Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xuPHIzLKc0xouIqKhXesEXZoYXk.roa
File: xuPHIzLKc0xouIqKhXesEXZoYXk.roa (raw, json)
Hash identifier: jAKKZXMKB7KmooHK8SQBTuOlgMh/1olS/z7hT6q3quo=
Subject key identifier: C6:E3:C7:23:32:CA:73:4C:68:B8:8A:8A:85:77:AC:11:76:68:61:79
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 36E1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xuPHIzLKc0xouIqKhXesEXZoYXk.roa
Signing time: Mon 01 Apr 2024 18:22:13 +0000
ROA not before: Mon 01 Apr 2024 18:22:13 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14049 (0x36e1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 1 18:22:13 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C6E3C72332CA734C68B88A8A8577AC1176686179
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:e7:d2:99:af:d8:4b:ab:d6:5a:b3:a0:2b:60:
c9:71:f2:c3:43:c6:c7:66:a3:16:86:b3:95:35:13:
1e:64:d2:08:46:48:aa:b9:5c:69:30:35:9a:25:dc:
1f:d6:7c:d8:2a:94:a8:02:6d:04:a2:95:1a:9d:9b:
df:32:f9:8e:f1:88:b2:eb:58:12:76:8d:01:00:b9:
b9:b2:47:47:d6:c3:1f:e1:02:d2:30:05:bd:67:12:
ea:2b:55:a6:c7:84:15:b8:3b:6d:5f:4d:5f:f1:71:
9d:0a:3d:be:fc:7b:46:d0:b1:7c:6c:37:3e:7f:ef:
14:9f:dd:29:c3:6f:0c:b8:9d:ea:00:7e:e0:af:04:
a2:38:a9:cf:dc:80:a0:87:9d:4b:c4:29:8f:50:d4:
23:20:2d:4b:fe:e2:9d:ae:fa:2f:35:bc:03:58:3c:
32:8b:a2:a7:3a:3e:9c:31:cb:e1:2b:3e:74:7d:47:
68:f5:63:54:08:16:e2:59:54:43:15:e4:65:36:97:
4b:a1:ad:05:5b:56:07:e3:c5:bf:4a:b1:d5:93:19:
3f:61:70:c3:74:6e:dc:fb:10:68:c6:7f:59:eb:d4:
4b:a7:c7:ec:22:3c:a5:60:b3:95:c7:55:3f:2b:9d:
bf:ce:20:0f:96:7e:6c:75:a3:06:f2:42:6e:7d:44:
0a:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:E3:C7:23:32:CA:73:4C:68:B8:8A:8A:85:77:AC:11:76:68:61:79
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xuPHIzLKc0xouIqKhXesEXZoYXk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
17:b3:05:9f:b7:72:8d:75:ec:0b:e8:c7:f0:ef:4a:fa:c2:0d:
70:1d:96:5e:fd:0c:f5:e6:4b:12:f3:1a:aa:24:33:33:1f:c9:
15:e4:9b:a3:c4:9b:65:94:62:f3:9b:da:6c:b2:2b:d4:8c:32:
59:6d:78:1b:b7:6c:13:0a:f1:ba:a8:65:93:f9:7e:89:ce:4f:
ef:47:4e:35:74:5c:23:93:da:e2:c4:14:6a:28:fe:16:b7:b2:
9b:ce:15:34:76:94:b6:7d:21:04:bd:0f:7a:4d:f5:b0:81:17:
40:19:be:2a:96:33:75:2b:bc:4a:6c:f5:ad:e1:e3:e2:03:94:
c1:94:ee:f5:bc:16:07:f8:09:19:57:eb:81:75:cf:5c:1f:b9:
97:04:89:88:4b:78:bc:2a:02:9e:85:69:f0:5d:43:03:ee:cb:
00:df:8b:5b:1e:43:00:82:43:44:2f:34:d3:61:68:e0:b1:29:
56:5c:2a:04:9f:61:9c:20:31:7f:a0:fc:80:fe:5f:eb:3d:14:
c7:e2:94:fd:c1:a9:02:fb:8b:4b:9d:23:46:36:eb:51:ef:05:
fb:49:15:45:4b:37:7c:0e:39:2a:9d:83:aa:07:92:a5:65:ba:
53:95:cb:36:f5:0c:14:5d:c1:4a:06:01:c9:8f:e5:06:a1:21:
7e:a0:cd:6b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNuEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDEx
ODIyMTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM2RTNDNzIzMzJDQTcz
NEM2OEI4OEE4QTg1NzdBQzExNzY2ODYxNzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC659KZr9hLq9Zas6ArYMlx8sNDxsdmoxaGs5U1Ex5k0ghGSKq5
XGkwNZol3B/WfNgqlKgCbQSilRqdm98y+Y7xiLLrWBJ2jQEAubmyR0fWwx/hAtIw
Bb1nEuorVabHhBW4O21fTV/xcZ0KPb78e0bQsXxsNz5/7xSf3SnDbwy4neoAfuCv
BKI4qc/cgKCHnUvEKY9Q1CMgLUv+4p2u+i81vANYPDKLoqc6Ppwxy+ErPnR9R2j1
Y1QIFuJZVEMV5GU2l0uhrQVbVgfjxb9KsdWTGT9hcMN0btz7EGjGf1nr1Eunx+wi
PKVgs5XHVT8rnb/OIA+Wfmx1owbyQm59RArtAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUxuPHIzLKc0xouIqKhXesEXZoYXkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3h1UEhJekxLYzB4b3VJ
cUtoWGVzRVhab1lYay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABezBZ+3co117Avo
x/DvSvrCDXAdll79DPXmSxLzGqokMzMfyRXkm6PEm2WUYvOb2myyK9SMMllteBu3
bBMK8bqoZZP5fonOT+9HTjV0XCOT2uLEFGoo/ha3spvOFTR2lLZ9IQS9D3pN9bCB
F0AZviqWM3UrvEps9a3h4+IDlMGU7vW8Fgf4CRlX64F1z1wfuZcEiYhLeLwqAp6F
afBdQwPuywDfi1seQwCCQ0QvNNNhaOCxKVZcKgSfYZwgMX+g/ID+X+s9FMfilP3B
qQL7i0udI0Y261HvBftJFUVLN3wOOSqdg6oHkqVlulOVyzb1DBRdwUoGAcmP5Qah
IX6gzWs=
-----END CERTIFICATE-----
Generated at Mon Apr 1 22:19:10 2024 by rpki-client on console.sobornost.net