Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/c7GUeKsL1k7TS_qxhY947A0nwc8.roa
File: c7GUeKsL1k7TS_qxhY947A0nwc8.roa (raw, json)
Hash identifier: LLhhKtEtveAF6CTZx19C0XCJeSoqf6jGLEX/2gGI3ts=
Subject key identifier: 73:B1:94:78:AB:0B:D6:4E:D3:4B:FA:B1:85:8F:78:EC:0D:27:C1:CF
Certificate issuer: /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial: 0D7D
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/c7GUeKsL1k7TS_qxhY947A0nwc8.roa
Signing time: Wed 10 Apr 2024 06:54:29 +0000
ROA not before: Wed 10 Apr 2024 06:54:29 +0000
ROA not after: Fri 07 Jun 2024 02:16:11 +0000
asID: 59083
IP address blocks: 43.254.152.0/22 maxlen: 24
43.254.153.0/24 maxlen: 24
43.254.154.0/23 maxlen: 24
43.254.154.0/24 maxlen: 24
43.254.155.0/24 maxlen: 24
59.153.168.0/23 maxlen: 24
103.5.192.0/22 maxlen: 24
103.10.0.0/23 maxlen: 24
103.10.0.0/24 maxlen: 24
103.10.1.0/24 maxlen: 24
103.10.2.0/23 maxlen: 24
103.10.2.0/24 maxlen: 24
103.10.3.0/24 maxlen: 24
103.24.116.0/22 maxlen: 24
103.24.117.0/24 maxlen: 24
150.242.238.0/23 maxlen: 24
202.89.108.0/22 maxlen: 24
202.89.108.0/23 maxlen: 24
202.89.110.0/23 maxlen: 24
202.136.248.0/22 maxlen: 24
202.136.248.0/23 maxlen: 24
202.136.249.0/24 maxlen: 24
202.136.250.0/23 maxlen: 24
202.136.250.0/24 maxlen: 24
202.140.142.0/23 maxlen: 24
202.174.124.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3453 (0xd7d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Validity
Not Before: Apr 10 06:54:29 2024 GMT
Not After : Jun 7 02:16:11 2024 GMT
Subject: CN=73B19478AB0BD64ED34BFAB1858F78EC0D27C1CF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:da:57:cb:f3:aa:85:49:8e:20:2f:35:85:44:
3f:ee:de:e1:d9:9f:b0:cf:34:25:cd:1f:e3:90:df:
5d:cd:85:10:46:85:77:dc:0e:56:13:4b:33:29:cd:
d8:37:3e:c3:56:01:02:f9:fa:1a:7a:64:1f:0f:7e:
6a:b7:f2:22:34:19:7a:56:4a:a1:7f:20:b8:0d:d9:
ca:97:5e:d1:c5:35:cb:f2:a7:88:6f:21:53:8e:4d:
b3:c8:6a:94:02:02:b5:88:44:59:b8:42:08:41:fb:
90:92:37:e6:3f:9e:db:a6:d6:d6:5c:a0:db:27:3c:
2f:b4:a1:d4:c2:e6:ab:66:13:a1:c5:d1:3f:53:2e:
c8:dc:22:6d:31:8a:9e:5d:e1:aa:07:61:19:dc:ac:
5c:b5:4b:f9:d8:32:f9:11:b6:d7:52:75:f3:5f:68:
9d:0b:08:e0:80:9e:60:db:5d:bb:82:04:17:51:7c:
bb:ea:b1:a7:03:26:96:03:4c:cf:93:66:d2:ac:e3:
e8:9c:51:43:94:40:e3:dc:dc:b8:ff:1c:89:3d:4c:
79:f1:97:60:fc:d1:c9:fd:2e:0b:30:26:6e:c6:40:
d4:b5:f7:3f:db:75:32:11:83:74:c8:7c:f4:5b:02:
87:d9:a3:0f:a5:d0:df:2e:32:5e:7d:eb:dd:d0:60:
e7:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:B1:94:78:AB:0B:D6:4E:D3:4B:FA:B1:85:8F:78:EC:0D:27:C1:CF
X509v3 Authority Key Identifier:
keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/c7GUeKsL1k7TS_qxhY947A0nwc8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.254.152.0/22
59.153.168.0/23
103.5.192.0/22
103.10.0.0/22
103.24.116.0/22
150.242.238.0/23
202.89.108.0/22
202.136.248.0/22
202.140.142.0/23
202.174.124.0/22
Signature Algorithm: sha256WithRSAEncryption
63:3d:87:ad:18:35:f4:f0:7d:54:d6:d6:4c:3c:32:1f:35:47:
77:13:32:18:b8:a9:7d:24:e0:3b:49:f5:14:e5:75:af:f9:4b:
b8:ef:0f:ce:f0:8d:b1:40:66:bd:c8:01:48:f4:48:cd:03:bb:
fd:72:58:9a:be:ec:88:dd:66:f7:29:78:41:5f:e6:58:a9:ca:
a9:59:76:b7:b9:99:10:40:09:c6:71:95:6c:97:81:5a:8a:af:
e4:de:0d:8e:92:ba:bc:9b:3f:ab:60:c0:6d:bc:b3:32:32:4e:
ea:fe:d0:d4:fd:5c:86:bb:97:d9:df:0d:fb:ab:66:8b:83:1f:
ac:03:1f:ff:49:03:c4:0c:79:e3:8d:da:c0:3a:fa:36:9c:41:
21:95:db:c2:9d:35:93:dd:1a:72:68:7d:66:aa:44:0c:63:63:
78:af:53:0b:93:86:3c:70:8e:35:8f:f1:c5:dd:a2:b8:99:9f:
6d:2c:ae:28:80:fc:69:63:29:24:40:d8:0b:84:21:81:81:d3:
17:ba:46:7a:57:cd:b8:14:85:45:3e:47:c6:c4:14:fa:23:81:
6f:98:33:11:b8:a8:c8:85:75:ea:72:0c:16:35:7d:f0:69:01:
ca:f7:0e:ec:ef:55:5d:02:78:c4:a6:b1:90:d6:dd:d0:cc:a9:
f8:b6:a6:fe
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgICDX0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNDA0MTAw
NjU0MjlaFw0yNDA2MDcwMjE2MTFaMDMxMTAvBgNVBAMTKDczQjE5NDc4QUIwQkQ2
NEVEMzRCRkFCMTg1OEY3OEVDMEQyN0MxQ0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDh2lfL86qFSY4gLzWFRD/u3uHZn7DPNCXNH+OQ313NhRBGhXfc
DlYTSzMpzdg3PsNWAQL5+hp6ZB8Pfmq38iI0GXpWSqF/ILgN2cqXXtHFNcvyp4hv
IVOOTbPIapQCArWIRFm4QghB+5CSN+Y/ntum1tZcoNsnPC+0odTC5qtmE6HF0T9T
LsjcIm0xip5d4aoHYRncrFy1S/nYMvkRttdSdfNfaJ0LCOCAnmDbXbuCBBdRfLvq
sacDJpYDTM+TZtKs4+icUUOUQOPc3Lj/HIk9THnxl2D80cn9LgswJm7GQNS19z/b
dTIRg3TIfPRbAofZow+l0N8uMl59693QYOcRAgMBAAGjggInMIICIzAdBgNVHQ4E
FgQUc7GUeKsL1k7TS/qxhY947A0nwc8wHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3L2M3R1VlS3NMMWs3VFNf
cXhoWTk0N0EwbndjOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwVQYIKwYBBQUHAQcBAf8ERjBEMEIEAgABMDwD
BAIr/pgDBAE7magDBAJnBcADBAJnCgADBAJnGHQDBAGW8u4DBALKWWwDBALKiPgD
BAHKjI4DBALKrnwwDQYJKoZIhvcNAQELBQADggEBAGM9h60YNfTwfVTW1kw8Mh81
R3cTMhi4qX0k4DtJ9RTlda/5S7jvD87wjbFAZr3IAUj0SM0Du/1yWJq+7IjdZvcp
eEFf5lipyqlZdre5mRBACcZxlWyXgVqKr+TeDY6SurybP6tgwG28szIyTur+0NT9
XIa7l9nfDfurZouDH6wDH/9JA8QMeeON2sA6+jacQSGV28KdNZPdGnJofWaqRAxj
Y3ivUwuThjxwjjWP8cXdoriZn20sriiA/GljKSRA2AuEIYGB0xe6RnpXzbgUhUU+
R8bEFPojgW+YMxG4qMiFdepyDBY1ffBpAcr3DuzvVV0CeMSmsZDW3dDMqfi2pv4=
-----END CERTIFICATE-----
Generated at Fri May 17 07:36:56 2024 by rpki-client on console-fra.rpki-client.org