Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oLa2y0AIzuwbCEC99soGkEyY6I8.roa
File: oLa2y0AIzuwbCEC99soGkEyY6I8.roa (raw, json)
Hash identifier: 4JgGCc8JVJvKe3vChRnHDOltdNtjdlSVINSvx6w+YGM=
Subject key identifier: A0:B6:B6:CB:40:08:CE:EC:1B:08:40:BD:F6:CA:06:90:4C:98:E8:8F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5589
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oLa2y0AIzuwbCEC99soGkEyY6I8.roa
Signing time: Sun 12 May 2024 15:24:05 +0000
ROA not before: Sun 12 May 2024 15:24:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21897 (0x5589)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 15:24:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A0B6B6CB4008CEEC1B0840BDF6CA06904C98E88F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:fe:cb:2d:0a:1f:1b:a1:0d:bc:fa:3f:77:f5:
d9:2f:0e:4c:ac:3d:1e:4e:96:b7:b5:db:0d:d0:e1:
74:45:0b:96:79:84:81:02:64:60:0c:ee:3e:68:62:
3c:7e:0c:44:41:83:78:37:be:a9:68:e7:f2:a7:4e:
b1:29:ef:44:6d:cf:94:d2:6a:e7:ac:03:e4:03:f9:
87:55:3e:61:fb:0f:80:81:4a:a9:b0:43:ba:e1:53:
58:08:50:09:a5:3b:be:0b:df:2e:b6:98:10:66:7e:
d1:61:14:7d:32:54:c5:11:fd:c1:00:d1:3d:a4:91:
53:9b:d2:c2:3c:1b:14:92:d6:88:c6:8d:4d:58:0f:
81:87:db:ca:dd:99:09:ae:a0:e0:f7:a0:31:8d:ba:
2b:7d:b2:f1:f6:8b:3d:85:55:99:70:52:b4:18:9e:
ba:2b:33:f1:e2:8b:cc:f0:0a:67:c0:66:b7:f8:e4:
e0:47:a7:47:e7:c3:ce:18:0b:72:cd:50:98:0f:87:
e3:cc:be:a9:88:f4:0d:10:b3:91:2f:04:00:2a:d5:
17:b2:33:53:1f:d5:ad:03:ab:51:02:d7:f8:da:2d:
f4:24:4a:31:57:9a:ba:98:fd:dc:89:5a:af:8a:1e:
b3:e8:80:4a:6e:36:c3:50:61:df:d2:ea:2b:c3:b2:
a4:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:B6:B6:CB:40:08:CE:EC:1B:08:40:BD:F6:CA:06:90:4C:98:E8:8F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oLa2y0AIzuwbCEC99soGkEyY6I8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
80:2a:7d:e8:c2:c5:1b:79:d4:3d:6f:d9:2b:4c:4c:f0:9b:f5:
1d:b1:e3:06:d9:41:3f:68:6a:16:9c:7d:5c:b1:11:0d:a5:f3:
2f:78:8d:e9:fd:16:dd:b3:50:9b:af:1b:2a:ef:18:e7:e4:24:
98:dd:df:a2:84:1f:34:36:47:8b:47:52:93:08:a0:bf:f3:86:
d9:cf:ab:c7:7e:32:70:e4:b7:de:7c:32:62:f5:5d:56:cb:ec:
b9:35:ef:d1:65:46:ca:eb:98:33:71:61:c1:ee:c3:06:9c:7d:
9f:fe:8c:e0:d2:4c:22:ff:95:03:f1:3f:4a:9e:8c:e7:51:32:
0c:db:03:aa:22:e9:f3:29:de:d0:d0:03:d1:03:3b:3d:87:94:
e6:c6:23:f1:c6:3f:87:b4:08:e4:81:69:c8:12:b9:b9:4a:02:
68:9a:7c:d6:e2:78:9d:8c:a8:0b:49:7a:fe:6c:17:fc:45:da:
7a:86:01:54:67:9a:83:2c:5b:ef:8f:45:ca:7f:64:3f:7b:3e:
35:58:a9:33:e0:7f:71:fe:7b:45:2b:3c:f4:60:39:01:c2:44:
12:d3:8b:1d:17:6e:30:03:a0:dd:6f:2f:ac:0d:1e:f3:ed:8c:
7c:c6:dd:33:b8:35:d5:8c:26:cc:80:3f:5e:e2:ca:75:79:83:
f1:7c:48:e1
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVYkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIx
NTI0MDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEwQjZCNkNCNDAwOENF
RUMxQjA4NDBCREY2Q0EwNjkwNEM5OEU4OEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6/sstCh8boQ28+j939dkvDkysPR5Olre12w3Q4XRFC5Z5hIEC
ZGAM7j5oYjx+DERBg3g3vqlo5/KnTrEp70Rtz5TSauesA+QD+YdVPmH7D4CBSqmw
Q7rhU1gIUAmlO74L3y62mBBmftFhFH0yVMUR/cEA0T2kkVOb0sI8GxSS1ojGjU1Y
D4GH28rdmQmuoOD3oDGNuit9svH2iz2FVZlwUrQYnrorM/Hii8zwCmfAZrf45OBH
p0fnw84YC3LNUJgPh+PMvqmI9A0Qs5EvBAAq1ReyM1Mf1a0Dq1EC1/jaLfQkSjFX
mrqY/dyJWq+KHrPogEpuNsNQYd/S6ivDsqRBAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUoLa2y0AIzuwbCEC99soGkEyY6I8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29MYTJ5MEFJenV3YkNF
Qzk5c29Ha0V5WTZJOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIAqfejCxRt51D1v
2StMTPCb9R2x4wbZQT9oahacfVyxEQ2l8y94jen9Ft2zUJuvGyrvGOfkJJjd36KE
HzQ2R4tHUpMIoL/zhtnPq8d+MnDkt958MmL1XVbL7Lk179FlRsrrmDNxYcHuwwac
fZ/+jODSTCL/lQPxP0qejOdRMgzbA6oi6fMp3tDQA9EDOz2HlObGI/HGP4e0COSB
acgSublKAmiafNbieJ2MqAtJev5sF/xF2nqGAVRnmoMsW++PRcp/ZD97PjVYqTPg
f3H+e0UrPPRgOQHCRBLTix0XbjADoN1vL6wNHvPtjHzG3TO4NdWMJsyAP17iynV5
g/F8SOE=
-----END CERTIFICATE-----
Generated at Sun May 12 18:35:23 2024 by rpki-client on console.sobornost.net