Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WV4kHyF8mZku80HfOXIObRbJAvo.roa
File: WV4kHyF8mZku80HfOXIObRbJAvo.roa (raw, json)
Hash identifier: UhgtkVSlCVfOzi4Zxcv8akTpPvY9O7X6VpjHgYwmusM=
Subject key identifier: 59:5E:24:1F:21:7C:99:99:2E:F3:41:DF:39:72:0E:6D:16:C9:02:FA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 399D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WV4kHyF8mZku80HfOXIObRbJAvo.roa
Signing time: Fri 05 Apr 2024 09:52:23 +0000
ROA not before: Fri 05 Apr 2024 09:52:23 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14749 (0x399d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 5 09:52:23 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=595E241F217C99992EF341DF39720E6D16C902FA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:a8:f6:73:97:5d:97:73:4d:ab:5a:07:6d:1e:
81:c5:0b:a9:62:3c:7b:7e:d3:4c:3a:6a:c0:63:34:
1b:fa:00:12:6d:de:82:9b:42:b5:1a:86:c1:74:54:
33:2f:06:36:be:7d:48:c9:57:4a:4c:e1:6a:87:d2:
05:8b:0a:ab:4a:f0:4e:b9:a9:e0:e3:4b:57:76:91:
a4:fb:7b:63:00:b9:8b:39:a2:ac:59:71:59:af:75:
9a:e5:d1:45:32:07:c9:17:e2:40:5b:92:0a:ec:77:
a6:54:5c:f1:c0:34:3f:a4:40:b2:a5:45:34:28:df:
a7:ac:60:49:48:4f:07:c3:5c:a8:b4:eb:38:d9:46:
20:69:20:f0:b3:75:85:74:0f:d8:64:c2:43:7c:ca:
ae:64:5f:74:75:2d:9e:5f:43:e9:54:28:8f:44:37:
71:90:64:3a:9c:3f:34:74:12:ce:bb:99:49:7d:ad:
56:85:09:f0:1c:c8:97:00:84:8a:68:65:d7:3b:d1:
91:79:eb:be:d5:b3:47:c2:9d:74:1f:1f:64:5e:a7:
0b:45:32:98:2a:b4:4a:08:31:a3:53:37:11:ef:a9:
21:e6:10:e4:8f:84:bf:1c:0d:33:13:25:09:c4:6a:
79:48:24:4a:62:9e:1f:81:f1:9d:99:cd:b4:8c:50:
b9:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:5E:24:1F:21:7C:99:99:2E:F3:41:DF:39:72:0E:6D:16:C9:02:FA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WV4kHyF8mZku80HfOXIObRbJAvo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
97:ef:83:8d:6f:ac:7e:30:47:b8:71:cb:f1:21:3d:e1:ba:3c:
b6:e3:d3:67:7a:77:0a:8b:42:4e:32:62:58:06:8e:00:d2:0b:
0c:8c:bf:2c:a7:8d:6a:e0:d7:55:70:9f:59:11:a7:fb:6c:f1:
5a:11:86:66:9a:8b:b2:6b:10:36:52:8b:60:05:e5:0b:87:45:
26:4a:99:42:89:0b:fb:52:cc:a8:ee:38:43:11:d8:27:f0:c1:
de:5a:83:48:f4:69:6e:d3:65:24:49:e5:1e:98:09:08:dc:ef:
2b:d5:5b:22:86:85:cf:f3:35:78:1f:59:29:6a:f2:fb:da:a6:
60:0a:3c:e8:4c:19:f4:09:ea:e5:d9:91:2e:56:82:fa:18:86:
76:7b:0d:ec:e0:0e:37:58:a4:10:ce:47:0c:0a:86:d7:c2:06:
b3:99:b0:f5:62:ab:56:0e:e3:b3:83:01:3d:1e:21:ec:e0:9a:
af:da:a0:e4:2d:b0:8d:c5:fa:77:33:3e:5c:e5:a9:f9:e1:33:
08:17:f1:86:93:e8:13:d2:e8:82:9b:4e:df:6b:20:6b:76:bc:
76:35:b6:1a:a5:07:36:f6:0c:28:0d:d2:1b:64:48:0d:10:49:
95:88:b0:23:8c:a2:95:84:64:a2:21:d9:3f:c7:4c:31:f4:dc:
c5:77:c4:7a
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOZ0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDUw
OTUyMjNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU5NUUyNDFGMjE3Qzk5
OTkyRUYzNDFERjM5NzIwRTZEMTZDOTAyRkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDiqPZzl12Xc02rWgdtHoHFC6liPHt+00w6asBjNBv6ABJt3oKb
QrUahsF0VDMvBja+fUjJV0pM4WqH0gWLCqtK8E65qeDjS1d2kaT7e2MAuYs5oqxZ
cVmvdZrl0UUyB8kX4kBbkgrsd6ZUXPHAND+kQLKlRTQo36esYElITwfDXKi06zjZ
RiBpIPCzdYV0D9hkwkN8yq5kX3R1LZ5fQ+lUKI9EN3GQZDqcPzR0Es67mUl9rVaF
CfAcyJcAhIpoZdc70ZF5677Vs0fCnXQfH2RepwtFMpgqtEoIMaNTNxHvqSHmEOSP
hL8cDTMTJQnEanlIJEpinh+B8Z2ZzbSMULkvAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUWV4kHyF8mZku80HfOXIObRbJAvowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dWNGtIeUY4bVprdTgw
SGZPWElPYlJiSkF2by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJfvg41vrH4wR7hx
y/EhPeG6PLbj02d6dwqLQk4yYlgGjgDSCwyMvyynjWrg11Vwn1kRp/ts8VoRhmaa
i7JrEDZSi2AF5QuHRSZKmUKJC/tSzKjuOEMR2Cfwwd5ag0j0aW7TZSRJ5R6YCQjc
7yvVWyKGhc/zNXgfWSlq8vvapmAKPOhMGfQJ6uXZkS5WgvoYhnZ7DezgDjdYpBDO
RwwKhtfCBrOZsPViq1YO47ODAT0eIezgmq/aoOQtsI3F+nczPlzlqfnhMwgX8YaT
6BPS6IKbTt9rIGt2vHY1thqlBzb2DCgN0htkSA0QSZWIsCOMopWEZKIh2T/HTDH0
3MV3xHo=
-----END CERTIFICATE-----
Generated at Fri Apr 5 10:25:33 2024 by rpki-client on console-fra.rpki-client.org