Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kxYAp2rDhJ8J4heThAnUhfkOz64.roa
File: kxYAp2rDhJ8J4heThAnUhfkOz64.roa (raw, json)
Hash identifier: LL7IBkslosTfBCS3YbR8fmQsFtAJSzxCYCC0bOH7Cv8=
Subject key identifier: 93:16:00:A7:6A:C3:84:9F:09:E2:17:93:84:09:D4:85:F9:0E:CF:AE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42E9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kxYAp2rDhJ8J4heThAnUhfkOz64.roa
Signing time: Wed 17 Apr 2024 19:22:59 +0000
ROA not before: Wed 17 Apr 2024 19:22:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17129 (0x42e9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 19:22:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=931600A76AC3849F09E217938409D485F90ECFAE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:d0:82:d7:98:a6:95:28:a4:45:75:a4:b7:c9:
ba:62:97:ed:7d:99:b6:de:97:e0:4c:49:51:f5:09:
5b:15:eb:97:7b:49:dc:c3:fe:ad:20:93:09:84:27:
32:de:1c:b0:60:3a:8d:45:68:0d:a6:ba:c0:2a:57:
36:27:5f:33:c8:5c:53:86:d7:1d:b8:e9:b2:6e:77:
0b:87:ee:fc:7e:d3:d5:e1:bf:95:04:30:48:89:c8:
01:13:3e:1c:ea:c6:c4:2e:09:8f:ff:4b:63:02:ae:
5a:ca:18:91:4e:50:34:8b:c2:ed:e9:6e:15:36:37:
67:d4:d4:e5:fc:e4:77:3d:f2:65:0d:3e:0e:be:e6:
65:0f:9f:b9:70:af:91:a2:1a:86:3d:fd:73:54:52:
f2:54:3a:93:37:49:23:42:e0:6e:ac:5f:e0:df:08:
fc:1e:a7:65:df:46:f9:7f:02:18:7a:51:4b:20:cd:
e8:e5:cf:a2:16:4e:ed:34:db:56:22:df:4c:51:9c:
5f:ae:10:9f:27:24:25:d7:73:d9:ad:c9:f2:ec:ee:
81:12:b7:e2:8f:92:c7:83:6a:fb:b9:c4:c1:98:e9:
a6:92:3b:54:41:68:73:15:3f:5e:42:83:6d:5e:d8:
4d:b0:bb:80:39:8e:b3:19:43:c8:dc:6f:0f:e1:81:
03:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:16:00:A7:6A:C3:84:9F:09:E2:17:93:84:09:D4:85:F9:0E:CF:AE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kxYAp2rDhJ8J4heThAnUhfkOz64.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
8b:78:08:d5:7d:44:89:28:6e:d8:78:2e:9a:8a:e5:ea:90:42:
45:32:f3:9e:c9:ab:0e:90:bd:38:ff:37:2a:72:79:95:28:83:
e4:bb:bc:8c:2a:82:5a:c0:63:ad:42:bb:86:d4:d9:b1:83:00:
58:4e:3e:9d:65:c5:9b:88:48:60:c6:98:ae:c7:ca:a6:57:7d:
2e:a8:23:cb:61:0c:f1:8a:f0:9b:43:ae:2c:c7:91:6b:d1:3e:
80:f3:9f:d0:98:58:ac:76:74:d2:9b:32:9c:e1:2e:f6:de:41:
fe:8a:93:3c:58:c3:84:63:e0:5f:8b:d4:f5:0b:19:39:a0:3a:
c4:5f:04:f0:12:0f:b0:8d:5a:c0:41:ca:37:5f:27:cf:fd:4a:
64:a2:62:3a:5f:ca:51:fd:84:1c:32:94:bb:00:2f:5b:9c:9f:
65:0c:27:d2:1c:73:63:24:cb:90:b7:f1:dc:88:be:ed:c2:8b:
35:0e:2b:49:2e:a0:49:9b:2d:c1:a4:20:d8:c7:e9:54:86:37:
3c:3e:0e:63:65:f9:98:28:7a:31:52:58:4b:f7:12:4f:99:84:
0b:3d:a6:ee:8c:7d:83:ae:0b:25:ae:bc:a0:8d:4c:b6:60:97:
07:a3:60:2b:53:21:b1:5f:07:31:57:17:e0:9d:68:0a:9f:c4:
69:1c:f6:80
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQukwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcx
OTIyNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDkzMTYwMEE3NkFDMzg0
OUYwOUUyMTc5Mzg0MDlENDg1RjkwRUNGQUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJ0ILXmKaVKKRFdaS3ybpil+19mbbel+BMSVH1CVsV65d7SdzD
/q0gkwmEJzLeHLBgOo1FaA2musAqVzYnXzPIXFOG1x246bJudwuH7vx+09Xhv5UE
MEiJyAETPhzqxsQuCY//S2MCrlrKGJFOUDSLwu3pbhU2N2fU1OX85Hc98mUNPg6+
5mUPn7lwr5GiGoY9/XNUUvJUOpM3SSNC4G6sX+DfCPwep2XfRvl/Ahh6UUsgzejl
z6IWTu0021Yi30xRnF+uEJ8nJCXXc9mtyfLs7oESt+KPkseDavu5xMGY6aaSO1RB
aHMVP15Cg21e2E2wu4A5jrMZQ8jcbw/hgQN7AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUkxYAp2rDhJ8J4heThAnUhfkOz64wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2t4WUFwMnJEaEo4SjRo
ZVRoQW5VaGZrT3o2NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIt4CNV9RIkobth4
LpqK5eqQQkUy857Jqw6QvTj/NypyeZUog+S7vIwqglrAY61Cu4bU2bGDAFhOPp1l
xZuISGDGmK7HyqZXfS6oI8thDPGK8JtDrizHkWvRPoDzn9CYWKx2dNKbMpzhLvbe
Qf6KkzxYw4Rj4F+L1PULGTmgOsRfBPASD7CNWsBByjdfJ8/9SmSiYjpfylH9hBwy
lLsAL1ucn2UMJ9Icc2Mky5C38dyIvu3CizUOK0kuoEmbLcGkINjH6VSGNzw+DmNl
+ZgoejFSWEv3Ek+ZhAs9pu6MfYOuCyWuvKCNTLZglwejYCtTIbFfBzFXF+CdaAqf
xGkc9oA=
-----END CERTIFICATE-----
Generated at Thu Apr 18 09:19:26 2024 by rpki-client on console.sobornost.net