Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/r6MoYzLrEuX9U-Kv_vSpGhxDLqQ.roa
File: r6MoYzLrEuX9U-Kv_vSpGhxDLqQ.roa (raw, json)
Hash identifier: 9N6c8bvfjmBo78t8lOpgF/6dhQoWUD6w0Gf5Z73ZtrY=
Subject key identifier: AF:A3:28:63:32:EB:12:E5:FD:53:E2:AF:FE:F4:A9:1A:1C:43:2E:A4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4BED
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/r6MoYzLrEuX9U-Kv_vSpGhxDLqQ.roa
Signing time: Mon 29 Apr 2024 19:53:32 +0000
ROA not before: Mon 29 Apr 2024 19:53:32 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19437 (0x4bed)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 19:53:32 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AFA3286332EB12E5FD53E2AFFEF4A91A1C432EA4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:e9:9b:3d:36:81:31:42:d5:18:20:af:7e:81:
c8:b5:2f:f7:91:d8:c8:0b:c8:ea:64:cb:96:da:88:
a7:3d:8a:ec:b6:9e:ad:cb:3f:10:8e:ee:cd:d6:5f:
68:d8:d2:f3:80:9e:3b:45:0c:b6:c3:4d:81:7b:ce:
a4:c5:05:0e:14:b6:16:35:2b:a3:1e:d6:86:82:d8:
5d:73:d3:02:84:73:96:07:e9:9e:a8:b3:eb:7e:5f:
6b:42:e1:07:8c:2d:54:8e:d7:62:ae:ec:6a:03:4b:
31:4e:bc:89:e0:62:5e:d7:6d:34:8e:70:ba:0e:3d:
e7:bb:11:f0:cf:bb:9b:f0:50:c1:a3:88:fb:59:a0:
39:43:90:e5:a9:45:86:90:24:8d:ed:9f:e1:69:90:
51:85:b8:dc:9a:1e:2f:c0:c8:87:44:fd:3b:a4:10:
36:98:4a:54:9a:07:ba:a5:cd:c3:23:10:ac:dd:0f:
fc:4f:49:ad:b0:b6:1e:28:cc:40:fd:80:1a:35:47:
a7:63:00:2b:54:84:61:5f:22:be:fa:ad:64:77:59:
b7:61:f1:fa:b1:6e:68:0b:ca:3b:51:bf:c0:cb:69:
dd:9c:75:75:d9:17:13:e2:d2:9e:52:cc:fa:16:b4:
29:61:0e:0a:05:a3:7b:3f:07:a4:c8:ab:13:64:e6:
c7:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:A3:28:63:32:EB:12:E5:FD:53:E2:AF:FE:F4:A9:1A:1C:43:2E:A4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/r6MoYzLrEuX9U-Kv_vSpGhxDLqQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
63:16:12:b2:1f:57:73:5d:95:b7:be:0d:41:fd:67:53:89:8f:
1a:58:2a:4f:01:9b:12:ea:6e:67:32:07:07:86:d6:da:db:87:
3a:c7:f1:82:86:91:f8:82:95:16:40:71:e0:d9:0a:64:f8:56:
0b:04:d8:8d:bc:9c:43:db:5c:16:4c:33:87:c9:6c:96:d5:15:
69:db:c4:3b:59:de:f3:51:c4:9c:b8:9f:63:97:12:14:74:a8:
a6:61:67:ed:fa:a1:d8:51:eb:0c:df:33:4a:43:5a:76:95:26:
85:46:ee:9d:25:a7:68:56:4a:29:ff:ad:7b:9c:c6:c3:4c:a8:
ff:fa:34:8e:33:4c:ab:2e:d0:0c:ad:50:94:9b:50:26:6b:a9:
3d:e1:f8:00:f1:62:d4:d7:f5:48:32:a4:d2:ac:ed:d4:71:80:
26:46:86:39:1d:09:73:3e:3f:2b:fa:70:a2:ba:93:21:c3:cd:
9e:9d:b7:f5:b7:4e:59:a7:e6:b6:86:df:8c:75:93:9d:aa:f5:
fc:d3:17:28:21:16:4e:f1:9b:94:23:5f:7f:36:2b:49:79:95:
f9:65:31:09:8e:6b:c9:a1:93:92:cb:4c:93:ed:45:b1:6c:83:
e2:2d:2c:a3:c9:b2:8c:5b:52:da:d7:8a:a1:5f:e7:c3:cd:a9:
7d:e1:a9:47
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICS+0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkx
OTUzMzJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFGQTMyODYzMzJFQjEy
RTVGRDUzRTJBRkZFRjRBOTFBMUM0MzJFQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDH6Zs9NoExQtUYIK9+gci1L/eR2MgLyOpky5baiKc9iuy2nq3L
PxCO7s3WX2jY0vOAnjtFDLbDTYF7zqTFBQ4UthY1K6Me1oaC2F1z0wKEc5YH6Z6o
s+t+X2tC4QeMLVSO12Ku7GoDSzFOvIngYl7XbTSOcLoOPee7EfDPu5vwUMGjiPtZ
oDlDkOWpRYaQJI3tn+FpkFGFuNyaHi/AyIdE/TukEDaYSlSaB7qlzcMjEKzdD/xP
Sa2wth4ozED9gBo1R6djACtUhGFfIr76rWR3Wbdh8fqxbmgLyjtRv8DLad2cdXXZ
FxPi0p5SzPoWtClhDgoFo3s/B6TIqxNk5scLAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUr6MoYzLrEuX9U+Kv/vSpGhxDLqQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3I2TW9ZekxyRXVYOVUt
S3ZfdlNwR2h4RExxUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGMWErIfV3Ndlbe+
DUH9Z1OJjxpYKk8BmxLqbmcyBweG1trbhzrH8YKGkfiClRZAceDZCmT4VgsE2I28
nEPbXBZMM4fJbJbVFWnbxDtZ3vNRxJy4n2OXEhR0qKZhZ+36odhR6wzfM0pDWnaV
JoVG7p0lp2hWSin/rXucxsNMqP/6NI4zTKsu0AytUJSbUCZrqT3h+ADxYtTX9Ugy
pNKs7dRxgCZGhjkdCXM+Pyv6cKK6kyHDzZ6dt/W3Tlmn5raG34x1k52q9fzTFygh
Fk7xm5QjX382K0l5lfllMQmOa8mhk5LLTJPtRbFsg+ItLKPJsoxbUtrXiqFf58PN
qX3hqUc=
-----END CERTIFICATE-----
Generated at Tue Apr 30 01:07:20 2024 by rpki-client on console.sobornost.net