Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rNJctim5hik9ew865yMoFzit2UU.roa
File: rNJctim5hik9ew865yMoFzit2UU.roa (raw, json)
Hash identifier: eU+c9f88EG9oDTbCcksOtBQqvnC9Yjn836iryBdAuzc=
Subject key identifier: AC:D2:5C:B6:29:B9:86:29:3D:7B:0F:3A:E7:23:28:17:38:AD:D9:45
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A3D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rNJctim5hik9ew865yMoFzit2UU.roa
Signing time: Sat 27 Apr 2024 13:53:25 +0000
ROA not before: Sat 27 Apr 2024 13:53:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19005 (0x4a3d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 13:53:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ACD25CB629B986293D7B0F3AE723281738ADD945
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:13:43:50:f3:5a:fe:c2:a6:80:05:dc:86:e9:
ac:9e:e0:bb:da:11:84:c5:80:40:88:2d:ae:1c:1b:
05:b2:25:ab:c9:75:14:bd:85:63:5f:3f:57:f9:89:
df:7e:7b:3b:89:5a:b4:33:b4:b1:16:ad:de:b4:44:
18:08:a0:97:4c:d0:48:50:95:3c:e5:36:22:2b:a2:
b5:a5:43:aa:2e:63:2c:73:b4:96:f9:90:f2:27:8d:
6b:c4:10:39:69:9a:e9:44:7d:29:c7:1b:34:1b:1d:
a4:59:63:22:90:a8:ed:dd:4f:30:94:1d:71:fb:15:
1a:a1:02:6e:09:26:99:d8:35:73:78:62:7a:96:a8:
a7:62:ca:df:c1:76:5d:50:6d:c9:7c:41:5b:b5:81:
a5:4c:7d:80:41:05:61:b9:58:b5:3a:03:93:bc:05:
50:8f:83:bb:34:9b:f3:a3:b9:90:6e:b8:ea:3f:e7:
e8:7f:05:50:4f:40:5a:aa:50:33:d4:4f:b1:46:af:
9e:24:e1:2d:f5:0e:f1:44:12:8f:a3:ec:ed:2e:21:
52:65:d9:4a:75:b3:89:46:ab:2e:d3:3a:ec:03:c4:
b9:1c:35:54:3d:63:21:77:0e:b6:57:56:9a:68:f4:
3f:17:28:70:87:f6:19:70:d4:f0:13:4b:0b:35:c4:
20:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:D2:5C:B6:29:B9:86:29:3D:7B:0F:3A:E7:23:28:17:38:AD:D9:45
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rNJctim5hik9ew865yMoFzit2UU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
8d:6e:4a:90:01:94:77:b8:42:32:a6:a9:47:d8:b2:99:8d:ee:
50:35:f1:18:8a:d3:09:9a:56:15:31:e2:b5:c5:47:26:aa:20:
34:69:1a:80:16:2c:a8:33:df:3e:f8:49:c9:13:d6:48:05:d7:
db:e3:0d:cc:a5:18:ba:be:f7:34:4a:a0:d7:03:f8:9f:0e:16:
c7:db:03:d1:56:a0:cf:f2:af:72:13:99:16:89:dd:00:62:64:
05:45:c6:2b:8a:e7:75:1c:ce:ed:87:69:a6:ac:a8:d4:b3:94:
4c:75:6b:be:54:65:c7:ba:2d:24:f6:37:84:d9:0b:e1:fc:00:
9a:7b:70:7f:cd:6b:07:3e:f4:51:11:9b:c0:bc:4b:ab:e8:24:
41:a0:e6:96:4b:9b:33:eb:e8:c1:0f:1c:2d:75:fb:58:6e:bc:
22:8b:35:95:49:b5:c9:f4:e1:91:92:66:5e:d2:46:9f:3b:d0:
9b:e0:36:41:76:7c:9c:ba:79:ae:42:7e:44:b0:fe:19:7d:3f:
2d:f2:ac:6f:a8:61:d8:a8:09:ce:cb:8b:c1:2d:0b:a7:14:b2:
ec:4b:9a:45:76:24:3a:c2:b1:25:eb:cd:90:b3:ef:4a:61:6b:
57:ad:26:cf:03:81:d5:40:a6:91:c4:e4:6f:c7:f5:99:8b:b0:
60:12:ac:cc
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSj0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcx
MzUzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFDRDI1Q0I2MjlCOTg2
MjkzRDdCMEYzQUU3MjMyODE3MzhBREQ5NDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnE0NQ81r+wqaABdyG6aye4LvaEYTFgECILa4cGwWyJavJdRS9
hWNfP1f5id9+ezuJWrQztLEWrd60RBgIoJdM0EhQlTzlNiIrorWlQ6ouYyxztJb5
kPInjWvEEDlpmulEfSnHGzQbHaRZYyKQqO3dTzCUHXH7FRqhAm4JJpnYNXN4YnqW
qKdiyt/Bdl1Qbcl8QVu1gaVMfYBBBWG5WLU6A5O8BVCPg7s0m/OjuZBuuOo/5+h/
BVBPQFqqUDPUT7FGr54k4S31DvFEEo+j7O0uIVJl2Up1s4lGqy7TOuwDxLkcNVQ9
YyF3DrZXVppo9D8XKHCH9hlw1PATSws1xCC3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUrNJctim5hik9ew865yMoFzit2UUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JOSmN0aW01aGlrOWV3
ODY1eU1vRnppdDJVVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAI1uSpABlHe4QjKm
qUfYspmN7lA18RiK0wmaVhUx4rXFRyaqIDRpGoAWLKgz3z74SckT1kgF19vjDcyl
GLq+9zRKoNcD+J8OFsfbA9FWoM/yr3ITmRaJ3QBiZAVFxiuK53Uczu2HaaasqNSz
lEx1a75UZce6LST2N4TZC+H8AJp7cH/Nawc+9FERm8C8S6voJEGg5pZLmzPr6MEP
HC11+1huvCKLNZVJtcn04ZGSZl7SRp870JvgNkF2fJy6ea5CfkSw/hl9Py3yrG+o
YdioCc7Li8EtC6cUsuxLmkV2JDrCsSXrzZCz70pha1etJs8DgdVAppHE5G/H9ZmL
sGASrMw=
-----END CERTIFICATE-----
Generated at Sat Apr 27 20:46:50 2024 by rpki-client on console.sobornost.net