Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/urrpgG7O1n5vgJe701xCV6z5YSM.roa
File: urrpgG7O1n5vgJe701xCV6z5YSM.roa (raw, json)
Hash identifier: P3mT9ht0/lhSo9GrR07Diahb/4OmMBrz1LdbAl2TZ60=
Subject key identifier: BA:BA:E9:80:6E:CE:D6:7E:6F:80:97:BB:D3:5C:42:57:AC:F9:61:23
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 38F5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/urrpgG7O1n5vgJe701xCV6z5YSM.roa
Signing time: Thu 04 Apr 2024 12:52:20 +0000
ROA not before: Thu 04 Apr 2024 12:52:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14581 (0x38f5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 4 12:52:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=BABAE9806ECED67E6F8097BBD35C4257ACF96123
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:b5:a7:c3:28:33:6d:fc:60:58:c6:44:18:da:
e0:53:18:54:68:55:6e:95:a0:c6:d2:34:d4:cc:9e:
b1:d4:17:d8:08:74:90:a0:10:b6:a4:f6:f3:c0:60:
3f:22:0e:17:29:53:72:9d:62:1d:1c:f6:cb:fd:65:
a7:ba:2e:84:3e:1b:32:5f:7f:98:c2:e9:5e:9f:5d:
72:ce:b3:3d:08:4c:97:ab:c3:db:0f:a3:49:fc:d9:
95:b7:f8:d7:8c:6d:57:c7:bc:b6:ed:9c:8a:1a:78:
ad:61:04:43:e9:d1:4d:0c:66:fa:62:72:3a:f2:e3:
cd:f8:1a:fc:12:62:64:f4:bd:8e:21:f6:c4:0f:89:
c3:2f:bf:8a:27:65:49:54:07:cd:32:a6:8a:21:31:
54:a8:60:1a:f7:16:4a:fe:8b:6a:02:1d:72:8f:de:
a5:65:51:66:17:b4:39:00:49:ca:d1:66:bd:40:f2:
99:90:e2:98:d8:91:61:79:28:85:f7:5c:0d:25:b9:
52:64:fe:cf:97:99:e0:20:34:ba:10:15:22:cc:92:
03:23:ea:5e:56:24:db:28:ef:10:8e:cf:4d:ff:6f:
99:53:9e:5e:c3:a1:60:28:89:09:92:f3:8f:ba:86:
10:5e:00:4d:36:af:58:55:f7:95:1d:4d:78:ff:6a:
3b:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:BA:E9:80:6E:CE:D6:7E:6F:80:97:BB:D3:5C:42:57:AC:F9:61:23
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/urrpgG7O1n5vgJe701xCV6z5YSM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
46:e7:0e:58:1e:0c:c5:32:78:e6:8a:02:ff:f3:5b:e9:0f:d7:
bf:e2:09:25:fe:87:91:77:26:96:cd:7a:a5:6e:2c:dc:36:db:
2d:bd:3a:c8:b1:c2:d5:13:66:f6:c5:01:40:6d:33:0f:b8:4f:
15:0a:9f:94:16:1d:bf:7d:75:a4:7e:6c:d9:62:40:72:e8:c1:
4b:74:f4:b4:43:fe:20:8f:5f:d9:0c:c0:6b:fa:c2:9e:01:24:
e3:8a:1b:c5:76:c2:d8:c3:27:36:10:41:7e:dc:54:f8:5e:95:
b6:0f:30:24:6b:78:56:4c:46:87:d4:c7:70:12:0c:d8:81:fa:
8d:f0:e0:13:5f:b0:6b:c7:9b:e2:84:d6:ab:0e:1a:72:c4:4a:
d7:9d:0f:2b:2b:d4:49:e8:33:91:c1:ea:f9:b8:19:60:db:76:
21:cd:a2:83:7e:0a:5f:59:67:cd:73:20:17:75:0e:17:89:bb:
75:99:bc:c1:69:7c:26:8c:c9:8b:22:0c:6c:95:47:76:03:a2:
b9:ca:a9:1a:4d:c7:47:25:80:2a:7a:3e:f4:97:f4:38:f8:cd:
33:ee:52:9a:fe:bb:3d:b7:c9:7f:a0:f0:e1:1f:f0:3f:c8:d2:
7a:2c:c4:7a:9e:0d:89:f2:b1:bb:40:8f:23:dd:ea:0b:7f:2c:
8f:39:7c:42
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOPUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDQx
MjUyMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJBQkFFOTgwNkVDRUQ2
N0U2RjgwOTdCQkQzNUM0MjU3QUNGOTYxMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCytafDKDNt/GBYxkQY2uBTGFRoVW6VoMbSNNTMnrHUF9gIdJCg
ELak9vPAYD8iDhcpU3KdYh0c9sv9Zae6LoQ+GzJff5jC6V6fXXLOsz0ITJerw9sP
o0n82ZW3+NeMbVfHvLbtnIoaeK1hBEPp0U0MZvpicjry4834GvwSYmT0vY4h9sQP
icMvv4onZUlUB80ypoohMVSoYBr3Fkr+i2oCHXKP3qVlUWYXtDkAScrRZr1A8pmQ
4pjYkWF5KIX3XA0luVJk/s+XmeAgNLoQFSLMkgMj6l5WJNso7xCOz03/b5lTnl7D
oWAoiQmS84+6hhBeAE02r1hV95UdTXj/ajs/AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUurrpgG7O1n5vgJe701xCV6z5YSMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VycnBnRzdPMW41dmdK
ZTcwMXhDVjZ6NVlTTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEbnDlgeDMUyeOaK
Av/zW+kP17/iCSX+h5F3JpbNeqVuLNw22y29OsixwtUTZvbFAUBtMw+4TxUKn5QW
Hb99daR+bNliQHLowUt09LRD/iCPX9kMwGv6wp4BJOOKG8V2wtjDJzYQQX7cVPhe
lbYPMCRreFZMRofUx3ASDNiB+o3w4BNfsGvHm+KE1qsOGnLEStedDysr1EnoM5HB
6vm4GWDbdiHNooN+Cl9ZZ81zIBd1DheJu3WZvMFpfCaMyYsiDGyVR3YDornKqRpN
x0clgCp6PvSX9Dj4zTPuUpr+uz23yX+g8OEf8D/I0nosxHqeDYnysbtAjyPd6gt/
LI85fEI=
-----END CERTIFICATE-----
Generated at Thu Apr 4 19:57:51 2024 by rpki-client on console.sobornost.net