Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2jdKj8nMpqDO-zxTBBqNGr9v3lQ.roa
File: 2jdKj8nMpqDO-zxTBBqNGr9v3lQ.roa (raw, json)
Hash identifier: riLyApwRgr6KM1i2m+uVjzOkHjn5+LwCe6p7+OkBaTQ=
Subject key identifier: DA:37:4A:8F:C9:CC:A6:A0:CE:FB:3C:53:04:1A:8D:1A:BF:6F:DE:54
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 44E2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2jdKj8nMpqDO-zxTBBqNGr9v3lQ.roa
Signing time: Sat 20 Apr 2024 10:23:04 +0000
ROA not before: Sat 20 Apr 2024 10:23:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17634 (0x44e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 10:23:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DA374A8FC9CCA6A0CEFB3C53041A8D1ABF6FDE54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:c8:f1:bb:4d:ae:cf:1f:3c:72:f1:97:a8:74:
7f:56:9f:66:ec:c2:01:61:e6:29:c4:e0:b3:36:1c:
4b:a6:e4:28:22:86:39:0f:e6:05:c0:c1:80:6c:10:
fe:96:64:e2:e1:c4:ad:b7:a2:b0:71:b9:06:d9:4e:
f0:04:4f:27:90:1e:71:23:e6:b3:56:39:6e:80:34:
3f:47:0f:f4:c2:9c:0a:da:39:a3:06:b9:c3:15:12:
56:7d:dd:95:18:b3:2a:53:84:de:bc:2c:02:d8:fe:
58:13:06:3b:d0:61:53:3c:fc:6b:63:0a:e2:6a:45:
ca:e5:5f:9f:98:27:c5:6d:a0:5e:42:9e:d2:b5:31:
70:62:be:f7:7f:dc:fb:95:49:27:fd:79:e6:b0:68:
c3:b8:a3:74:17:26:4a:38:75:5f:50:b7:97:59:62:
40:e0:b5:d9:21:04:a8:86:68:5a:2b:59:ea:25:da:
c3:f6:82:2d:c6:91:1f:b4:02:28:a6:4e:96:d2:08:
76:a2:56:c0:20:10:27:27:8a:4b:03:f1:66:f3:3f:
f3:f9:e8:85:61:80:1a:30:57:7b:bd:81:8e:38:53:
0c:09:8b:84:51:79:bd:e9:06:2e:22:1c:77:bf:7e:
a5:2a:c7:d2:f6:bb:c0:e3:7b:4d:c2:6a:4a:cc:2f:
42:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:37:4A:8F:C9:CC:A6:A0:CE:FB:3C:53:04:1A:8D:1A:BF:6F:DE:54
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2jdKj8nMpqDO-zxTBBqNGr9v3lQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6b:80:95:34:0c:ad:80:9f:f3:54:72:69:ce:b6:7d:15:8b:b4:
e8:3d:8e:b1:3d:ba:fd:ea:ba:b8:14:e8:93:3e:bf:70:16:0f:
22:a5:3d:d2:8f:aa:26:d9:a8:12:2f:bc:1d:1b:bb:f3:bd:cc:
67:41:39:34:f8:eb:21:40:a9:ad:7c:85:44:ef:aa:bb:ab:40:
5b:f2:06:88:0e:44:43:ad:9c:36:ad:bb:1f:81:33:a6:79:0b:
4a:98:1b:61:78:1c:a8:0d:5a:69:7f:ec:27:e8:78:55:8d:67:
6d:c1:b2:6e:3e:00:0b:9e:49:70:dc:0b:60:26:21:7f:ba:df:
bb:22:ac:eb:75:2c:2d:07:5b:11:e4:6a:3f:5d:1b:85:b8:7e:
32:cd:fa:64:0f:00:55:7c:b1:0b:f6:bb:54:6e:be:53:c2:6a:
73:da:d4:f7:a0:19:2c:c7:1f:7d:4b:98:10:41:90:93:b5:2c:
d3:1f:88:b1:93:27:14:d2:43:fd:e4:ef:b1:d2:64:ba:ae:88:
4a:32:14:6f:34:57:c7:2b:66:0c:d1:01:80:7e:d8:9f:01:00:
62:4c:a4:3a:ac:6c:41:9a:bc:dc:4f:b2:fa:93:30:f2:57:d1:
da:fb:75:8e:56:f5:1c:70:3e:42:9d:70:6a:50:10:48:51:3b:
fe:2a:3d:ad
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICROIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAx
MDIzMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERBMzc0QThGQzlDQ0E2
QTBDRUZCM0M1MzA0MUE4RDFBQkY2RkRFNTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbyPG7Ta7PHzxy8ZeodH9Wn2bswgFh5inE4LM2HEum5CgihjkP
5gXAwYBsEP6WZOLhxK23orBxuQbZTvAETyeQHnEj5rNWOW6AND9HD/TCnAraOaMG
ucMVElZ93ZUYsypThN68LALY/lgTBjvQYVM8/GtjCuJqRcrlX5+YJ8VtoF5CntK1
MXBivvd/3PuVSSf9eeawaMO4o3QXJko4dV9Qt5dZYkDgtdkhBKiGaForWeol2sP2
gi3GkR+0AiimTpbSCHaiVsAgECcniksD8WbzP/P56IVhgBowV3u9gY44UwwJi4RR
eb3pBi4iHHe/fqUqx9L2u8Dje03CakrML0LvAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU2jdKj8nMpqDO+zxTBBqNGr9v3lQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJqZEtqOG5NcHFETy16
eFRCQnFOR3I5djNsUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAa4CVNAytgJ/zVHJpzrZ9FYu06D2OsT26
/eq6uBTokz6/cBYPIqU90o+qJtmoEi+8HRu7873MZ0E5NPjrIUCprXyFRO+qu6tA
W/IGiA5EQ62cNq27H4EzpnkLSpgbYXgcqA1aaX/sJ+h4VY1nbcGybj4AC55JcNwL
YCYhf7rfuyKs63UsLQdbEeRqP10bhbh+Ms36ZA8AVXyxC/a7VG6+U8Jqc9rU96AZ
LMcffUuYEEGQk7Us0x+IsZMnFNJD/eTvsdJkuq6ISjIUbzRXxytmDNEBgH7YnwEA
YkykOqxsQZq83E+y+pMw8lfR2vt1jlb1HHA+Qp1walAQSFE7/io9rQ==
-----END CERTIFICATE-----
Generated at Sat Apr 20 15:20:44 2024 by rpki-client on console.sobornost.net