Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rrTfHvxkYnu5IS48pk19BuRHIiA.roa
File: rrTfHvxkYnu5IS48pk19BuRHIiA.roa (raw, json)
Hash identifier: eh9sOHj7LaWw8JAAxbO9gez0T3ic6+xj5R1NQ6FLQ2A=
Subject key identifier: AE:B4:DF:1E:FC:64:62:7B:B9:21:2E:3C:A6:4D:7D:06:E4:47:22:20
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3A79
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rrTfHvxkYnu5IS48pk19BuRHIiA.roa
Signing time: Sat 06 Apr 2024 13:22:26 +0000
ROA not before: Sat 06 Apr 2024 13:22:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14969 (0x3a79)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 6 13:22:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AEB4DF1EFC64627BB9212E3CA64D7D06E4472220
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:63:ce:a8:fc:fc:ed:87:c4:db:3c:96:00:3e:
3b:a0:d6:81:89:6d:6f:22:a7:70:19:c1:7d:5f:ad:
bd:05:ff:8e:33:34:e6:ec:40:9b:49:18:d6:ec:21:
a4:61:9e:a4:14:45:26:6b:91:41:1c:31:03:ed:bf:
b2:7d:34:8e:fd:3a:c6:f3:c6:24:84:da:44:e1:a7:
0a:c5:09:50:ff:0b:51:1e:a2:38:5d:8d:1a:6a:33:
9d:56:84:53:1e:52:64:0e:b3:74:ae:d3:cf:8f:ec:
96:82:e4:87:fd:1e:08:0b:3f:0c:c8:95:c6:69:02:
7c:a2:6c:60:19:d9:d2:3b:63:a8:60:84:16:3b:3a:
16:05:d8:da:6f:d6:45:53:cf:c2:a1:7c:1d:2a:a0:
53:07:a6:37:e6:9a:18:66:ff:21:8f:7c:5a:ca:2e:
3c:87:a8:e5:80:2b:8d:1e:97:4a:ed:ba:79:38:3f:
5c:21:79:37:bc:5c:78:f7:a2:9d:d5:ec:e5:0d:ca:
87:6d:51:8a:bc:36:58:10:79:da:bf:f3:e9:9e:15:
99:9c:9e:82:ec:0f:6e:b1:4a:b5:cd:22:5a:66:05:
e9:4d:61:f4:35:e8:b3:73:e8:89:85:1d:84:8c:b0:
78:0e:eb:d0:fd:fd:b5:74:e3:0e:46:47:2c:57:9f:
d9:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:B4:DF:1E:FC:64:62:7B:B9:21:2E:3C:A6:4D:7D:06:E4:47:22:20
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rrTfHvxkYnu5IS48pk19BuRHIiA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
4a:3c:7b:a8:fd:c0:17:17:90:24:ea:f8:01:bb:f9:92:ff:83:
09:d0:70:21:69:a7:a3:cd:dc:13:12:f7:19:aa:8b:4a:55:11:
78:3a:a5:da:e6:7f:58:d4:57:b9:44:24:09:d2:29:8f:bd:dd:
60:27:2f:de:64:c1:76:fa:e2:8a:02:0d:5c:82:00:ea:7f:1e:
0b:68:9c:8e:5e:36:b7:05:40:9f:53:f6:25:07:d1:d6:5a:21:
0f:6a:07:c3:7d:da:ee:ab:86:bb:be:c6:63:4e:dc:76:b5:0d:
6f:e9:b6:4d:6b:d9:22:df:a4:ee:b8:64:69:22:72:d2:b9:ab:
b6:24:e1:fd:f4:07:6d:99:84:c2:8c:fd:14:14:3a:ea:6a:f8:
d8:3f:b1:3f:b8:26:2c:b4:af:f0:47:2b:db:d2:a7:64:99:1d:
0c:32:99:69:c1:27:e2:d8:c3:a7:d0:75:64:32:37:87:05:47:
f9:2c:90:c7:6b:09:dd:8d:e3:d4:54:37:38:f2:36:15:b5:86:
57:c7:a7:5f:6f:10:1d:de:18:2e:c5:ce:41:e8:8e:84:41:e7:
f4:f7:99:ea:30:c9:78:1f:3f:44:4e:53:65:3c:97:6d:c9:d9:
34:11:54:67:82:a7:f8:7a:5c:7d:25:95:2a:d2:ce:55:d9:7d:
82:9a:5b:a2
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOnkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDYx
MzIyMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFFQjRERjFFRkM2NDYy
N0JCOTIxMkUzQ0E2NEQ3RDA2RTQ0NzIyMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCaY86o/Pzth8TbPJYAPjug1oGJbW8ip3AZwX1frb0F/44zNObs
QJtJGNbsIaRhnqQURSZrkUEcMQPtv7J9NI79OsbzxiSE2kThpwrFCVD/C1Eeojhd
jRpqM51WhFMeUmQOs3Su08+P7JaC5If9HggLPwzIlcZpAnyibGAZ2dI7Y6hghBY7
OhYF2Npv1kVTz8KhfB0qoFMHpjfmmhhm/yGPfFrKLjyHqOWAK40el0rtunk4P1wh
eTe8XHj3op3V7OUNyodtUYq8NlgQedq/8+meFZmcnoLsD26xSrXNIlpmBelNYfQ1
6LNz6ImFHYSMsHgO69D9/bV04w5GRyxXn9lvAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUrrTfHvxkYnu5IS48pk19BuRHIiAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JyVGZIdnhrWW51NUlT
NDhwazE5QnVSSElpQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEo8e6j9wBcXkCTq
+AG7+ZL/gwnQcCFpp6PN3BMS9xmqi0pVEXg6pdrmf1jUV7lEJAnSKY+93WAnL95k
wXb64ooCDVyCAOp/HgtonI5eNrcFQJ9T9iUH0dZaIQ9qB8N92u6rhru+xmNO3Ha1
DW/ptk1r2SLfpO64ZGkictK5q7Yk4f30B22ZhMKM/RQUOupq+Ng/sT+4Jiy0r/BH
K9vSp2SZHQwymWnBJ+LYw6fQdWQyN4cFR/kskMdrCd2N49RUNzjyNhW1hlfHp19v
EB3eGC7FzkHojoRB5/T3meowyXgfP0ROU2U8l23J2TQRVGeCp/h6XH0llSrSzlXZ
fYKaW6I=
-----END CERTIFICATE-----
Generated at Sat Apr 6 20:08:04 2024 by rpki-client on console.sobornost.net