Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/sqckQjc96pStNXNEuSHnt49C4mU.roa
File: sqckQjc96pStNXNEuSHnt49C4mU.roa (raw, json)
Hash identifier: 5/bQBavypoIwOdx4GHW+mrcZHRydblajhig+0N97/BM=
Subject key identifier: B2:A7:24:42:37:3D:EA:94:AD:35:73:44:B9:21:E7:B7:8F:42:E2:65
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54B9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sqckQjc96pStNXNEuSHnt49C4mU.roa
Signing time: Sat 11 May 2024 13:24:23 +0000
ROA not before: Sat 11 May 2024 13:24:23 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21689 (0x54b9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 13:24:23 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B2A72442373DEA94AD357344B921E7B78F42E265
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:a5:ec:3b:b5:3e:f7:41:67:1b:ce:38:f4:d8:
4c:63:fa:74:ac:e1:7e:41:50:6e:e9:2d:6f:0f:7b:
76:a4:c1:dd:1a:bf:14:62:6e:b3:18:c8:53:05:fd:
3d:89:a3:ce:a9:41:10:50:bb:4d:b2:78:0d:6a:22:
bd:45:9a:21:ea:fd:2c:27:9e:ba:b0:d4:03:9d:fa:
57:43:ab:d4:39:2f:20:39:9b:cf:be:49:3b:8c:c6:
91:43:c3:b0:c3:e3:38:d7:6e:6e:e8:c6:e2:4c:81:
10:ca:51:07:6f:62:8a:a4:dd:34:9d:7f:8c:67:c8:
a6:af:c2:2a:6a:dd:e7:e0:60:1b:36:b7:c9:44:ea:
ce:7c:99:a1:8a:18:fd:8a:b2:5e:b5:90:d6:96:f7:
1b:8b:d7:6b:de:4c:cd:6f:c0:5b:d9:e4:bb:c7:0b:
87:1a:03:4c:de:e1:fd:1b:7d:e7:d7:c2:10:b0:8e:
8c:2c:b5:95:2d:cf:86:ca:b4:cb:07:02:df:67:1d:
6e:c9:b9:3e:7c:03:3c:1e:77:73:e4:3c:73:2d:96:
a8:aa:b3:ed:c6:b3:fe:8d:9e:c2:98:2a:dc:c6:1e:
57:11:12:1a:b8:62:32:65:76:00:1b:19:2f:38:52:
0d:d3:8d:35:c6:28:4a:ab:ad:12:8e:5f:4b:f6:21:
2d:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:A7:24:42:37:3D:EA:94:AD:35:73:44:B9:21:E7:B7:8F:42:E2:65
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sqckQjc96pStNXNEuSHnt49C4mU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
99:87:49:ed:67:3d:6e:bc:8b:8f:63:2e:61:48:a3:f8:15:94:
93:c8:43:77:fc:4a:45:f8:3c:0d:3c:b4:2e:d5:7e:83:d8:27:
79:e2:01:49:71:79:51:da:36:d2:73:58:88:62:31:d7:88:f0:
49:81:50:bb:ae:a6:5d:ca:1d:26:05:ab:4a:c9:dd:5c:7d:5e:
55:75:31:4b:d9:82:79:b3:58:2f:0a:b0:cd:51:0a:a8:af:cd:
ff:e4:93:cc:a0:7a:ea:e3:85:b4:d9:74:e2:34:aa:0d:3c:b1:
3e:9f:71:6f:e1:7d:9c:32:3f:74:e8:fa:87:82:a6:a6:1f:15:
a3:94:e5:36:14:59:1f:90:4c:45:ed:4e:18:50:fd:ff:36:c8:
b8:fd:6f:8c:88:d0:5f:5a:49:bc:30:d4:85:c5:db:65:a0:22:
ab:cc:cb:c5:ae:02:52:84:6c:03:a3:03:db:d4:c3:9e:2f:f1:
ae:70:ff:a9:1f:03:68:54:c4:de:53:cd:9c:22:78:38:4f:71:
54:28:88:ff:d1:77:dc:02:8b:15:91:da:eb:2a:1c:42:b1:8e:
09:f1:3c:44:22:2b:c8:0b:84:40:4a:7c:f6:2d:dd:6d:8b:e2:
b2:51:60:c7:36:53:6e:97:3a:08:3d:2c:9b:ec:57:0b:ec:82:
d2:c2:04:96
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVLkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEx
MzI0MjNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEIyQTcyNDQyMzczREVB
OTRBRDM1NzM0NEI5MjFFN0I3OEY0MkUyNjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/pew7tT73QWcbzjj02Exj+nSs4X5BUG7pLW8Pe3akwd0avxRi
brMYyFMF/T2Jo86pQRBQu02yeA1qIr1FmiHq/Swnnrqw1AOd+ldDq9Q5LyA5m8++
STuMxpFDw7DD4zjXbm7oxuJMgRDKUQdvYoqk3TSdf4xnyKavwipq3efgYBs2t8lE
6s58maGKGP2Ksl61kNaW9xuL12veTM1vwFvZ5LvHC4caA0ze4f0bfefXwhCwjows
tZUtz4bKtMsHAt9nHW7JuT58Azwed3PkPHMtlqiqs+3Gs/6NnsKYKtzGHlcREhq4
YjJldgAbGS84Ug3TjTXGKEqrrRKOX0v2IS2JAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUsqckQjc96pStNXNEuSHnt49C4mUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NxY2tRamM5NnBTdE5Y
TkV1U0hudDQ5QzRtVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJmHSe1nPW68i49j
LmFIo/gVlJPIQ3f8SkX4PA08tC7VfoPYJ3niAUlxeVHaNtJzWIhiMdeI8EmBULuu
pl3KHSYFq0rJ3Vx9XlV1MUvZgnmzWC8KsM1RCqivzf/kk8ygeurjhbTZdOI0qg08
sT6fcW/hfZwyP3To+oeCpqYfFaOU5TYUWR+QTEXtThhQ/f82yLj9b4yI0F9aSbww
1IXF22WgIqvMy8WuAlKEbAOjA9vUw54v8a5w/6kfA2hUxN5TzZwieDhPcVQoiP/R
d9wCixWR2usqHEKxjgnxPEQiK8gLhEBKfPYt3W2L4rJRYMc2U26XOgg9LJvsVwvs
gtLCBJY=
-----END CERTIFICATE-----
Generated at Sat May 11 18:33:36 2024 by rpki-client on console.sobornost.net