Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-MKc5CNnvDjZNoKKUzqO5UZSWUA.roa
File: -MKc5CNnvDjZNoKKUzqO5UZSWUA.roa (raw, json)
Hash identifier: uu//wzreTUlaP+xTrMyRYyk5bsrfellbAmHFnf08MZI=
Subject key identifier: F8:C2:9C:E4:23:67:BC:38:D9:36:82:8A:53:3A:8E:E5:46:52:59:40
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4BBA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-MKc5CNnvDjZNoKKUzqO5UZSWUA.roa
Signing time: Mon 29 Apr 2024 13:23:31 +0000
ROA not before: Mon 29 Apr 2024 13:23:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19386 (0x4bba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 13:23:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F8C29CE42367BC38D936828A533A8EE546525940
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:44:ef:76:42:8b:78:63:fa:e8:df:9e:d9:9c:
ce:f4:41:da:bd:54:5e:9b:27:42:dd:be:57:6b:c6:
7a:dc:5f:a3:1f:f9:4f:7e:d8:d2:cf:37:fa:99:5d:
3c:70:14:38:bc:86:22:ac:e2:22:4b:3e:7c:9b:05:
8d:4d:7f:fe:a9:7f:25:9d:04:48:7b:00:5a:42:b5:
5d:e4:03:64:9e:05:6a:9e:5c:2e:ee:08:b1:92:2e:
a4:f3:84:95:32:43:fb:17:a4:bd:17:0a:c9:28:1d:
9a:3f:9d:28:3c:77:cf:65:5d:dc:0e:cd:46:ba:13:
2c:ff:42:40:62:e9:19:7e:d9:a2:8e:6d:3f:65:56:
50:fb:b4:0b:6d:9b:eb:65:a7:ed:23:f0:01:77:3d:
41:d2:b9:c9:13:7e:77:7b:39:ee:85:a5:8e:74:9d:
50:5c:fb:5e:0f:17:75:7f:12:aa:10:1e:96:d7:81:
cf:92:2f:77:77:cc:60:c9:91:f3:f1:f0:1b:81:9f:
b7:1c:b7:eb:21:15:db:83:28:02:d1:94:fd:71:bd:
35:3b:91:06:34:fb:6f:e4:e8:e7:97:c1:60:f8:bf:
21:b6:54:a8:25:55:af:33:bc:98:47:ab:cb:85:a4:
10:95:9f:0e:6f:63:ae:12:18:d1:00:df:e2:a9:02:
b6:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:C2:9C:E4:23:67:BC:38:D9:36:82:8A:53:3A:8E:E5:46:52:59:40
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-MKc5CNnvDjZNoKKUzqO5UZSWUA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3b:99:5d:43:d8:1d:84:b0:b6:39:18:f7:d3:33:6a:ef:70:79:
17:d6:8a:e2:c5:9c:f2:d6:76:0e:00:44:d6:a3:68:da:77:cd:
e7:11:a5:bc:a8:bd:c6:77:ca:93:46:2a:ab:ec:d0:be:ae:5e:
c1:13:6b:60:ec:f9:9c:d2:f2:a4:c0:4f:3a:fd:f4:33:e7:6b:
a6:1b:de:91:cb:fc:da:6a:46:a7:90:40:e5:09:a2:16:76:ec:
19:cd:98:ca:3b:65:a3:bb:b4:55:dd:40:ff:61:c1:37:c9:e1:
93:45:67:a0:c8:19:28:7b:58:f4:93:17:7f:b2:a8:6b:c0:18:
d4:2b:4c:16:48:04:68:f3:96:9b:cd:ae:80:7e:81:37:1a:fb:
e3:35:e4:12:3e:79:d8:35:96:29:3c:f4:1e:35:75:8f:75:6d:
f8:12:4f:31:95:43:a6:f2:5e:3c:aa:43:6c:54:51:ce:1b:57:
a3:9e:95:ec:27:8f:23:55:06:8f:99:7c:55:99:7a:05:21:61:
f9:20:21:d0:01:62:ce:4f:76:83:02:f3:ec:5b:79:e0:82:f5:
69:d2:b6:81:17:9f:4d:8d:e5:f2:b2:dc:22:dd:e3:17:52:df:
b5:9e:b7:ad:7e:bd:72:b0:c7:75:0f:c3:3b:f8:31:e8:05:aa:
7f:e3:b3:e2
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICS7owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkx
MzIzMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY4QzI5Q0U0MjM2N0JD
MzhEOTM2ODI4QTUzM0E4RUU1NDY1MjU5NDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5RO92Qot4Y/ro357ZnM70Qdq9VF6bJ0LdvldrxnrcX6Mf+U9+
2NLPN/qZXTxwFDi8hiKs4iJLPnybBY1Nf/6pfyWdBEh7AFpCtV3kA2SeBWqeXC7u
CLGSLqTzhJUyQ/sXpL0XCskoHZo/nSg8d89lXdwOzUa6Eyz/QkBi6Rl+2aKObT9l
VlD7tAttm+tlp+0j8AF3PUHSuckTfnd7Oe6FpY50nVBc+14PF3V/EqoQHpbXgc+S
L3d3zGDJkfPx8BuBn7cct+shFduDKALRlP1xvTU7kQY0+2/k6OeXwWD4vyG2VKgl
Va8zvJhHq8uFpBCVnw5vY64SGNEA3+KpArYzAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU+MKc5CNnvDjZNoKKUzqO5UZSWUAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly1NS2M1Q05udkRqWk5v
S0tVenFPNVVaU1dVQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAO5ldQ9gdhLC2ORj30zNq73B5F9aK4sWc
8tZ2DgBE1qNo2nfN5xGlvKi9xnfKk0Yqq+zQvq5ewRNrYOz5nNLypMBPOv30M+dr
phvekcv82mpGp5BA5QmiFnbsGc2Yyjtlo7u0Vd1A/2HBN8nhk0VnoMgZKHtY9JMX
f7Koa8AY1CtMFkgEaPOWm82ugH6BNxr74zXkEj552DWWKTz0HjV1j3Vt+BJPMZVD
pvJePKpDbFRRzhtXo56V7CePI1UGj5l8VZl6BSFh+SAh0AFizk92gwLz7Ft54IL1
adK2gRefTY3l8rLcIt3jF1LftZ63rX69crDHdQ/DO/gx6AWqf+Oz4g==
-----END CERTIFICATE-----
Generated at Mon Apr 29 19:13:36 2024 by rpki-client on console.sobornost.net