Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2YOmgwAqhU2EwKfTi_NURUnp1xY.roa
File: 2YOmgwAqhU2EwKfTi_NURUnp1xY.roa (raw, json)
Hash identifier: TUE4g5wkl3NDN05wf19QgxKqoIll0m04IY7cpXzTud8=
Subject key identifier: D9:83:A6:83:00:2A:85:4D:84:C0:A7:D3:8B:F3:54:45:49:E9:D7:16
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4EB6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2YOmgwAqhU2EwKfTi_NURUnp1xY.roa
Signing time: Fri 03 May 2024 12:53:56 +0000
ROA not before: Fri 03 May 2024 12:53:56 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20150 (0x4eb6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 12:53:56 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D983A683002A854D84C0A7D38BF3544549E9D716
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:b3:4e:4a:df:40:99:d3:9c:55:22:ec:36:49:
bd:d6:0b:7c:dd:45:78:41:3e:01:e2:eb:62:e9:46:
a9:39:dc:e8:74:e2:dd:c3:ee:06:39:ad:2f:f3:ae:
6c:c4:04:6e:71:c0:4c:20:e5:cf:b8:ba:a6:94:c4:
92:69:be:ba:4c:2d:34:7d:ca:72:d1:b0:6b:d1:8a:
58:25:43:8e:0c:15:ea:a8:3d:2e:bc:86:83:e2:e6:
3f:bc:2e:0e:d6:fa:d3:6d:f3:9a:4f:c0:bf:5b:39:
9b:c6:ed:36:08:52:0d:8f:5e:28:80:91:ba:00:ca:
7b:ad:f0:60:6b:78:17:7d:09:31:be:e2:c3:f6:31:
c4:81:ee:e3:d9:6d:15:ed:7a:79:8e:2c:41:89:ed:
2b:7a:ea:1c:3a:47:31:2b:c1:8f:65:af:dd:de:44:
ff:55:4d:57:e3:0b:74:e5:ee:c7:ba:4f:88:5e:af:
5e:f2:00:49:3f:02:f6:0d:5d:f3:94:05:1f:7d:82:
b9:0d:e3:e6:c1:01:8c:1e:b1:1c:4f:56:49:76:72:
94:74:4e:1a:c4:80:03:26:c9:2c:6b:4c:0f:81:3b:
e8:1c:f8:48:21:c6:03:56:c7:ac:70:39:d9:e8:4d:
1e:69:53:30:c1:de:1c:ba:cd:d5:24:45:3c:d7:be:
af:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:83:A6:83:00:2A:85:4D:84:C0:A7:D3:8B:F3:54:45:49:E9:D7:16
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2YOmgwAqhU2EwKfTi_NURUnp1xY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7c:e8:58:da:8a:e4:20:a2:34:9c:f6:b7:b3:8e:b7:d7:22:c5:
d8:61:47:4f:23:58:0c:bc:5b:a2:c3:fe:f5:7a:f6:52:14:98:
3b:1a:e5:9c:7d:36:3a:f8:1d:64:86:6e:12:f7:c3:84:43:47:
64:55:ac:77:5b:29:b6:5a:d4:63:62:75:22:13:00:90:63:8c:
06:1c:38:f2:12:73:c0:5c:a0:5d:9e:a5:12:46:5c:6d:ff:8c:
5c:4c:19:b3:8d:ed:71:ff:d8:8c:cd:c4:ed:57:da:3b:ef:3b:
1b:53:bd:21:46:20:7f:f7:ac:44:b5:f8:74:d8:d1:fb:91:9a:
52:e3:37:ed:44:bd:c3:11:7b:c0:9d:04:e0:ca:cb:02:5e:c3:
4b:32:84:63:e1:07:70:62:13:e4:51:0d:e8:f4:02:f9:35:83:
17:64:c8:20:4e:ad:0a:95:83:21:6b:ed:d2:23:0e:04:0c:aa:
d2:64:8a:db:7d:88:f7:53:e3:09:2e:8b:92:be:89:d4:3c:26:
94:4b:fe:d7:dd:70:ba:c0:ec:75:b8:a3:db:3f:e8:cf:3a:fb:
04:e7:48:ee:d9:49:2b:99:32:16:e6:16:9a:00:cb:1b:84:52:
c6:73:6a:03:51:2f:42:bb:4b:cf:d4:a1:49:f0:6a:f4:66:24:
7f:18:f7:91
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTrYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMx
MjUzNTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ5ODNBNjgzMDAyQTg1
NEQ4NEMwQTdEMzhCRjM1NDQ1NDlFOUQ3MTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCls05K30CZ05xVIuw2Sb3WC3zdRXhBPgHi62LpRqk53Oh04t3D
7gY5rS/zrmzEBG5xwEwg5c+4uqaUxJJpvrpMLTR9ynLRsGvRilglQ44MFeqoPS68
hoPi5j+8Lg7W+tNt85pPwL9bOZvG7TYIUg2PXiiAkboAynut8GBreBd9CTG+4sP2
McSB7uPZbRXtenmOLEGJ7St66hw6RzErwY9lr93eRP9VTVfjC3Tl7se6T4her17y
AEk/AvYNXfOUBR99grkN4+bBAYwesRxPVkl2cpR0ThrEgAMmySxrTA+BO+gc+Egh
xgNWx6xwOdnoTR5pUzDB3hy6zdUkRTzXvq83AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU2YOmgwAqhU2EwKfTi/NURUnp1xYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJZT21nd0FxaFUyRXdL
ZlRpX05VUlVucDF4WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAfOhY2orkIKI0nPa3s4631yLF2GFHTyNY
DLxbosP+9Xr2UhSYOxrlnH02OvgdZIZuEvfDhENHZFWsd1sptlrUY2J1IhMAkGOM
Bhw48hJzwFygXZ6lEkZcbf+MXEwZs43tcf/YjM3E7VfaO+87G1O9IUYgf/esRLX4
dNjR+5GaUuM37US9wxF7wJ0E4MrLAl7DSzKEY+EHcGIT5FEN6PQC+TWDF2TIIE6t
CpWDIWvt0iMOBAyq0mSK232I91PjCS6Lkr6J1DwmlEv+191wusDsdbij2z/ozzr7
BOdI7tlJK5kyFuYWmgDLG4RSxnNqA1EvQrtLz9ShSfBq9GYkfxj3kQ==
-----END CERTIFICATE-----
Generated at Fri May 3 17:05:21 2024 by rpki-client on console.sobornost.net