Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nKcVm9ghjpx3Pyw5sePnmqOg19I.roa
File: nKcVm9ghjpx3Pyw5sePnmqOg19I.roa (raw, json)
Hash identifier: qr/LBqvK8JxRtHqPpNDESzWnAkwV1bR5Ak+wsO59bP0=
Subject key identifier: 9C:A7:15:9B:D8:21:8E:9C:77:3F:2C:39:B1:E3:E7:9A:A3:A0:D7:D2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DF5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nKcVm9ghjpx3Pyw5sePnmqOg19I.roa
Signing time: Thu 02 May 2024 12:53:42 +0000
ROA not before: Thu 02 May 2024 12:53:42 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19957 (0x4df5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 12:53:42 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9CA7159BD8218E9C773F2C39B1E3E79AA3A0D7D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:4e:51:cb:23:4f:8b:cc:44:7c:87:f7:4a:44:
38:07:8e:ce:2c:5f:64:d5:9e:8a:c2:4c:3c:04:49:
37:ca:25:c7:e9:5d:96:9e:36:4a:2b:9f:70:be:83:
40:b0:8d:47:f3:a6:e9:61:8b:14:a6:f6:9f:8f:d0:
73:4c:03:ac:d6:a0:a2:73:c5:4c:83:0c:3e:ee:ad:
fb:ab:34:e6:d5:4c:5c:1f:fb:d1:61:c8:4b:35:10:
06:b1:25:43:df:90:bc:93:05:3f:6c:6a:8f:d2:0f:
c9:36:72:b5:62:2b:5e:f9:e3:16:21:f5:fb:f3:e0:
24:72:9a:f5:bc:81:2e:9f:0b:0f:e5:36:b3:4b:aa:
a9:fd:a0:7c:ee:e2:83:80:7c:97:a0:a5:48:3c:54:
be:ce:ef:7a:7d:ef:59:97:84:57:82:13:4a:b7:f0:
df:dc:dc:f3:b6:30:67:6d:c9:c7:7a:d3:54:92:ff:
d7:32:0e:5e:1c:6d:40:d3:e2:77:6a:6e:e3:31:6a:
ea:80:66:47:61:05:d1:ce:d4:d9:d6:49:7b:8f:24:
d6:6f:8d:29:e1:db:d4:c1:59:2b:4e:48:fe:07:59:
71:17:22:2b:6b:f6:74:7b:3e:81:22:ed:69:8d:7e:
c2:74:9e:25:ba:a7:84:39:51:9f:16:52:e5:ab:9a:
98:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:A7:15:9B:D8:21:8E:9C:77:3F:2C:39:B1:E3:E7:9A:A3:A0:D7:D2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nKcVm9ghjpx3Pyw5sePnmqOg19I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
4f:ad:88:75:fb:88:3b:0e:93:01:7e:26:95:9e:a7:ca:8b:4b:
fa:29:32:16:38:cc:bd:4b:d5:8c:ce:06:f8:69:4d:08:9e:bf:
17:38:49:a0:86:ac:d9:d3:15:f7:62:99:90:50:f0:f5:2a:eb:
2f:f5:7c:20:ec:33:f0:f1:c0:d9:20:e3:5c:a6:8b:50:47:29:
9d:cf:3a:f6:18:9b:fe:f6:74:80:10:15:70:cd:c2:60:c8:94:
18:cd:72:ec:0b:46:7f:4e:46:33:53:4f:88:8f:70:f5:72:66:
64:c0:f8:d8:e3:4d:6a:ee:a0:f5:29:11:1d:e7:c9:35:4b:cd:
f6:a8:9e:97:b6:4c:f0:85:42:e1:f6:30:eb:ef:ca:00:e9:69:
b1:0c:4a:a8:92:e5:e6:a1:21:78:28:22:ed:b0:47:e3:b5:3e:
51:dd:1a:44:70:08:45:fc:89:b5:f6:7e:49:28:be:44:c4:dc:
2d:82:8e:b0:9b:a6:1b:69:99:4e:8a:8c:0e:d2:f2:4c:64:82:
a7:4e:82:45:d3:8a:35:a0:94:da:1f:c8:0e:7a:31:f1:e1:0d:
59:c5:c5:45:f6:b8:83:bf:f6:d0:e4:22:f8:69:6b:63:f3:a5:
b3:b2:8d:cc:4f:d4:b3:98:a1:d7:39:73:e9:df:ae:a8:a4:d3:
c2:94:4c:28
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTfUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIx
MjUzNDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlDQTcxNTlCRDgyMThF
OUM3NzNGMkMzOUIxRTNFNzlBQTNBMEQ3RDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPTlHLI0+LzER8h/dKRDgHjs4sX2TVnorCTDwESTfKJcfpXZae
Nkorn3C+g0CwjUfzpulhixSm9p+P0HNMA6zWoKJzxUyDDD7urfurNObVTFwf+9Fh
yEs1EAaxJUPfkLyTBT9sao/SD8k2crViK1754xYh9fvz4CRymvW8gS6fCw/lNrNL
qqn9oHzu4oOAfJegpUg8VL7O73p971mXhFeCE0q38N/c3PO2MGdtycd601SS/9cy
Dl4cbUDT4ndqbuMxauqAZkdhBdHO1NnWSXuPJNZvjSnh29TBWStOSP4HWXEXIitr
9nR7PoEi7WmNfsJ0niW6p4Q5UZ8WUuWrmpjXAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUnKcVm9ghjpx3Pyw5sePnmqOg19IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25LY1ZtOWdoanB4M1B5
dzVzZVBubXFPZzE5SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAE+tiHX7iDsOkwF+
JpWep8qLS/opMhY4zL1L1YzOBvhpTQievxc4SaCGrNnTFfdimZBQ8PUq6y/1fCDs
M/DxwNkg41ymi1BHKZ3POvYYm/72dIAQFXDNwmDIlBjNcuwLRn9ORjNTT4iPcPVy
ZmTA+NjjTWruoPUpER3nyTVLzfaonpe2TPCFQuH2MOvvygDpabEMSqiS5eahIXgo
Iu2wR+O1PlHdGkRwCEX8ibX2fkkovkTE3C2CjrCbphtpmU6KjA7S8kxkgqdOgkXT
ijWglNofyA56MfHhDVnFxUX2uIO/9tDkIvhpa2PzpbOyjcxP1LOYodc5c+nfrqik
08KUTCg=
-----END CERTIFICATE-----
Generated at Thu May 2 16:08:50 2024 by rpki-client on console.sobornost.net