Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2QlrOK5ZTehPoWDnvndVVu31vPY.roa
File: 2QlrOK5ZTehPoWDnvndVVu31vPY.roa (raw, json)
Hash identifier: 2Pxgp4moGWHgQKgkWDt6qKKIphJp79IayNTJaCuNXAA=
Subject key identifier: D9:09:6B:38:AE:59:4D:E8:4F:A1:60:E7:BE:77:55:56:ED:F5:BC:F6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 558A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2QlrOK5ZTehPoWDnvndVVu31vPY.roa
Signing time: Sun 12 May 2024 15:24:05 +0000
ROA not before: Sun 12 May 2024 15:24:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21898 (0x558a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 15:24:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D9096B38AE594DE84FA160E7BE775556EDF5BCF6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:5e:74:d2:fe:3b:7e:6a:d4:b9:4e:46:31:72:
c9:bf:e3:9c:74:9f:d3:ea:c6:9a:e1:cd:bf:05:ce:
9b:b6:fa:f5:25:ba:cc:31:27:a4:52:43:84:e0:cd:
06:f7:8d:d3:b6:0d:d3:49:ff:48:11:05:4f:80:0f:
c2:83:9f:38:3d:62:6c:78:e9:c8:7d:e9:81:f1:fc:
c9:9e:c6:06:81:8f:c3:66:9e:c8:1e:b5:0a:97:69:
48:22:d6:21:37:a2:ac:16:f2:21:25:8b:62:0e:16:
d3:d2:23:aa:9f:18:7e:ca:1c:de:b1:ea:2e:b0:b1:
1b:37:f4:e5:39:01:3d:34:2a:e5:ba:8b:ae:dd:5c:
7c:77:e7:9f:d6:38:78:02:1a:33:40:67:8e:d0:3d:
c2:43:2d:73:b9:bc:07:9a:7a:ab:ab:ca:90:59:a0:
73:ad:b4:97:57:29:0b:61:08:93:59:5b:2f:b2:6c:
4a:bf:54:a1:9b:c9:9a:38:7e:e0:e2:fd:33:80:e3:
ff:d1:40:b2:66:73:07:66:dc:48:2c:08:44:74:d5:
26:a3:85:50:9d:b1:ca:38:f7:73:ac:44:e2:f4:e3:
00:f1:c0:d1:8a:57:a4:67:3f:92:ed:eb:0e:0f:45:
d8:00:41:8f:21:5c:b4:3a:0c:5e:5e:22:34:aa:2a:
9c:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:09:6B:38:AE:59:4D:E8:4F:A1:60:E7:BE:77:55:56:ED:F5:BC:F6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2QlrOK5ZTehPoWDnvndVVu31vPY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
36:61:1a:31:36:90:f9:36:67:11:33:62:8e:89:35:a3:56:39:
49:c0:38:3f:0c:ed:01:71:83:fb:08:fc:a7:30:ab:4c:f0:58:
77:3e:b8:1a:5e:10:5f:5c:2d:0a:fc:68:5b:f1:ab:da:c4:b8:
41:a9:40:99:8f:63:09:56:2a:3c:d6:3e:f5:b8:d6:ac:68:ee:
59:ba:06:bf:22:45:52:83:12:2f:2c:4d:32:43:d2:ec:ec:5b:
18:c8:fb:15:8c:4d:8e:a0:7a:72:ca:13:3c:c2:90:3e:3a:a8:
8b:98:82:4d:45:b9:50:a2:99:2e:34:83:1d:79:4f:d0:09:25:
74:37:55:c6:9b:61:43:34:91:bf:ad:ff:1a:4a:b0:5e:ef:c8:
17:ab:7e:cb:17:f2:df:83:0e:73:2b:23:7c:0a:21:8a:09:7b:
81:70:ad:8e:45:3b:aa:20:cd:c1:6a:82:28:f6:d1:e4:19:9b:
7c:14:a5:50:91:53:df:39:43:c6:5d:a9:dc:12:99:8e:f3:eb:
9c:b9:ee:f9:0b:10:4a:64:e0:ef:98:3a:a0:5a:07:35:20:9d:
c4:04:44:6c:c5:51:b2:b2:e5:0a:d4:ee:00:2d:e8:b0:a7:dd:
d3:7e:d8:77:b8:8d:c0:2f:36:e8:04:f1:26:05:ca:d5:6f:d0:
02:79:76:fd
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVYowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIx
NTI0MDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ5MDk2QjM4QUU1OTRE
RTg0RkExNjBFN0JFNzc1NTU2RURGNUJDRjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpXnTS/jt+atS5TkYxcsm/45x0n9Pqxprhzb8Fzpu2+vUluswx
J6RSQ4TgzQb3jdO2DdNJ/0gRBU+AD8KDnzg9Ymx46ch96YHx/MmexgaBj8Nmnsge
tQqXaUgi1iE3oqwW8iEli2IOFtPSI6qfGH7KHN6x6i6wsRs39OU5AT00KuW6i67d
XHx355/WOHgCGjNAZ47QPcJDLXO5vAeaequrypBZoHOttJdXKQthCJNZWy+ybEq/
VKGbyZo4fuDi/TOA4//RQLJmcwdm3EgsCER01SajhVCdsco493OsROL04wDxwNGK
V6RnP5Lt6w4PRdgAQY8hXLQ6DF5eIjSqKpw5AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU2QlrOK5ZTehPoWDnvndVVu31vPYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJRbHJPSzVaVGVoUG9X
RG52bmRWVnUzMXZQWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEANmEaMTaQ+TZnETNijok1o1Y5ScA4Pwzt
AXGD+wj8pzCrTPBYdz64Gl4QX1wtCvxoW/Gr2sS4QalAmY9jCVYqPNY+9bjWrGju
WboGvyJFUoMSLyxNMkPS7OxbGMj7FYxNjqB6csoTPMKQPjqoi5iCTUW5UKKZLjSD
HXlP0AkldDdVxpthQzSRv63/GkqwXu/IF6t+yxfy34MOcysjfAohigl7gXCtjkU7
qiDNwWqCKPbR5BmbfBSlUJFT3zlDxl2p3BKZjvPrnLnu+QsQSmTg75g6oFoHNSCd
xAREbMVRsrLlCtTuAC3osKfd037Yd7iNwC826ATxJgXK1W/QAnl2/Q==
-----END CERTIFICATE-----
Generated at Sun May 12 18:35:23 2024 by rpki-client on console.sobornost.net