Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qJM8j8soATCsCKhbjeLSzDJj8wA.roa
File: qJM8j8soATCsCKhbjeLSzDJj8wA.roa (raw, json)
Hash identifier: +Gh8pvcpCqtHNt8RL67r9f7WXGckQD56qCiQdHIbACE=
Subject key identifier: A8:93:3C:8F:CB:28:01:30:AC:08:A8:5B:8D:E2:D2:CC:32:63:F3:00
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 36C5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qJM8j8soATCsCKhbjeLSzDJj8wA.roa
Signing time: Mon 01 Apr 2024 14:52:11 +0000
ROA not before: Mon 01 Apr 2024 14:52:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14021 (0x36c5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 1 14:52:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A8933C8FCB280130AC08A85B8DE2D2CC3263F300
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:6c:29:48:a1:f8:b7:c1:26:b8:c2:91:d7:8b:
d6:94:91:4c:5d:46:3a:78:e4:71:17:ee:c4:07:cc:
ae:f8:1c:34:c2:af:e5:1d:55:5a:dc:ac:53:08:01:
c0:06:74:80:c3:1a:b3:f7:e4:e3:30:bb:36:a4:d2:
66:24:c8:64:a3:c7:c8:22:13:49:9f:bd:05:ee:18:
3b:84:62:3a:56:4c:b9:06:64:51:a4:5e:a0:7b:a0:
f2:22:fb:8a:7c:b9:4a:06:73:c1:3f:ba:56:8e:81:
c0:bd:fa:0c:b5:60:ca:f9:8a:ca:10:1d:89:69:12:
f8:21:aa:a2:b3:17:ec:cf:90:91:63:37:8d:4b:25:
47:4b:d9:3b:16:df:27:b3:00:d9:e9:be:21:21:2f:
32:5f:6f:bf:98:51:5e:8f:93:4f:7c:b6:3c:1e:6a:
e6:40:3b:d8:7a:9a:94:67:ae:45:8d:ff:04:bc:76:
43:5e:c5:24:a0:35:27:f6:36:61:c8:b6:c8:ba:6e:
9f:fb:d0:cd:1d:bb:c3:f5:c6:8e:f0:ab:8c:77:00:
41:1b:b9:0e:84:62:0c:1b:0b:a6:e5:e6:13:5a:2e:
5e:c7:7e:75:26:80:32:f7:47:9b:89:bc:17:d0:8a:
f1:45:f1:d7:56:9b:21:e1:f2:7f:6b:02:30:93:e4:
3e:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:93:3C:8F:CB:28:01:30:AC:08:A8:5B:8D:E2:D2:CC:32:63:F3:00
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qJM8j8soATCsCKhbjeLSzDJj8wA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
08:d2:73:10:8d:07:9e:f7:ff:0c:d3:c2:05:9a:03:db:40:05:
0d:95:2d:c9:2f:f2:58:3f:68:07:34:bd:d4:9d:13:1c:d4:f6:
f9:f2:5e:68:97:e2:d2:20:3e:61:24:c7:03:03:a0:2e:b0:ea:
45:1b:52:92:2a:34:b4:6a:a3:58:d5:69:1f:46:d5:59:29:72:
3a:3c:3b:d6:a9:79:52:8e:bd:13:a6:27:e3:27:14:9a:a6:c3:
c7:c1:53:03:af:33:ec:a4:cf:0d:75:c7:4a:9d:a5:cb:96:73:
4c:af:ab:00:e8:1f:8c:eb:22:20:ea:54:d0:bc:0f:96:2c:f7:
a8:48:9e:12:08:0a:28:73:e0:b6:1e:5f:9a:1f:a7:ef:39:b2:
94:4f:8e:02:21:6e:25:08:c6:93:22:22:13:89:6c:6c:4b:a8:
91:f0:aa:21:97:54:9f:5e:4b:e0:c8:a2:d8:5a:f6:ce:91:ff:
16:e5:af:8c:ac:e9:89:61:80:93:67:17:5f:85:45:40:91:5e:
5a:20:89:80:8e:51:65:19:84:05:7d:75:51:48:fd:a2:7f:f7:
54:d1:83:10:3c:f2:66:f0:67:1c:3a:a8:b3:ac:ba:9f:3e:f0:
56:e1:d3:8b:f3:5d:6f:39:13:4a:55:ba:98:d0:f2:e0:7a:29:
3e:6b:91:45
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNsUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDEx
NDUyMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE4OTMzQzhGQ0IyODAx
MzBBQzA4QTg1QjhERTJEMkNDMzI2M0YzMDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/bClIofi3wSa4wpHXi9aUkUxdRjp45HEX7sQHzK74HDTCr+Ud
VVrcrFMIAcAGdIDDGrP35OMwuzak0mYkyGSjx8giE0mfvQXuGDuEYjpWTLkGZFGk
XqB7oPIi+4p8uUoGc8E/ulaOgcC9+gy1YMr5isoQHYlpEvghqqKzF+zPkJFjN41L
JUdL2TsW3yezANnpviEhLzJfb7+YUV6Pk098tjweauZAO9h6mpRnrkWN/wS8dkNe
xSSgNSf2NmHItsi6bp/70M0du8P1xo7wq4x3AEEbuQ6EYgwbC6bl5hNaLl7HfnUm
gDL3R5uJvBfQivFF8ddWmyHh8n9rAjCT5D5BAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUqJM8j8soATCsCKhbjeLSzDJj8wAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FKTThqOHNvQVRDc0NL
aGJqZUxTekRKajh3QS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAjScxCNB573/wzT
wgWaA9tABQ2VLckv8lg/aAc0vdSdExzU9vnyXmiX4tIgPmEkxwMDoC6w6kUbUpIq
NLRqo1jVaR9G1Vkpcjo8O9apeVKOvROmJ+MnFJqmw8fBUwOvM+ykzw11x0qdpcuW
c0yvqwDoH4zrIiDqVNC8D5Ys96hInhIICihz4LYeX5ofp+85spRPjgIhbiUIxpMi
IhOJbGxLqJHwqiGXVJ9eS+DIotha9s6R/xblr4ys6YlhgJNnF1+FRUCRXlogiYCO
UWUZhAV9dVFI/aJ/91TRgxA88mbwZxw6qLOsup8+8Fbh04vzXW85E0pVupjQ8uB6
KT5rkUU=
-----END CERTIFICATE-----
Generated at Mon Apr 1 20:28:32 2024 by rpki-client on console.sobornost.net