Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2no2-WQItxHF_K6SggORbDaRRJw.roa
File: 2no2-WQItxHF_K6SggORbDaRRJw.roa (raw, json)
Hash identifier: 8PWHZDnFwyIbGLbZKreI+QAr34kYT1Cbij6S6TTHPkU=
Subject key identifier: DA:7A:36:F9:64:08:B7:11:C5:FC:AE:92:82:03:91:6C:36:91:44:9C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 33C2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2no2-WQItxHF_K6SggORbDaRRJw.roa
Signing time: Thu 28 Mar 2024 14:22:08 +0000
ROA not before: Thu 28 Mar 2024 14:22:08 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13250 (0x33c2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 14:22:08 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DA7A36F96408B711C5FCAE928203916C3691449C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:7a:f3:7c:66:76:73:07:97:7a:2f:93:9d:f4:
96:6c:cc:f4:96:29:17:61:dc:c8:54:b1:0a:a7:70:
7b:7c:7a:f7:89:14:25:db:75:36:4c:bd:a5:8d:1c:
09:2d:2e:b0:dd:f6:f0:6d:ec:f4:de:7e:18:99:30:
c9:41:b8:60:68:16:35:98:54:6a:8a:de:24:b3:2d:
00:17:19:b8:f2:f5:a7:15:ed:c2:60:99:eb:67:cf:
7c:46:38:4e:fd:0f:b9:f2:ff:50:b3:ad:f6:14:f3:
cd:fe:b5:c5:79:5b:4a:cc:24:ce:f2:71:03:3e:af:
67:df:03:da:c8:69:b6:02:ea:07:4e:4e:e4:16:35:
5a:ad:f3:59:6b:3e:8d:c1:eb:f8:ef:33:7d:88:dd:
3b:6f:db:56:8a:b7:e4:93:c8:54:c8:bc:01:3a:a4:
fb:ba:95:94:54:9c:8e:07:e8:54:34:c9:dd:60:71:
e7:77:f4:b8:99:92:b8:0d:98:98:fe:83:65:74:c7:
fe:41:97:ab:d2:35:18:fd:37:c9:61:ea:15:48:90:
72:49:4a:1b:8a:b7:b4:f7:cf:cd:b3:d5:0b:e6:98:
4c:93:db:da:b3:fe:62:7e:33:ae:ff:22:27:0a:b2:
0d:83:52:cc:42:9a:16:44:88:11:e5:66:7e:22:47:
a0:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:7A:36:F9:64:08:B7:11:C5:FC:AE:92:82:03:91:6C:36:91:44:9C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2no2-WQItxHF_K6SggORbDaRRJw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
77:dd:c3:a3:6b:fb:04:c6:5d:75:ed:c9:3f:31:23:f5:75:c5:
25:c9:3d:c7:9c:66:a9:0c:35:99:8f:44:0d:45:51:af:71:de:
cf:0c:e4:bb:85:c3:7b:5d:79:d0:92:48:53:c2:d1:d6:44:ab:
ad:ed:39:7b:e7:44:48:d1:96:55:94:c2:07:96:36:45:95:82:
34:eb:b3:08:8b:a0:a6:bb:82:26:0b:10:83:9a:2d:2b:4e:13:
75:37:ac:42:4f:04:c1:d2:31:88:72:27:9e:f1:0e:04:63:fc:
2c:d8:92:4a:93:45:77:bc:c4:6e:9d:0f:64:58:3a:3d:73:48:
56:2e:12:8e:61:8f:eb:59:c2:65:a4:d2:fd:d7:07:21:36:6a:
65:e6:01:c9:75:04:6b:60:ef:2a:f9:c7:59:3b:b0:92:5f:5d:
97:56:72:09:73:72:07:55:79:0e:41:d8:14:2b:0a:8e:83:42:
4f:e3:9a:dd:0b:e3:1a:ac:78:75:bd:fe:3e:95:d9:2d:ed:83:
a4:e3:c9:bc:d5:b4:31:9b:5a:6b:80:87:25:7d:69:52:05:85:
15:cd:ad:64:3b:3c:1e:86:13:54:0a:5f:95:e0:a6:dd:dc:ba:
dc:05:6d:54:5a:be:96:ec:58:f1:58:e5:8a:51:7f:30:fa:ca:
28:45:32:37
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICM8IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgx
NDIyMDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERBN0EzNkY5NjQwOEI3
MTFDNUZDQUU5MjgyMDM5MTZDMzY5MTQ0OUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrevN8ZnZzB5d6L5Od9JZszPSWKRdh3MhUsQqncHt8eveJFCXb
dTZMvaWNHAktLrDd9vBt7PTefhiZMMlBuGBoFjWYVGqK3iSzLQAXGbjy9acV7cJg
metnz3xGOE79D7ny/1CzrfYU883+tcV5W0rMJM7ycQM+r2ffA9rIabYC6gdOTuQW
NVqt81lrPo3B6/jvM32I3Ttv21aKt+STyFTIvAE6pPu6lZRUnI4H6FQ0yd1gced3
9LiZkrgNmJj+g2V0x/5Bl6vSNRj9N8lh6hVIkHJJShuKt7T3z82z1QvmmEyT29qz
/mJ+M67/IicKsg2DUsxCmhZEiBHlZn4iR6DJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU2no2+WQItxHF/K6SggORbDaRRJwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJubzItV1FJdHhIRl9L
NlNnZ09SYkRhUlJKdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAd93Do2v7BMZdde3JPzEj9XXFJck9x5xm
qQw1mY9EDUVRr3Hezwzku4XDe1150JJIU8LR1kSrre05e+dESNGWVZTCB5Y2RZWC
NOuzCIugpruCJgsQg5otK04TdTesQk8EwdIxiHInnvEOBGP8LNiSSpNFd7zEbp0P
ZFg6PXNIVi4SjmGP61nCZaTS/dcHITZqZeYByXUEa2DvKvnHWTuwkl9dl1ZyCXNy
B1V5DkHYFCsKjoNCT+Oa3QvjGqx4db3+PpXZLe2DpOPJvNW0MZtaa4CHJX1pUgWF
Fc2tZDs8HoYTVApfleCm3dy63AVtVFq+luxY8VjlilF/MPrKKEUyNw==
-----END CERTIFICATE-----
Generated at Thu Mar 28 21:02:48 2024 by rpki-client on console.sobornost.net