Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/u1CXJUxdVVlsPp1RZXylaiJDoWA.roa
File: u1CXJUxdVVlsPp1RZXylaiJDoWA.roa (raw, json)
Hash identifier: XfBW7AiuUJVn/huGF3r3MK+Oj7M/LSprEnvh3yTLN/w=
Subject key identifier: BB:50:97:25:4C:5D:55:59:6C:3E:9D:51:65:7C:A5:6A:22:43:A1:60
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 414D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u1CXJUxdVVlsPp1RZXylaiJDoWA.roa
Signing time: Mon 15 Apr 2024 15:52:53 +0000
ROA not before: Mon 15 Apr 2024 15:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16717 (0x414d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 15:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=BB5097254C5D55596C3E9D51657CA56A2243A160
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:52:87:a0:76:c9:5b:8c:6e:79:ca:00:f5:f7:
ea:37:32:18:d4:6c:82:cd:63:44:c0:64:53:2d:e0:
35:89:0d:00:84:4c:cd:3e:da:a8:4f:26:54:a6:8f:
ba:55:dd:31:0e:98:c4:32:bd:6f:76:9a:76:fb:de:
7b:dd:dc:e7:86:39:e2:67:f4:1f:4f:78:28:95:2f:
aa:d4:67:6c:b1:5f:dc:77:1b:97:a4:e6:30:19:38:
d8:3f:bb:97:c2:57:01:35:62:f4:6b:fe:2f:4c:a6:
6c:30:5a:3d:37:1f:9e:82:22:81:43:fa:8d:0d:8e:
d9:71:72:87:14:46:48:ce:39:db:6b:fa:36:65:0c:
16:24:c5:d8:f9:e4:7f:59:7f:cd:4c:6a:30:5b:e1:
a2:5f:a9:f5:9e:81:56:7a:ef:96:d8:0e:64:78:1f:
87:36:9a:62:f2:4e:7d:f1:2b:d6:ec:c4:de:c1:6d:
5d:28:a6:05:dd:94:bd:b0:98:c1:7d:dc:a5:77:d4:
64:92:6b:36:a5:01:dc:50:2f:52:63:ea:32:b8:fe:
4c:95:4f:f7:1e:a3:cd:29:21:f1:e5:c9:ad:66:55:
9b:4e:51:f0:6b:da:18:09:40:52:bb:80:0d:f9:ac:
42:ee:c1:77:55:54:fb:26:c0:4f:d0:34:73:e0:98:
5a:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:50:97:25:4C:5D:55:59:6C:3E:9D:51:65:7C:A5:6A:22:43:A1:60
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u1CXJUxdVVlsPp1RZXylaiJDoWA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
81:d0:16:f5:5b:b7:35:c8:39:d6:19:40:b2:77:1c:6a:d4:f4:
5c:e4:f4:0f:76:60:81:2e:35:a6:43:1c:23:5e:e2:e8:03:f4:
6e:13:1e:1e:c8:8b:07:6e:61:ea:98:46:99:b0:ea:1b:b0:93:
e0:9d:2e:98:66:4e:e2:04:e7:b7:c5:a1:4a:22:89:1d:23:1a:
4b:ec:bd:49:27:d5:95:27:1d:47:27:ab:21:44:18:f4:57:d5:
6a:a9:93:24:0e:38:20:ae:8a:24:7c:7e:90:cd:3d:76:97:d8:
aa:e2:e7:1c:2a:d6:f8:46:08:cf:22:f7:cd:9a:e0:34:25:7d:
d2:0c:da:f6:dd:d3:22:be:91:a7:97:37:1e:2a:4c:67:0b:be:
28:26:ee:10:a0:9a:18:d0:d7:bf:29:13:77:92:34:7d:ec:5e:
7e:74:a7:55:a3:d8:1b:90:0a:7a:32:4a:d3:ed:ea:bd:a2:ee:
55:5d:5b:0d:17:38:90:49:34:b3:d5:dc:4f:3f:12:a9:bb:00:
06:b5:43:bc:6f:16:0d:eb:06:a5:dc:aa:0c:8e:fc:0f:08:85:
59:4a:aa:ac:ea:36:98:b7:e8:ad:3d:5a:eb:ed:d6:f9:a8:59:
ad:96:5d:e1:de:77:f3:61:af:4a:ff:a1:03:4e:d4:5a:b6:47:
05:2f:ff:31
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQU0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
NTUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJCNTA5NzI1NEM1RDU1
NTk2QzNFOUQ1MTY1N0NBNTZBMjI0M0ExNjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCyUoegdslbjG55ygD19+o3MhjUbILNY0TAZFMt4DWJDQCETM0+
2qhPJlSmj7pV3TEOmMQyvW92mnb73nvd3OeGOeJn9B9PeCiVL6rUZ2yxX9x3G5ek
5jAZONg/u5fCVwE1YvRr/i9MpmwwWj03H56CIoFD+o0NjtlxcocURkjOOdtr+jZl
DBYkxdj55H9Zf81MajBb4aJfqfWegVZ675bYDmR4H4c2mmLyTn3xK9bsxN7BbV0o
pgXdlL2wmMF93KV31GSSazalAdxQL1Jj6jK4/kyVT/ceo80pIfHlya1mVZtOUfBr
2hgJQFK7gA35rELuwXdVVPsmwE/QNHPgmFpdAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUu1CXJUxdVVlsPp1RZXylaiJDoWAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3UxQ1hKVXhkVlZsc1Bw
MVJaWHlsYWlKRG9XQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIHQFvVbtzXIOdYZ
QLJ3HGrU9Fzk9A92YIEuNaZDHCNe4ugD9G4THh7IiwduYeqYRpmw6huwk+CdLphm
TuIE57fFoUoiiR0jGkvsvUkn1ZUnHUcnqyFEGPRX1WqpkyQOOCCuiiR8fpDNPXaX
2Kri5xwq1vhGCM8i982a4DQlfdIM2vbd0yK+kaeXNx4qTGcLvigm7hCgmhjQ178p
E3eSNH3sXn50p1Wj2BuQCnoyStPt6r2i7lVdWw0XOJBJNLPV3E8/Eqm7AAa1Q7xv
Fg3rBqXcqgyO/A8IhVlKqqzqNpi36K09Wuvt1vmoWa2WXeHed/Nhr0r/oQNO1Fq2
RwUv/zE=
-----END CERTIFICATE-----
Generated at Tue Apr 16 00:10:50 2024 by rpki-client on console.sobornost.net