9e:cc:3c:4a:8f:f5:b4:df:f9:51:0e:87:fe:61:14:
07:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:D3:CF:A3:37:96:38:AE:DF:C1:4A:8D:31:D3:B2:6F:E9:CD:F1:71
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/i9PPozeWOK7fwUqNMdOyb-nN8XE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
ad:01:71:ba:ea:89:06:13:98:14:47:1b:35:4d:67:a3:bb:12:
11:98:94:aa:8a:ce:4d:ec:b3:9f:0c:d6:75:94:ea:ab:6d:3d:
1a:29:80:3d:14:14:bf:d0:6c:fc:f5:46:e1:69:6b:28:47:a4:
a4:c2:9a:e6:85:cc:60:8b:e6:a2:b1:f0:e2:15:8f:4f:f0:39:
39:d5:7a:b6:1d:9c:0f:d5:c3:98:86:0f:5f:bd:2d:78:81:58:
b4:e8:bc:0d:d7:d7:c9:e2:09:1d:4f:4e:b8:7f:19:b8:31:00:
8b:8f:6a:58:4a:5f:d0:dd:2f:2f:77:d6:16:aa:3c:b0:5a:e5:
fd:8f:66:70:b6:8e:84:6b:a6:56:f7:2a:bd:28:ae:ef:90:fa:
55:ea:46:17:8e:47:99:19:23:2c:82:85:88:4a:43:23:5a:17:
92:7d:0a:d0:06:00:f3:7a:8b:8f:ad:92:c8:af:eb:35:c2:c7:
79:d1:08:58:5c:e2:d7:4e:a5:d0:93:e9:73:94:a0:68:b4:6b:
6f:86:4d:ce:d6:7e:32:f9:1b:56:a7:e3:ee:c4:e2:6d:0b:94:
cc:92:47:b8:93:af:c9:f8:49:36:5f:e0:ba:bc:de:3b:c7:6b:
80:12:54:f5:f6:f4:7d:ff:25:9c:84:d4:f1:07:66:45:fc:1a:
f5:7c:39:5c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICThUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIx
NjUzNDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhCRDNDRkEzMzc5NjM4
QUVERkMxNEE4RDMxRDNCMjZGRTlDREYxNzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/Q4ycbslgdKh6GZwjNP2CeJMsKh9SWA1UgtNX0UsxBK/r+clr
H6HEqLGoivi1ZYzd37t2JSdKOhWRiuyIFDseNHB0BbFzo8n5cBtOg3dabTY1pF5M
0yEjDoyeRnLBq3p80DC4ESciFiRnQZaTV7FfQbetx/sVzfjrph4mTabju/0Aa2pv
4JnneVhXIL3YrTKAUC9IDLK6Hu+oFZdw7k2vbe+KLjO1HpWKBEOiLy2bH3mkn43U
2Q77KMHcheZEYNn7H2EFJcEPfA132AxTLGqWfppBtuwH4DdqIo3A0EVl7jpcR6d2
2t2sPwlb2yW3W57MPEqP9bTf+VEOh/5hFAdnAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUi9PPozeWOK7fwUqNMdOyb+nN8XEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2k5UFBvemVXT0s3ZndV
cU5NZE95Yi1uTjhYRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAK0BcbrqiQYTmBRH
GzVNZ6O7EhGYlKqKzk3ss58M1nWU6qttPRopgD0UFL/QbPz1RuFpayhHpKTCmuaF
zGCL5qKx8OIVj0/wOTnVerYdnA/Vw5iGD1+9LXiBWLTovA3X18niCR1PTrh/Gbgx
AIuPalhKX9DdLy931haqPLBa5f2PZnC2joRrplb3Kr0oru+Q+lXqRheOR5kZIyyC
hYhKQyNaF5J9CtAGAPN6i4+tksiv6zXCx3nRCFhc4tdOpdCT6XOUoGi0a2+GTc7W
fjL5G1an4+7E4m0LlMySR7iTr8n4STZf4Lq83jvHa4ASVPX29H3/JZyE1PEHZkX8
GvV8OVw=
-----END CERTIFICATE-----
Generated at Fri May 3 00:05:49 2024 by rpki-client on console.sobornost.net