Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/is2YYyrf_4KgpF-PsNmdjs4-Ywc.roa
File: is2YYyrf_4KgpF-PsNmdjs4-Ywc.roa (raw, json)
Hash identifier: Z6mJapah3fcfUv943Cbe5W7sttD0q5ygl05WHVAMVvo=
Subject key identifier: 8A:CD:98:63:2A:DF:FF:82:A0:A4:5F:8F:B0:D9:9D:8E:CE:3E:63:07
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4429
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/is2YYyrf_4KgpF-PsNmdjs4-Ywc.roa
Signing time: Fri 19 Apr 2024 11:23:02 +0000
ROA not before: Fri 19 Apr 2024 11:23:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17449 (0x4429)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 11:23:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8ACD98632ADFFF82A0A45F8FB0D99D8ECE3E6307
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:7b:24:67:6f:1f:46:84:82:a0:6a:61:b3:00:
57:74:3a:f0:b1:7f:bc:d3:34:e6:c1:e1:2b:b3:ab:
85:6c:df:07:d5:d8:88:06:68:60:c6:a5:32:1f:7f:
17:7a:6b:07:25:2e:df:2e:0b:39:71:5a:e9:06:65:
6d:a4:68:f9:e4:f0:2b:00:9a:e2:ca:1e:d3:24:14:
d0:e9:af:31:b4:8e:39:27:1d:bf:21:9b:ac:b2:04:
c1:bf:84:60:f1:66:0d:73:99:c6:67:02:15:44:f1:
81:4a:6d:58:15:65:39:c4:85:64:90:96:35:25:96:
78:9f:1c:ba:ba:07:55:9c:e8:21:27:e5:2e:10:cf:
6e:f7:53:9f:90:ac:17:ab:6d:39:63:f7:ff:5e:61:
ad:23:e4:e7:f4:14:59:b7:af:8a:69:34:f4:4b:e4:
fd:9c:9d:c5:db:e5:fa:98:e3:9c:d1:d4:61:bf:f2:
61:62:4d:67:e6:4f:a2:a7:0d:60:20:02:0d:ba:20:
22:41:91:9f:89:5c:b1:1c:62:f9:c3:70:a6:77:69:
ec:ad:3f:1d:32:dc:fc:53:a0:cc:d1:64:62:8f:36:
4c:7e:ad:4c:82:dd:e1:33:a8:d6:a4:57:78:b4:3f:
4a:71:47:52:16:76:4f:6b:63:a8:19:53:0f:01:ed:
44:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:CD:98:63:2A:DF:FF:82:A0:A4:5F:8F:B0:D9:9D:8E:CE:3E:63:07
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/is2YYyrf_4KgpF-PsNmdjs4-Ywc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
5a:7c:3f:6b:cf:ca:d7:3d:17:37:c2:99:cf:fb:57:5e:30:87:
e5:ff:16:bc:c7:6f:00:f2:81:96:ae:69:5e:00:04:9b:8b:4b:
4b:b8:89:02:b5:dd:e9:76:09:20:d3:10:ee:91:0a:bb:e7:4b:
12:a9:af:c8:a9:8e:c0:b1:0c:e9:c3:fe:43:c0:24:1e:6d:cc:
a2:7b:7c:54:3b:75:1c:d6:82:35:30:85:26:12:b9:da:f3:23:
46:8b:b6:73:76:02:3b:f0:98:90:c5:b4:eb:3a:be:1f:41:18:
42:45:5a:67:f4:26:b2:95:41:fa:9f:0a:e8:17:da:ed:19:8d:
3e:aa:2e:98:37:c5:06:4a:a1:d3:43:3e:7a:ae:49:20:f7:02:
f4:fc:ee:fb:f5:a2:d8:e8:2f:c3:f3:a8:b5:b9:14:6f:b3:f5:
af:91:86:0e:56:4f:83:60:e4:77:5d:64:f2:c8:93:49:1f:8f:
42:d9:a9:51:b2:ec:17:c7:77:21:02:7c:42:e6:d7:cb:75:9c:
12:22:65:0f:76:db:00:d8:6e:52:8a:d6:c5:f0:4f:a4:6c:32:
5f:81:92:e0:45:ce:3e:f7:7b:7d:d8:a3:d1:1a:02:56:4a:6f:
5f:ae:da:e4:76:75:7d:51:e7:67:75:24:da:b8:89:f8:5b:2a:
bf:2d:7a:b2
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRCkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkx
MTIzMDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhBQ0Q5ODYzMkFERkZG
ODJBMEE0NUY4RkIwRDk5RDhFQ0UzRTYzMDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2eyRnbx9GhIKgamGzAFd0OvCxf7zTNObB4Suzq4Vs3wfV2IgG
aGDGpTIffxd6awclLt8uCzlxWukGZW2kaPnk8CsAmuLKHtMkFNDprzG0jjknHb8h
m6yyBMG/hGDxZg1zmcZnAhVE8YFKbVgVZTnEhWSQljUllnifHLq6B1Wc6CEn5S4Q
z273U5+QrBerbTlj9/9eYa0j5Of0FFm3r4ppNPRL5P2cncXb5fqY45zR1GG/8mFi
TWfmT6KnDWAgAg26ICJBkZ+JXLEcYvnDcKZ3aeytPx0y3PxToMzRZGKPNkx+rUyC
3eEzqNakV3i0P0pxR1IWdk9rY6gZUw8B7URHAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUis2YYyrf/4KgpF+PsNmdjs4+YwcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lzMllZeXJmXzRLZ3BG
LVBzTm1kanM0LVl3Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFp8P2vPytc9FzfC
mc/7V14wh+X/FrzHbwDygZauaV4ABJuLS0u4iQK13el2CSDTEO6RCrvnSxKpr8ip
jsCxDOnD/kPAJB5tzKJ7fFQ7dRzWgjUwhSYSudrzI0aLtnN2AjvwmJDFtOs6vh9B
GEJFWmf0JrKVQfqfCugX2u0ZjT6qLpg3xQZKodNDPnquSSD3AvT87vv1otjoL8Pz
qLW5FG+z9a+Rhg5WT4Ng5HddZPLIk0kfj0LZqVGy7BfHdyECfELm18t1nBIiZQ92
2wDYblKK1sXwT6RsMl+BkuBFzj73e33Yo9EaAlZKb1+u2uR2dX1R52d1JNq4ifhb
Kr8terI=
-----END CERTIFICATE-----
Generated at Fri Apr 19 15:09:47 2024 by rpki-client on console.sobornost.net