Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xk25cKwu66tlTjhQahO_vPBL-u8.roa
File: xk25cKwu66tlTjhQahO_vPBL-u8.roa (raw, json)
Hash identifier: D6YErRdRMCSgb2kDhftZZw5quelhB9m+4KjSLIlngXA=
Subject key identifier: C6:4D:B9:70:AC:2E:EB:AB:65:4E:38:50:6A:13:BF:BC:F0:4B:FA:EF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E41
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xk25cKwu66tlTjhQahO_vPBL-u8.roa
Signing time: Thu 11 Apr 2024 14:23:14 +0000
ROA not before: Thu 11 Apr 2024 14:23:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15937 (0x3e41)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 14:23:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C64DB970AC2EEBAB654E38506A13BFBCF04BFAEF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:48:c7:f6:06:85:5f:be:9f:aa:ca:1f:ae:8e:
2a:d8:3f:7d:ef:3f:2d:b9:ee:39:87:1f:7f:3e:41:
14:cd:40:79:98:f2:8c:ae:20:6c:dc:6c:40:96:11:
8b:b9:a8:b0:22:d0:bd:32:95:9d:16:07:c4:08:8b:
13:2c:c9:77:9b:78:e7:3f:c8:7b:02:39:68:d4:f8:
fd:00:e8:53:fb:03:4c:a6:29:7d:15:70:3f:7e:5d:
e3:70:95:61:ba:c1:60:aa:0c:f3:a2:71:03:31:7d:
cb:0d:47:4c:1b:27:cd:36:45:ed:3a:e8:37:1c:4f:
83:10:24:03:d9:dd:d3:95:21:ec:d2:5c:a3:fb:e3:
25:07:22:1a:00:39:e3:ff:9a:2a:cc:54:7b:87:12:
ad:ba:bf:58:43:46:67:88:d7:9e:66:5f:1c:a3:04:
9b:c1:87:8b:ba:8e:49:5c:5e:e5:2b:d5:99:7d:24:
53:c8:5e:67:16:fc:9d:25:31:40:97:4b:de:0c:f6:
1f:af:95:c7:23:11:f4:4d:73:53:4a:1a:fd:57:ff:
62:9c:94:0a:cb:84:72:7b:e5:39:b5:70:6b:a1:a8:
92:c6:db:e0:c9:9d:86:f3:22:83:36:0b:77:ed:5c:
bb:e5:5d:9f:bd:a3:c3:06:e9:5f:15:08:17:73:12:
fe:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:4D:B9:70:AC:2E:EB:AB:65:4E:38:50:6A:13:BF:BC:F0:4B:FA:EF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xk25cKwu66tlTjhQahO_vPBL-u8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
1a:de:9e:85:95:cc:7e:41:0d:b2:b3:b2:e6:8b:77:d6:87:28:
af:d4:cd:b0:d5:5e:db:cc:7a:90:8b:b0:4a:6c:fd:ac:0a:a9:
3d:b5:db:e1:d4:6a:7d:0c:86:2d:90:bf:d4:d0:e9:19:f2:a1:
28:15:a1:59:56:47:28:3c:79:fa:61:42:64:00:76:6c:2c:76:
cc:1c:1c:6f:68:e9:e7:0f:69:92:13:01:2e:66:be:34:e5:73:
14:41:58:09:1f:d5:90:51:f4:0d:7b:80:4c:7f:75:7d:56:ef:
1c:c0:fb:15:28:e0:87:79:9a:83:3f:8e:b2:1c:84:55:da:06:
25:23:e4:b4:97:26:56:8d:fa:20:6d:c2:e4:de:b9:0e:22:4f:
89:e4:93:1a:54:eb:cd:d5:63:15:7a:c6:8c:bb:f9:ff:b7:13:
53:fa:f2:fa:f1:d0:b0:41:43:2a:6a:1e:1a:93:91:5e:a0:18:
75:a7:05:5a:04:be:64:40:b5:45:a6:4d:20:0f:1e:20:b7:4e:
2a:3e:7c:e9:9b:7c:5c:a4:48:8b:e6:c9:e0:76:50:66:72:b3:
d1:d8:13:5e:b5:de:73:00:1c:9d:15:8d:7c:ee:4a:5a:78:30:
16:98:be:52:eb:d8:03:f9:8a:58:c4:16:d1:33:01:86:14:d9:
bc:08:6b:5c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPkEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEx
NDIzMTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM2NERCOTcwQUMyRUVC
QUI2NTRFMzg1MDZBMTNCRkJDRjA0QkZBRUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDESMf2BoVfvp+qyh+ujirYP33vPy257jmHH38+QRTNQHmY8oyu
IGzcbECWEYu5qLAi0L0ylZ0WB8QIixMsyXebeOc/yHsCOWjU+P0A6FP7A0ymKX0V
cD9+XeNwlWG6wWCqDPOicQMxfcsNR0wbJ802Re066DccT4MQJAPZ3dOVIezSXKP7
4yUHIhoAOeP/mirMVHuHEq26v1hDRmeI155mXxyjBJvBh4u6jklcXuUr1Zl9JFPI
XmcW/J0lMUCXS94M9h+vlccjEfRNc1NKGv1X/2KclArLhHJ75Tm1cGuhqJLG2+DJ
nYbzIoM2C3ftXLvlXZ+9o8MG6V8VCBdzEv69AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUxk25cKwu66tlTjhQahO/vPBL+u8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hrMjVjS3d1NjZ0bFRq
aFFhaE9fdlBCTC11OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABrenoWVzH5BDbKz
suaLd9aHKK/UzbDVXtvMepCLsEps/awKqT212+HUan0Mhi2Qv9TQ6RnyoSgVoVlW
Ryg8efphQmQAdmwsdswcHG9o6ecPaZITAS5mvjTlcxRBWAkf1ZBR9A17gEx/dX1W
7xzA+xUo4Id5moM/jrIchFXaBiUj5LSXJlaN+iBtwuTeuQ4iT4nkkxpU683VYxV6
xoy7+f+3E1P68vrx0LBBQypqHhqTkV6gGHWnBVoEvmRAtUWmTSAPHiC3Tio+fOmb
fFykSIvmyeB2UGZys9HYE1613nMAHJ0VjXzuSlp4MBaYvlLr2AP5iljEFtEzAYYU
2bwIa1w=
-----END CERTIFICATE-----
Generated at Thu Apr 11 20:58:45 2024 by rpki-client on console.sobornost.net