Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jUYMRPAF7lbAr9P5NV6MAnBqXOg.roa
File: jUYMRPAF7lbAr9P5NV6MAnBqXOg.roa (raw, json)
Hash identifier: WEOTneSTLWfKNWw9oNjYhoaKrqWtK/plT0rxa+jmHLc=
Subject key identifier: 8D:46:0C:44:F0:05:EE:56:C0:AF:D3:F9:35:5E:8C:02:70:6A:5C:E8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3681
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jUYMRPAF7lbAr9P5NV6MAnBqXOg.roa
Signing time: Mon 01 Apr 2024 06:22:15 +0000
ROA not before: Mon 01 Apr 2024 06:22:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13953 (0x3681)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 1 06:22:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8D460C44F005EE56C0AFD3F9355E8C02706A5CE8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:28:e1:8b:ec:69:e3:f9:ad:58:c3:42:75:30:
57:7f:d9:c4:17:11:55:35:56:42:b3:96:ba:49:a3:
da:e9:71:bc:76:48:4a:5d:83:5c:e8:c1:e6:b8:cf:
d7:82:66:bc:4a:33:e1:e3:37:b5:ec:78:f0:c9:91:
e3:77:36:ff:05:90:d1:7e:28:2c:42:7b:c0:18:fc:
11:4c:52:2c:6e:22:3f:58:c2:89:e5:95:39:a4:80:
44:bd:0f:1e:bf:d2:27:66:e5:5a:cd:1a:44:58:0a:
f5:39:13:55:8d:83:f7:bf:23:95:91:81:87:57:66:
42:c5:e3:99:14:ea:8e:fb:08:5d:97:c9:e1:fc:1e:
4e:24:16:3a:e8:04:45:f5:92:07:8f:9b:b7:d0:44:
0b:f1:97:09:eb:30:b5:2a:b4:58:a7:b4:cb:0d:b4:
6f:44:35:62:3d:90:81:d4:5d:9f:74:59:43:25:75:
cf:18:d2:68:18:7d:19:9f:d8:f5:4f:4a:27:44:7b:
16:11:62:8c:9c:f1:d4:c5:82:31:0b:3e:b1:39:b3:
f3:95:fa:77:8d:c2:b4:fa:f8:43:8e:51:50:27:e1:
0d:f1:7b:f1:29:6a:95:58:99:84:f3:eb:a3:e9:85:
c0:89:ee:7e:e4:ba:db:57:21:79:d6:99:67:11:ce:
cd:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:46:0C:44:F0:05:EE:56:C0:AF:D3:F9:35:5E:8C:02:70:6A:5C:E8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jUYMRPAF7lbAr9P5NV6MAnBqXOg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
86:a5:c9:f4:1f:50:41:e5:56:2c:35:7c:a5:44:fa:65:5d:12:
79:39:1b:ae:ea:4c:10:c4:de:0e:d0:75:58:de:2a:34:c3:28:
9f:f6:b1:85:6a:bb:19:72:43:52:8f:b8:08:41:f6:a1:b3:83:
90:d2:ff:52:8d:fb:54:8d:45:8b:83:63:6c:02:92:54:7d:f2:
c9:a6:4a:a8:5d:bc:18:04:19:20:49:d9:61:a1:e8:59:9d:c5:
8d:20:55:72:46:aa:13:23:f1:3b:cb:66:bc:64:51:49:11:81:
7d:78:a4:da:96:a3:7d:5a:bf:74:77:01:8e:51:eb:1f:c2:14:
8c:6b:19:27:b4:99:df:c8:70:9b:e0:c3:04:4a:6a:97:c8:1a:
bf:5e:e1:e5:f7:45:e7:36:f1:6c:b0:7c:7b:a8:3e:ac:3c:a1:
f7:b6:c7:e6:ea:85:50:1c:78:29:f3:07:36:39:64:c8:9b:a8:
c8:80:d9:15:95:25:e1:7d:f6:7e:b6:67:b5:2e:f2:6b:06:92:
e0:6c:58:04:97:20:43:b8:5e:74:60:e9:54:28:14:63:6d:4a:
a8:eb:6e:38:3f:6e:b8:89:1b:fc:82:25:41:97:6f:70:99:7e:
7c:bb:c1:a4:3b:19:59:01:28:16:c0:f5:ee:eb:78:3a:2a:60:
56:08:70:d1
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNoEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDEw
NjIyMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhENDYwQzQ0RjAwNUVF
NTZDMEFGRDNGOTM1NUU4QzAyNzA2QTVDRTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUKOGL7Gnj+a1Yw0J1MFd/2cQXEVU1VkKzlrpJo9rpcbx2SEpd
g1zowea4z9eCZrxKM+HjN7XsePDJkeN3Nv8FkNF+KCxCe8AY/BFMUixuIj9Ywonl
lTmkgES9Dx6/0idm5VrNGkRYCvU5E1WNg/e/I5WRgYdXZkLF45kU6o77CF2XyeH8
Hk4kFjroBEX1kgePm7fQRAvxlwnrMLUqtFintMsNtG9ENWI9kIHUXZ90WUMldc8Y
0mgYfRmf2PVPSidEexYRYoyc8dTFgjELPrE5s/OV+neNwrT6+EOOUVAn4Q3xe/Ep
apVYmYTz66PphcCJ7n7kuttXIXnWmWcRzs1HAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUjUYMRPAF7lbAr9P5NV6MAnBqXOgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pVWU1SUEFGN2xiQXI5
UDVOVjZNQW5CcVhPZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIalyfQfUEHlViw1
fKVE+mVdEnk5G67qTBDE3g7QdVjeKjTDKJ/2sYVquxlyQ1KPuAhB9qGzg5DS/1KN
+1SNRYuDY2wCklR98smmSqhdvBgEGSBJ2WGh6FmdxY0gVXJGqhMj8TvLZrxkUUkR
gX14pNqWo31av3R3AY5R6x/CFIxrGSe0md/IcJvgwwRKapfIGr9e4eX3Rec28Wyw
fHuoPqw8ofe2x+bqhVAceCnzBzY5ZMibqMiA2RWVJeF99n62Z7Uu8msGkuBsWASX
IEO4XnRg6VQoFGNtSqjrbjg/briJG/yCJUGXb3CZfny7waQ7GVkBKBbA9e7reDoq
YFYIcNE=
-----END CERTIFICATE-----
Generated at Mon Apr 1 11:18:47 2024 by rpki-client on console.sobornost.net