Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/m4MYh6VUK9Hl33t8-1tOScwyHG4.roa
File: m4MYh6VUK9Hl33t8-1tOScwyHG4.roa (raw, json)
Hash identifier: gHuezwDToN10lnDerh3rmcgagHSYVg2BdemwzBBSpyE=
Subject key identifier: 9B:83:18:87:A5:54:2B:D1:E5:DF:7B:7C:FB:5B:4E:49:CC:32:1C:6E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 455D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/m4MYh6VUK9Hl33t8-1tOScwyHG4.roa
Signing time: Sun 21 Apr 2024 01:53:05 +0000
ROA not before: Sun 21 Apr 2024 01:53:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17757 (0x455d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 21 01:53:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9B831887A5542BD1E5DF7B7CFB5B4E49CC321C6E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:b8:76:06:27:fd:c2:ba:19:7f:7d:1b:a5:49:
9d:ff:d0:a8:22:74:d6:67:83:68:4d:8f:1c:4d:59:
b3:10:dd:7f:3f:b2:8b:59:f1:f1:c6:90:f8:bd:ff:
86:c5:32:61:63:8b:74:d5:52:60:96:e8:b7:d4:8a:
ee:7f:59:ed:73:09:24:2b:aa:ba:83:85:6f:f8:1d:
bd:29:9b:72:13:c9:ec:58:7f:47:ea:7d:6f:1d:d4:
bf:7b:5c:86:a3:97:58:eb:f3:b3:6f:8a:03:99:ed:
ba:4c:bd:1a:64:d7:ff:05:66:58:4c:44:0c:46:20:
78:e9:65:8a:df:c5:fe:3f:d2:1d:fd:74:9f:31:98:
b3:e6:82:f7:c3:17:bc:25:e8:81:d6:92:a9:97:50:
c7:4d:c7:e0:aa:8b:df:9a:50:2b:0e:f0:48:6d:4c:
18:60:13:6c:19:ae:aa:db:42:9a:ac:95:0a:b1:0d:
62:b3:85:b2:f3:c1:69:0f:c3:62:83:2c:34:98:7f:
59:a8:ab:21:f0:5f:31:9a:dd:e6:91:7e:7c:df:79:
72:24:4a:74:91:af:bf:71:be:60:68:2c:9c:86:3c:
09:2d:80:a9:b5:2c:20:8d:48:7a:2d:e3:4d:7f:0e:
a8:c7:b2:4a:4d:50:5f:ef:ad:61:32:a9:3f:3c:b1:
eb:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:83:18:87:A5:54:2B:D1:E5:DF:7B:7C:FB:5B:4E:49:CC:32:1C:6E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/m4MYh6VUK9Hl33t8-1tOScwyHG4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
47:b1:79:21:00:a1:2b:04:c4:67:cc:85:25:bd:72:24:1f:f1:
3b:58:5c:e2:45:de:fc:3b:f7:e7:1b:81:5d:6a:9f:66:57:a6:
38:33:0d:b1:8f:4b:e2:87:fd:51:7d:55:b0:cc:51:3d:59:0c:
28:11:f8:bf:8b:c1:06:c1:02:ec:f2:70:9d:ce:c6:25:eb:42:
9d:15:db:4d:af:ef:c6:4c:fb:be:44:08:9e:46:49:1c:5e:3f:
60:6c:f3:14:f4:e8:d5:a8:24:9b:4b:3e:85:fd:76:65:b7:80:
3f:4f:e9:32:0a:e3:e3:b7:96:e1:0c:33:70:64:d4:d3:0e:c2:
40:48:f8:90:ee:5c:4b:18:41:1e:73:e1:d8:fc:94:95:8b:bf:
48:f4:74:21:f3:60:8f:fa:8f:76:23:4a:18:99:59:ba:52:a9:
f2:f6:17:72:0f:c2:f3:15:35:e3:49:ed:42:03:89:18:7f:5b:
a5:fe:30:32:33:3b:16:83:ed:85:e1:a1:98:22:af:d9:29:93:
a5:5a:d1:5b:8a:bc:fe:ca:fc:f7:39:71:47:93:3c:0e:ff:9d:
55:08:ab:5f:76:e3:37:89:e3:de:2e:26:ae:2b:52:4f:0f:28:
a2:13:f3:9c:e8:c7:56:78:a5:a5:d4:bd:6b:05:48:22:62:65:
59:f7:2a:35
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRV0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjEw
MTUzMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlCODMxODg3QTU1NDJC
RDFFNURGN0I3Q0ZCNUI0RTQ5Q0MzMjFDNkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCouHYGJ/3Cuhl/fRulSZ3/0KgidNZng2hNjxxNWbMQ3X8/sotZ
8fHGkPi9/4bFMmFji3TVUmCW6LfUiu5/We1zCSQrqrqDhW/4Hb0pm3ITyexYf0fq
fW8d1L97XIajl1jr87NvigOZ7bpMvRpk1/8FZlhMRAxGIHjpZYrfxf4/0h39dJ8x
mLPmgvfDF7wl6IHWkqmXUMdNx+Cqi9+aUCsO8EhtTBhgE2wZrqrbQpqslQqxDWKz
hbLzwWkPw2KDLDSYf1moqyHwXzGa3eaRfnzfeXIkSnSRr79xvmBoLJyGPAktgKm1
LCCNSHot401/DqjHskpNUF/vrWEyqT88setXAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUm4MYh6VUK9Hl33t8+1tOScwyHG4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L200TVloNlZVSzlIbDMz
dDgtMXRPU2N3eUhHNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEexeSEAoSsExGfM
hSW9ciQf8TtYXOJF3vw79+cbgV1qn2ZXpjgzDbGPS+KH/VF9VbDMUT1ZDCgR+L+L
wQbBAuzycJ3OxiXrQp0V202v78ZM+75ECJ5GSRxeP2Bs8xT06NWoJJtLPoX9dmW3
gD9P6TIK4+O3luEMM3Bk1NMOwkBI+JDuXEsYQR5z4dj8lJWLv0j0dCHzYI/6j3Yj
ShiZWbpSqfL2F3IPwvMVNeNJ7UIDiRh/W6X+MDIzOxaD7YXhoZgir9kpk6Va0VuK
vP7K/Pc5cUeTPA7/nVUIq1924zeJ494uJq4rUk8PKKIT85zox1Z4paXUvWsFSCJi
ZVn3KjU=
-----END CERTIFICATE-----
Generated at Sun Apr 21 07:56:36 2024 by rpki-client on console.sobornost.net