Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zOTyy5VLkngDPPJSDDI4MpfKP-M.roa
File: zOTyy5VLkngDPPJSDDI4MpfKP-M.roa (raw, json)
Hash identifier: nODsZBpdRlGj28ZHsJ7jorsXxA7oSkyibsccH7n9KFw=
Subject key identifier: CC:E4:F2:CB:95:4B:92:78:03:3C:F2:52:0C:32:38:32:97:CA:3F:E3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A29
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zOTyy5VLkngDPPJSDDI4MpfKP-M.roa
Signing time: Sat 27 Apr 2024 11:23:23 +0000
ROA not before: Sat 27 Apr 2024 11:23:23 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18985 (0x4a29)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 11:23:23 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CCE4F2CB954B9278033CF2520C32383297CA3FE3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:70:e2:37:a3:ea:f9:d0:e3:17:00:7f:64:1a:
93:e3:5c:75:d9:8a:3f:6f:22:54:2e:96:31:7f:db:
29:85:43:aa:3c:0a:3e:67:99:26:1a:7e:50:7b:10:
d8:75:61:35:cf:cb:24:40:d9:f8:62:54:9d:e2:63:
2c:79:e5:83:72:b9:de:fc:89:81:68:8a:20:c0:00:
6f:69:4c:ce:75:7f:30:86:eb:ae:40:93:3b:65:f6:
c8:8c:7b:8c:2a:3e:cc:25:9a:d2:dc:f1:4c:15:6c:
8c:66:ed:34:df:14:5e:23:4e:20:96:71:4e:17:99:
8f:a2:29:a0:08:09:ac:cb:fc:ee:cd:37:0e:79:97:
c7:89:ae:b1:09:98:8f:db:f1:ee:9e:c3:86:4f:68:
14:16:d9:9e:95:66:88:61:c7:02:19:06:1a:ae:b2:
eb:fe:a1:9a:f2:81:6f:7d:e2:1a:8f:9f:bd:c6:d0:
04:ef:1d:83:5a:1b:85:79:ae:62:6d:04:75:58:a6:
89:53:db:73:1e:1d:11:dc:4f:2c:47:39:e0:fe:31:
f8:71:5e:16:ee:d9:7a:59:1e:bd:d5:78:48:ef:37:
2e:6b:db:81:ac:fe:32:e6:5d:f7:8d:d9:3a:32:33:
d7:34:76:31:24:f4:ba:55:2a:40:42:3b:35:c2:a0:
f9:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:E4:F2:CB:95:4B:92:78:03:3C:F2:52:0C:32:38:32:97:CA:3F:E3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zOTyy5VLkngDPPJSDDI4MpfKP-M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
7c:ab:2f:7d:fb:04:22:64:1c:e5:68:21:ca:40:b2:9e:08:dd:
cd:d8:a2:5b:4b:ac:24:91:9c:b9:4f:87:bf:d2:47:32:76:7a:
68:c8:7f:05:64:a2:02:52:9f:1e:ac:87:d2:ae:db:5f:d4:30:
a7:17:b1:f3:0e:82:cb:ec:c4:e0:da:b2:d3:4b:9d:a7:2e:77:
b9:2e:3e:6c:40:21:7a:b6:40:9e:46:ad:26:a6:e8:9c:6b:4f:
98:fc:b2:91:90:cd:70:3a:cd:05:d4:21:0c:1c:a0:09:73:a9:
de:54:9a:d9:53:9a:15:f9:66:2d:4d:38:28:f6:cb:d4:36:17:
6f:6f:e9:fe:cc:a3:9e:5a:3f:1f:08:fa:3d:db:11:f1:55:50:
66:75:fa:89:65:58:07:b9:ec:7f:65:75:ad:01:c2:ad:95:c2:
30:f9:06:2c:cd:e8:2e:0c:1d:9e:96:ee:e3:16:d6:08:67:94:
b6:f2:2e:1d:ef:73:5b:0b:bb:e3:c0:9d:50:37:98:4b:dd:9b:
60:4c:9d:9d:6e:a4:ad:8b:bb:02:37:92:05:e4:27:75:96:39:
bf:c3:ce:7d:b3:fb:95:bc:1b:cc:a9:37:8a:15:4d:a6:d2:7d:
80:07:7e:7d:1b:45:4f:2b:dc:0f:44:ff:36:df:3a:e0:07:2f:
1c:72:17:53
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSikwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcx
MTIzMjNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENDRTRGMkNCOTU0Qjky
NzgwMzNDRjI1MjBDMzIzODMyOTdDQTNGRTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCicOI3o+r50OMXAH9kGpPjXHXZij9vIlQuljF/2ymFQ6o8Cj5n
mSYaflB7ENh1YTXPyyRA2fhiVJ3iYyx55YNyud78iYFoiiDAAG9pTM51fzCG665A
kztl9siMe4wqPswlmtLc8UwVbIxm7TTfFF4jTiCWcU4XmY+iKaAICazL/O7NNw55
l8eJrrEJmI/b8e6ew4ZPaBQW2Z6VZohhxwIZBhqusuv+oZrygW994hqPn73G0ATv
HYNaG4V5rmJtBHVYpolT23MeHRHcTyxHOeD+MfhxXhbu2XpZHr3VeEjvNy5r24Gs
/jLmXfeN2ToyM9c0djEk9LpVKkBCOzXCoPmjAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUzOTyy5VLkngDPPJSDDI4MpfKP+MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pPVHl5NVZMa25nRFBQ
SlNEREk0TXBmS1AtTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHyrL337BCJkHOVo
IcpAsp4I3c3YoltLrCSRnLlPh7/SRzJ2emjIfwVkogJSnx6sh9Ku21/UMKcXsfMO
gsvsxODastNLnacud7kuPmxAIXq2QJ5GrSam6JxrT5j8spGQzXA6zQXUIQwcoAlz
qd5UmtlTmhX5Zi1NOCj2y9Q2F29v6f7Mo55aPx8I+j3bEfFVUGZ1+ollWAe57H9l
da0Bwq2VwjD5BizN6C4MHZ6W7uMW1ghnlLbyLh3vc1sLu+PAnVA3mEvdm2BMnZ1u
pK2LuwI3kgXkJ3WWOb/Dzn2z+5W8G8ypN4oVTabSfYAHfn0bRU8r3A9E/zbfOuAH
LxxyF1M=
-----END CERTIFICATE-----
Generated at Sat Apr 27 16:48:26 2024 by rpki-client on console.sobornost.net