Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jIvitSnMj9sOLfzi9GGN7nH98iA.roa
File: jIvitSnMj9sOLfzi9GGN7nH98iA.roa (raw, json)
Hash identifier: Otx/TE4ZFCKZrgSaAfkvGyeP7zwaY07fIYxbsEaQsIw=
Subject key identifier: 8C:8B:E2:B5:29:CC:8F:DB:0E:2D:FC:E2:F4:61:8D:EE:71:FD:F2:20
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A79
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jIvitSnMj9sOLfzi9GGN7nH98iA.roa
Signing time: Sat 27 Apr 2024 21:23:26 +0000
ROA not before: Sat 27 Apr 2024 21:23:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19065 (0x4a79)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 21:23:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8C8BE2B529CC8FDB0E2DFCE2F4618DEE71FDF220
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:55:93:2c:f2:e6:e5:1e:f8:94:58:12:c5:6e:
30:09:1b:1c:14:b6:3c:7c:ca:e5:eb:c5:ad:4d:77:
fe:cc:ec:51:ea:56:56:b9:43:4d:91:a9:88:31:16:
23:63:29:10:d0:37:7b:51:4d:b2:19:10:b8:dd:5c:
65:f3:4d:fb:28:0f:63:0c:cb:a7:e9:69:3e:77:c6:
d8:73:ac:9f:b1:a6:ec:e2:58:be:89:af:95:44:78:
d2:a4:21:86:61:6c:a2:c8:02:fc:f3:4b:d8:6a:91:
23:62:99:a4:3b:90:a6:e2:5f:b3:68:cb:a8:3e:e6:
71:eb:82:9c:fd:d8:44:b0:e0:e7:55:8f:53:eb:14:
3a:97:40:0c:9e:b2:1f:16:90:70:73:a4:2e:07:3f:
92:98:d1:1f:24:2b:26:32:3a:14:cf:f5:03:11:24:
2d:66:2b:6d:55:ee:c7:9c:60:b0:85:17:f6:54:75:
e9:de:72:a9:e5:b8:43:41:ee:71:ee:b1:19:95:38:
3b:14:c0:f8:f0:30:46:d3:b3:6b:90:e4:49:59:4a:
0b:1f:90:e8:9f:18:8c:19:05:f8:b9:50:58:c4:ad:
b1:88:ad:01:1e:55:1b:69:5b:c7:ba:c7:a6:f2:af:
a3:79:0a:f0:9f:fb:ce:52:2b:84:95:c0:f1:86:cf:
13:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:8B:E2:B5:29:CC:8F:DB:0E:2D:FC:E2:F4:61:8D:EE:71:FD:F2:20
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jIvitSnMj9sOLfzi9GGN7nH98iA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
0b:c5:95:c0:58:fe:42:11:22:ff:fc:51:c5:c0:7f:73:54:20:
b4:58:96:8a:45:7a:87:ad:4a:44:90:90:2e:02:e1:1d:6a:e0:
6d:9c:33:3b:5d:2c:69:58:e5:ba:77:ca:6f:63:78:e3:80:ec:
82:01:72:88:c7:b3:01:89:19:65:36:30:1c:a0:9d:5f:5d:55:
1c:3a:51:1b:f9:67:95:cc:ec:c7:fb:60:c4:76:5f:16:7f:ed:
bf:c2:9a:af:3a:5a:88:01:00:6b:f1:21:c7:ba:37:8c:f3:02:
57:4c:d9:91:48:08:ab:68:33:19:67:c1:ea:8b:f2:41:20:29:
23:6d:0d:48:ee:f3:58:b3:94:ca:61:c2:fb:5b:36:01:05:d0:
3f:ef:28:79:cb:db:4a:3e:b3:bc:e0:52:0d:61:38:e6:ba:39:
07:64:b6:cc:fc:19:4d:74:65:b3:48:44:7e:44:1c:15:2b:24:
82:14:8b:6d:8b:60:88:27:30:a5:04:d6:a9:62:f0:84:9c:04:
20:13:36:99:5f:dc:ec:48:a8:b4:12:6d:8c:e9:7a:57:5c:89:
20:4b:87:f5:4a:15:cc:5e:25:5a:c1:3d:2d:b0:38:ad:2f:f4:
73:90:d5:1e:a9:3d:53:7e:71:0e:95:e3:ad:f8:de:57:7c:6c:
e1:9f:be:da
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSnkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcy
MTIzMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhDOEJFMkI1MjlDQzhG
REIwRTJERkNFMkY0NjE4REVFNzFGREYyMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbVZMs8ublHviUWBLFbjAJGxwUtjx8yuXrxa1Nd/7M7FHqVla5
Q02RqYgxFiNjKRDQN3tRTbIZELjdXGXzTfsoD2MMy6fpaT53xthzrJ+xpuziWL6J
r5VEeNKkIYZhbKLIAvzzS9hqkSNimaQ7kKbiX7Noy6g+5nHrgpz92ESw4OdVj1Pr
FDqXQAyesh8WkHBzpC4HP5KY0R8kKyYyOhTP9QMRJC1mK21V7secYLCFF/ZUdene
cqnluENB7nHusRmVODsUwPjwMEbTs2uQ5ElZSgsfkOifGIwZBfi5UFjErbGIrQEe
VRtpW8e6x6byr6N5CvCf+85SK4SVwPGGzxNHAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUjIvitSnMj9sOLfzi9GGN7nH98iAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pJdml0U25NajlzT0xm
emk5R0dON25IOThpQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAvFlcBY/kIRIv/8
UcXAf3NUILRYlopFeoetSkSQkC4C4R1q4G2cMztdLGlY5bp3ym9jeOOA7IIBcojH
swGJGWU2MBygnV9dVRw6URv5Z5XM7Mf7YMR2XxZ/7b/Cmq86WogBAGvxIce6N4zz
AldM2ZFICKtoMxlnweqL8kEgKSNtDUju81izlMphwvtbNgEF0D/vKHnL20o+s7zg
Ug1hOOa6OQdktsz8GU10ZbNIRH5EHBUrJIIUi22LYIgnMKUE1qli8IScBCATNplf
3OxIqLQSbYzpeldciSBLh/VKFcxeJVrBPS2wOK0v9HOQ1R6pPVN+cQ6V46343ld8
bOGfvto=
-----END CERTIFICATE-----
Generated at Sat Apr 27 23:07:05 2024 by rpki-client on console.sobornost.net