Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qYpp_FwFN1_7JCwkdALi4L8cDlg.roa
File: qYpp_FwFN1_7JCwkdALi4L8cDlg.roa (raw, json)
Hash identifier: vsg+SWp5JoY6uVXu9v/5cpiXErtSAwJH4+2TQqStS+Q=
Subject key identifier: A9:8A:69:FC:5C:05:37:5F:FB:24:2C:24:74:02:E2:E0:BF:1C:0E:58
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E31
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qYpp_FwFN1_7JCwkdALi4L8cDlg.roa
Signing time: Thu 02 May 2024 20:23:40 +0000
ROA not before: Thu 02 May 2024 20:23:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20017 (0x4e31)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 20:23:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A98A69FC5C05375FFB242C247402E2E0BF1C0E58
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:44:a7:7e:1a:be:24:37:b0:0d:62:0b:24:41:
d8:c7:82:e0:15:44:cf:cc:06:52:96:4d:d2:db:9b:
c8:8a:05:74:e4:87:d6:38:4c:f3:2a:47:be:4c:f2:
85:41:ce:db:a7:fb:fe:4b:cb:e2:36:b5:0d:15:59:
9f:d9:3a:23:cd:d4:ea:52:1e:08:3a:95:17:ec:57:
63:25:61:fc:bf:12:01:99:9d:78:32:cb:fc:96:2e:
85:21:f9:fc:78:1e:2a:1d:14:46:fe:b8:15:d7:9b:
4f:f2:7a:19:97:7a:83:69:b1:40:7d:9c:35:69:8e:
9f:8f:ff:f7:3b:ef:36:cf:83:7a:c9:77:1a:03:dc:
21:74:df:83:92:34:59:20:ac:8b:0f:33:7f:f8:c5:
cc:7e:b2:3b:1a:b5:8c:82:21:89:bf:cc:64:83:89:
ad:49:5d:ef:d8:bc:c6:d1:2b:06:a9:f6:10:72:f8:
b6:9f:61:8e:30:57:b6:78:74:70:6f:02:72:1a:31:
cf:e0:13:2a:8d:66:54:6c:52:c6:6f:13:2c:a6:ea:
5e:f1:c4:bd:0e:97:08:90:17:e5:95:d4:74:32:09:
3f:9b:88:2d:f4:ea:dd:59:fa:42:ba:cd:6a:dd:ed:
de:60:17:fc:d8:42:81:c8:ab:28:6a:18:c9:b8:32:
bc:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:8A:69:FC:5C:05:37:5F:FB:24:2C:24:74:02:E2:E0:BF:1C:0E:58
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qYpp_FwFN1_7JCwkdALi4L8cDlg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
47:d4:03:56:9b:12:65:83:d7:57:e6:53:43:0d:c0:14:83:4b:
4d:8b:5e:fc:e4:52:c3:1a:c6:76:f9:2f:b7:30:c1:ec:6c:e9:
7d:49:dc:77:9e:64:e7:eb:17:9c:f4:5c:be:4b:3a:81:7e:58:
e9:5a:96:6c:d6:db:af:ed:a5:11:18:93:90:66:da:02:84:11:
4f:95:e7:ac:d9:92:e9:03:0c:7b:f0:e2:72:fb:11:55:bd:45:
7a:e9:be:6f:4b:42:15:01:51:43:56:d3:94:ac:85:5c:b3:f5:
81:0e:b9:2b:cd:6b:dd:e2:24:95:88:b2:15:fc:ab:ab:70:ed:
a3:c6:45:b6:19:7a:b2:69:cd:03:c4:87:f1:f1:f9:af:47:cf:
b1:0e:33:79:bc:3b:7b:25:fe:09:3b:38:df:b5:22:4c:68:6c:
39:4f:39:27:92:36:ec:9e:bd:52:16:08:9c:93:2f:c0:55:97:
3d:2d:8f:69:4a:e3:dc:25:31:06:25:96:54:34:62:43:79:7f:
a0:15:03:ab:11:ff:3c:e5:70:0c:cc:e9:d8:62:a0:34:5e:af:
2b:1a:03:84:b6:83:6a:94:45:d5:5f:76:c0:cb:eb:4c:79:78:
cb:f8:67:be:6a:29:26:aa:06:45:99:39:1b:c8:41:06:d3:45:
39:93:98:4b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTjEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIy
MDIzNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE5OEE2OUZDNUMwNTM3
NUZGQjI0MkMyNDc0MDJFMkUwQkYxQzBFNTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClRKd+Gr4kN7ANYgskQdjHguAVRM/MBlKWTdLbm8iKBXTkh9Y4
TPMqR75M8oVBztun+/5Ly+I2tQ0VWZ/ZOiPN1OpSHgg6lRfsV2MlYfy/EgGZnXgy
y/yWLoUh+fx4HiodFEb+uBXXm0/yehmXeoNpsUB9nDVpjp+P//c77zbPg3rJdxoD
3CF034OSNFkgrIsPM3/4xcx+sjsatYyCIYm/zGSDia1JXe/YvMbRKwap9hBy+Laf
YY4wV7Z4dHBvAnIaMc/gEyqNZlRsUsZvEyym6l7xxL0OlwiQF+WV1HQyCT+biC30
6t1Z+kK6zWrd7d5gF/zYQoHIqyhqGMm4MrxtAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUqYpp/FwFN1/7JCwkdALi4L8cDlgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FZcHBfRndGTjFfN0pD
d2tkQUxpNEw4Y0RsZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEfUA1abEmWD11fm
U0MNwBSDS02LXvzkUsMaxnb5L7cwwexs6X1J3HeeZOfrF5z0XL5LOoF+WOlalmzW
26/tpREYk5Bm2gKEEU+V56zZkukDDHvw4nL7EVW9RXrpvm9LQhUBUUNW05SshVyz
9YEOuSvNa93iJJWIshX8q6tw7aPGRbYZerJpzQPEh/Hx+a9Hz7EOM3m8O3sl/gk7
ON+1IkxobDlPOSeSNuyevVIWCJyTL8BVlz0tj2lK49wlMQYlllQ0YkN5f6AVA6sR
/zzlcAzM6dhioDRerysaA4S2g2qURdVfdsDL60x5eMv4Z75qKSaqBkWZORvIQQbT
RTmTmEs=
-----END CERTIFICATE-----
Generated at Fri May 3 04:07:18 2024 by rpki-client on console.sobornost.net