Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/t0l1fJYkgw0S-hlk7ZC_44YxYhw.roa
File: t0l1fJYkgw0S-hlk7ZC_44YxYhw.roa (raw, json)
Hash identifier: x+H+5w/HbIi1vEpUd3XrtRPBGJHKK4QxnqqZpG9RJek=
Subject key identifier: B7:49:75:7C:96:24:83:0D:12:FA:19:64:ED:90:BF:E3:86:31:62:1C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C99
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/t0l1fJYkgw0S-hlk7ZC_44YxYhw.roa
Signing time: Tue 30 Apr 2024 17:23:34 +0000
ROA not before: Tue 30 Apr 2024 17:23:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19609 (0x4c99)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 17:23:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B749757C9624830D12FA1964ED90BFE38631621C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:be:ef:54:84:af:15:4e:ef:ee:fe:b9:ca:e5:
fc:c4:fe:6f:55:94:c2:9a:44:76:cc:3a:45:9c:e6:
e1:9e:c8:0c:3b:66:79:75:84:db:9c:c5:e1:60:4e:
8e:8e:c4:7d:1d:c9:e5:48:ab:d1:3b:17:5c:97:93:
4d:48:67:78:b6:b6:5c:d6:c8:93:15:00:fd:3d:20:
d1:15:cb:56:6b:0d:a2:35:1c:ec:25:8a:99:3e:1a:
e3:d5:b8:c2:d3:13:89:35:8a:a2:b7:2e:0c:4e:f6:
48:13:a3:14:16:4a:04:71:43:18:07:59:d6:27:9c:
f3:57:5b:a9:18:0e:bb:fd:3f:af:8e:70:47:00:c3:
37:1c:f9:72:a4:a5:15:92:cb:a9:f8:30:04:1b:5f:
c5:be:4e:cd:f7:c3:1a:32:0a:a6:f4:05:c0:17:3b:
08:c9:6b:d1:cd:1a:80:4a:36:c1:9b:28:f0:53:64:
89:37:79:99:e2:05:05:ca:fe:29:5d:6b:4f:52:4a:
c3:53:95:fd:41:0f:22:3d:97:0c:79:00:e0:61:09:
fd:38:23:0c:13:28:e7:3a:d0:9d:3d:e4:a5:d0:55:
c6:4f:65:79:3d:34:b0:dc:23:0b:8f:dc:87:4e:f1:
40:3a:2b:aa:9b:78:75:8c:cc:f1:da:9b:3b:f2:0c:
9c:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:49:75:7C:96:24:83:0D:12:FA:19:64:ED:90:BF:E3:86:31:62:1C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/t0l1fJYkgw0S-hlk7ZC_44YxYhw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
94:95:e5:81:34:33:de:5b:78:b7:28:08:b2:09:0b:3e:63:05:
9d:79:6a:94:a6:8c:a9:bd:be:f5:a9:06:51:47:a9:0e:48:87:
2d:c8:74:2a:6a:94:69:11:f3:6f:ff:49:1d:c8:d6:3e:6e:82:
25:ed:83:db:6a:a2:00:cd:b2:05:79:46:ae:5f:50:d7:0f:4b:
d3:75:cc:dd:15:29:23:68:82:0b:85:d5:30:43:04:1d:39:f5:
a7:16:81:e7:7f:ed:b8:91:ef:ba:e7:41:02:42:9e:ef:2a:c3:
e0:e4:c9:72:17:8f:05:65:a3:58:92:76:0d:d4:4a:d0:56:1b:
96:53:85:a1:76:97:b6:ae:7a:23:8f:e5:b4:ed:65:c4:91:8b:
3d:82:81:cc:c2:1c:79:dc:e5:1b:06:8f:ac:47:58:02:14:6f:
55:21:d9:34:c3:d4:b1:81:d7:5f:40:fb:c9:b0:bc:6b:75:09:
2b:75:71:e4:64:34:23:ea:4d:79:0a:59:d4:24:f4:7b:b3:65:
e4:54:d2:38:70:4f:9d:82:1a:b6:54:10:97:0c:85:1e:c0:dd:
0a:4e:7c:5c:41:9d:e2:a3:d8:69:a0:b6:c5:5b:82:4b:50:57:
e6:fc:80:1c:96:72:86:52:b1:86:a3:d7:4a:f4:c8:cc:26:d0:
37:61:04:31
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTJkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAx
NzIzMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI3NDk3NTdDOTYyNDgz
MEQxMkZBMTk2NEVEOTBCRkUzODYzMTYyMUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQvu9UhK8VTu/u/rnK5fzE/m9VlMKaRHbMOkWc5uGeyAw7Znl1
hNucxeFgTo6OxH0dyeVIq9E7F1yXk01IZ3i2tlzWyJMVAP09INEVy1ZrDaI1HOwl
ipk+GuPVuMLTE4k1iqK3LgxO9kgToxQWSgRxQxgHWdYnnPNXW6kYDrv9P6+OcEcA
wzcc+XKkpRWSy6n4MAQbX8W+Ts33wxoyCqb0BcAXOwjJa9HNGoBKNsGbKPBTZIk3
eZniBQXK/ilda09SSsNTlf1BDyI9lwx5AOBhCf04IwwTKOc60J095KXQVcZPZXk9
NLDcIwuP3IdO8UA6K6qbeHWMzPHamzvyDJwTAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUt0l1fJYkgw0S+hlk7ZC/44YxYhwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3QwbDFmSllrZ3cwUy1o
bGs3WkNfNDRZeFlody5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJSV5YE0M95beLco
CLIJCz5jBZ15apSmjKm9vvWpBlFHqQ5Ihy3IdCpqlGkR82//SR3I1j5ugiXtg9tq
ogDNsgV5Rq5fUNcPS9N1zN0VKSNogguF1TBDBB059acWged/7biR77rnQQJCnu8q
w+DkyXIXjwVlo1iSdg3UStBWG5ZThaF2l7aueiOP5bTtZcSRiz2CgczCHHnc5RsG
j6xHWAIUb1Uh2TTD1LGB119A+8mwvGt1CSt1ceRkNCPqTXkKWdQk9HuzZeRU0jhw
T52CGrZUEJcMhR7A3QpOfFxBneKj2GmgtsVbgktQV+b8gByWcoZSsYaj10r0yMwm
0DdhBDE=
-----END CERTIFICATE-----
Generated at Tue Apr 30 22:25:24 2024 by rpki-client on console.sobornost.net