Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zRm4M-JNjMli4Dc0mDwzI8q7ZUA.roa
File: zRm4M-JNjMli4Dc0mDwzI8q7ZUA.roa (raw, json)
Hash identifier: IAgo84tpMCzHgELnXDbIaRCh0i1LELI9dkcvbGGcKd4=
Subject key identifier: CD:19:B8:33:E2:4D:8C:C9:62:E0:37:34:98:3C:33:23:CA:BB:65:40
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4969
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zRm4M-JNjMli4Dc0mDwzI8q7ZUA.roa
Signing time: Fri 26 Apr 2024 11:23:22 +0000
ROA not before: Fri 26 Apr 2024 11:23:22 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18793 (0x4969)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 26 11:23:22 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CD19B833E24D8CC962E03734983C3323CABB6540
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:0a:7a:94:84:f8:36:7e:18:bf:75:1a:d0:70:
90:c4:2e:ba:03:4f:8d:e0:27:be:2d:e0:6c:16:d7:
5e:17:77:e7:e0:fc:f6:9a:21:f2:ad:af:c6:e7:9e:
2a:1a:97:4d:18:88:12:52:85:5b:29:32:d0:21:c6:
0c:53:75:97:a0:b9:2a:b4:46:0d:94:6f:1c:34:10:
cb:7b:87:9d:95:db:17:6e:85:ec:e3:ec:52:0b:2d:
cd:c1:86:34:0e:4e:7c:1b:74:dc:1d:0d:d4:88:66:
eb:2e:c6:ed:6b:4a:78:14:e5:4f:2d:51:c6:68:d1:
4e:10:32:31:9c:73:86:4e:07:c2:42:6c:d1:8e:ac:
79:97:78:a0:75:72:1e:de:91:27:eb:86:b9:e0:15:
e4:68:60:69:52:b9:42:d3:49:12:8d:2f:df:ce:5d:
be:ec:6f:4a:2e:2b:e2:de:6f:5d:3a:ea:10:e6:4c:
0e:18:bb:6a:75:d1:b5:70:73:2e:97:d7:a4:73:5e:
f9:14:c5:33:5a:8e:77:7e:2f:1e:e7:43:a1:97:ac:
8b:35:08:08:be:06:8e:70:33:ba:d3:b4:db:6e:82:
d3:76:ca:68:0b:bc:11:59:9c:89:55:3d:ef:eb:82:
45:37:5f:c6:52:81:fe:34:8c:d2:f9:90:e8:30:d1:
54:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:19:B8:33:E2:4D:8C:C9:62:E0:37:34:98:3C:33:23:CA:BB:65:40
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zRm4M-JNjMli4Dc0mDwzI8q7ZUA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
80:34:d3:8d:47:b5:c1:84:09:80:c2:4e:02:81:f7:04:5c:2c:
37:35:7b:2d:a0:70:9e:ce:89:5b:77:af:47:c3:20:93:fd:e6:
18:32:ed:9a:aa:ff:1e:e0:d1:5e:e5:03:90:81:82:27:c8:d8:
0e:9d:8b:7d:3c:48:22:9e:66:ea:b7:34:89:c0:7a:7b:7c:eb:
a9:17:ee:de:d8:c7:ce:be:a1:c8:2d:68:16:04:66:3d:50:47:
a3:d1:da:36:6d:ee:06:e5:ca:2a:bc:fc:69:e3:2d:39:81:03:
14:59:ab:4f:73:6f:0d:37:19:5a:f4:55:63:6a:8a:c5:73:61:
5d:13:a6:ad:96:ce:b7:c0:cb:74:42:af:a2:f0:13:98:60:ee:
a9:ec:42:7d:b3:fa:7c:23:53:d4:0c:57:65:2f:97:4b:0c:8f:
5e:6d:48:4b:40:1a:3f:42:34:de:37:dc:02:29:53:a2:df:8c:
bc:26:84:bf:84:9a:96:db:df:04:63:cf:d2:f5:56:67:1f:1a:
75:06:66:a9:af:5c:ae:e7:34:84:53:29:5f:aa:b7:e2:a1:bd:
39:d7:01:5f:05:0b:02:91:36:04:4b:5e:00:d5:a5:63:5d:24:
8d:4c:7d:25:94:ef:a2:aa:00:ac:7c:77:dc:10:a7:d3:8b:b2:
a5:ed:c7:9e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSWkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjYx
MTIzMjJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENEMTlCODMzRTI0RDhD
Qzk2MkUwMzczNDk4M0MzMzIzQ0FCQjY1NDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCkCnqUhPg2fhi/dRrQcJDELroDT43gJ74t4GwW114Xd+fg/Paa
IfKtr8bnnioal00YiBJShVspMtAhxgxTdZeguSq0Rg2Ubxw0EMt7h52V2xduhezj
7FILLc3BhjQOTnwbdNwdDdSIZusuxu1rSngU5U8tUcZo0U4QMjGcc4ZOB8JCbNGO
rHmXeKB1ch7ekSfrhrngFeRoYGlSuULTSRKNL9/OXb7sb0ouK+Leb1066hDmTA4Y
u2p10bVwcy6X16RzXvkUxTNajnd+Lx7nQ6GXrIs1CAi+Bo5wM7rTtNtugtN2ymgL
vBFZnIlVPe/rgkU3X8ZSgf40jNL5kOgw0VTzAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUzRm4M+JNjMli4Dc0mDwzI8q7ZUAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pSbTRNLUpOak1saTRE
YzBtRHd6SThxN1pVQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIA0041HtcGECYDC
TgKB9wRcLDc1ey2gcJ7OiVt3r0fDIJP95hgy7Zqq/x7g0V7lA5CBgifI2A6di308
SCKeZuq3NInAent866kX7t7Yx86+ocgtaBYEZj1QR6PR2jZt7gblyiq8/GnjLTmB
AxRZq09zbw03GVr0VWNqisVzYV0Tpq2WzrfAy3RCr6LwE5hg7qnsQn2z+nwjU9QM
V2Uvl0sMj15tSEtAGj9CNN433AIpU6LfjLwmhL+Empbb3wRjz9L1VmcfGnUGZqmv
XK7nNIRTKV+qt+KhvTnXAV8FCwKRNgRLXgDVpWNdJI1MfSWU76KqAKx8d9wQp9OL
sqXtx54=
-----END CERTIFICATE-----
Generated at Fri Apr 26 18:27:24 2024 by rpki-client on console.sobornost.net