Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jAy9W_FPSE35bJaKicjeYV4mHWo.roa
File: jAy9W_FPSE35bJaKicjeYV4mHWo.roa (raw, json)
Hash identifier: UCVgc/5WnDHLx6mZhSoxrj/8kWTFKs3sEqvWpPUQVX4=
Subject key identifier: 8C:0C:BD:5B:F1:4F:48:4D:F9:6C:96:8A:89:C8:DE:61:5E:26:1D:6A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54E9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jAy9W_FPSE35bJaKicjeYV4mHWo.roa
Signing time: Sat 11 May 2024 19:24:03 +0000
ROA not before: Sat 11 May 2024 19:24:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21737 (0x54e9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 19:24:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8C0CBD5BF14F484DF96C968A89C8DE615E261D6A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:53:e9:db:04:31:db:d1:52:61:d7:a2:8a:46:
8c:28:bd:e2:f5:b4:bb:03:ad:48:c0:9b:e4:cd:01:
26:c8:ae:1e:4d:3a:14:1a:dd:5f:23:72:f9:34:9f:
3f:82:e2:86:e2:4b:f9:a9:ec:2f:90:88:73:40:37:
12:2b:a7:14:72:1c:f9:48:d7:db:74:71:85:38:ba:
81:80:77:41:60:52:02:d8:0b:e2:ba:d7:5a:02:39:
21:76:60:fa:7a:e7:92:c1:2e:73:8a:ef:40:59:61:
29:ff:b5:d2:2e:bc:87:d4:98:40:29:05:4a:fa:2f:
9a:a2:a5:9e:61:3a:f2:86:67:7d:98:a9:7d:71:14:
9c:5d:81:8f:f9:58:3d:28:34:4e:0c:8d:50:88:e9:
53:d2:12:33:c4:9d:e0:2e:80:48:18:31:bb:64:74:
be:31:13:52:1c:08:db:e7:0a:ec:d0:c3:92:4b:28:
c6:77:31:45:93:a8:3f:ab:a3:f2:34:b2:76:95:5f:
14:b1:b5:0f:d8:bf:fb:a6:b8:d7:58:cf:00:77:61:
4b:41:4c:31:c1:61:8a:a3:e0:7d:67:e3:b1:e1:95:
b0:05:e6:2b:40:87:d4:b6:84:0d:f9:6b:d4:e4:be:
66:f2:90:1d:82:80:35:10:ed:e7:c2:af:10:16:b8:
4f:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:0C:BD:5B:F1:4F:48:4D:F9:6C:96:8A:89:C8:DE:61:5E:26:1D:6A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jAy9W_FPSE35bJaKicjeYV4mHWo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
52:20:61:f9:aa:cd:c9:cf:ef:60:36:68:a6:ee:80:34:62:72:
29:6d:e6:23:e9:ad:09:1b:db:d9:26:65:5c:94:2c:e6:9f:72:
54:87:26:00:7c:cf:de:6a:2e:02:d0:ea:25:de:5f:81:0b:09:
62:1f:5e:00:b5:28:75:e2:42:f2:3f:b0:38:dc:53:c4:c5:1f:
15:8f:ee:1d:4e:24:f7:83:0c:eb:97:64:b9:89:16:b3:5d:66:
5d:40:7c:6c:71:4c:97:8c:16:89:88:e6:b1:98:8d:41:4e:fa:
28:1e:c5:3f:a5:cd:9c:4c:32:e9:df:7e:36:c7:70:87:11:f3:
6d:cd:65:9b:ee:92:d1:75:72:60:2a:9b:d3:d5:98:30:46:a2:
d5:41:ea:d9:c7:0d:23:92:14:3f:60:d7:f0:13:ac:3c:f8:26:
b0:b7:09:9c:d1:d2:81:53:6c:e1:53:3e:8e:b8:26:5b:2b:88:
20:3d:0e:c4:fd:3a:d4:30:23:c2:01:99:20:98:a7:fd:79:b3:
e1:7d:7c:ea:1f:39:b9:4f:cf:d6:a1:7b:2a:81:c4:4b:12:49:
4b:eb:f9:1d:3b:78:fe:04:72:3e:46:ad:f7:33:c2:9d:ae:42:
90:f3:4a:5d:2d:60:29:0a:2c:c6:69:b9:a9:f7:6a:70:28:45:
ad:5e:5b:11
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVOkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEx
OTI0MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhDMENCRDVCRjE0RjQ4
NERGOTZDOTY4QTg5QzhERTYxNUUyNjFENkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvU+nbBDHb0VJh16KKRowoveL1tLsDrUjAm+TNASbIrh5NOhQa
3V8jcvk0nz+C4obiS/mp7C+QiHNANxIrpxRyHPlI19t0cYU4uoGAd0FgUgLYC+K6
11oCOSF2YPp655LBLnOK70BZYSn/tdIuvIfUmEApBUr6L5qipZ5hOvKGZ32YqX1x
FJxdgY/5WD0oNE4MjVCI6VPSEjPEneAugEgYMbtkdL4xE1IcCNvnCuzQw5JLKMZ3
MUWTqD+ro/I0snaVXxSxtQ/Yv/umuNdYzwB3YUtBTDHBYYqj4H1n47HhlbAF5itA
h9S2hA35a9TkvmbykB2CgDUQ7efCrxAWuE8ZAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUjAy9W/FPSE35bJaKicjeYV4mHWowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pBeTlXX0ZQU0UzNWJK
YUtpY2plWVY0bUhXby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFIgYfmqzcnP72A2
aKbugDRicilt5iPprQkb29kmZVyULOafclSHJgB8z95qLgLQ6iXeX4ELCWIfXgC1
KHXiQvI/sDjcU8TFHxWP7h1OJPeDDOuXZLmJFrNdZl1AfGxxTJeMFomI5rGYjUFO
+igexT+lzZxMMunffjbHcIcR823NZZvuktF1cmAqm9PVmDBGotVB6tnHDSOSFD9g
1/ATrDz4JrC3CZzR0oFTbOFTPo64JlsriCA9DsT9OtQwI8IBmSCYp/15s+F9fOof
OblPz9aheyqBxEsSSUvr+R07eP4Ecj5Grfczwp2uQpDzSl0tYCkKLMZpuan3anAo
Ra1eWxE=
-----END CERTIFICATE-----
Generated at Sun May 12 00:32:58 2024 by rpki-client on console.sobornost.net