Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4UEspW17L7UTLTL87OHy61vO9ek.roa
File: 4UEspW17L7UTLTL87OHy61vO9ek.roa (raw, json)
Hash identifier: kNypaepAaKZfU+Op67A2ejuwbVUJQlP96UCDqEWSF8U=
Subject key identifier: E1:41:2C:A5:6D:7B:2F:B5:13:2D:32:FC:EC:E1:F2:EB:5B:CE:F5:E9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3A7A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4UEspW17L7UTLTL87OHy61vO9ek.roa
Signing time: Sat 06 Apr 2024 13:22:26 +0000
ROA not before: Sat 06 Apr 2024 13:22:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14970 (0x3a7a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 6 13:22:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E1412CA56D7B2FB5132D32FCECE1F2EB5BCEF5E9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:90:85:8f:81:4f:72:8c:06:bc:c9:47:7f:27:
ef:d1:73:d2:e4:82:a6:e3:56:53:4a:bf:ec:ec:51:
8d:38:a2:d8:44:12:df:9d:a9:9d:2a:4a:c5:1c:2a:
86:64:63:84:95:6a:bd:b6:5f:9d:bb:c0:70:24:09:
a3:fa:c1:4a:56:38:7c:99:62:44:85:39:e2:12:c1:
8f:68:e0:6f:4e:c6:9b:05:f1:bb:86:2d:b3:e2:23:
9c:76:17:80:65:f1:5b:03:f5:a5:e5:64:77:5d:a3:
f1:70:13:b8:0d:e9:e3:37:29:9c:1a:b5:3b:d8:d6:
0f:0a:88:e5:1c:ac:47:fc:7e:35:46:81:b1:e0:42:
b3:60:2c:fd:57:fe:78:33:3d:91:75:17:ef:96:11:
4c:30:16:68:d2:ba:fa:f5:f6:8a:ed:16:e3:5f:61:
32:2f:36:a3:bf:31:c8:8d:d9:d2:a7:c5:66:6f:15:
9c:2b:fb:d8:09:85:bc:9d:fb:62:63:be:c7:5c:ab:
11:7c:5f:5d:77:15:ba:ac:eb:ea:63:67:4f:f7:7e:
49:78:e3:0c:56:6a:97:ee:9a:ce:fe:ab:ba:a0:40:
5e:d3:a6:64:06:a7:ae:96:38:4b:81:c4:58:fe:2e:
de:b2:6e:88:4d:2e:b2:c1:2a:c4:b9:d2:c8:a8:a2:
e5:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:41:2C:A5:6D:7B:2F:B5:13:2D:32:FC:EC:E1:F2:EB:5B:CE:F5:E9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4UEspW17L7UTLTL87OHy61vO9ek.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7c:e1:18:46:0d:05:89:7f:6a:10:2d:b0:6e:a3:1f:4c:56:fe:
e8:66:9c:0c:66:d2:e9:b5:45:63:4c:44:e5:02:00:dd:dc:32:
52:0f:73:48:9b:c0:a6:c8:9f:bd:fa:9a:2d:99:ac:ad:19:5e:
db:43:5d:5d:b6:ff:8d:70:cd:da:50:74:67:9c:7b:43:ae:a3:
df:45:36:71:5b:3a:2b:ed:14:b3:a2:5a:6b:bb:76:3f:ee:cd:
e3:3e:3c:a2:09:ae:c7:b3:99:65:73:06:60:fd:13:f1:47:02:
0d:a5:21:52:07:db:be:ef:12:48:8b:59:7e:d6:1f:e5:af:ba:
16:4a:bb:48:a3:2c:30:fb:36:db:95:8f:20:5d:cf:99:53:65:
fb:c8:07:13:8b:83:bf:1b:ff:5d:71:be:56:79:fa:63:87:6f:
2c:c1:fe:07:81:ec:c8:b1:35:25:53:62:38:c2:2e:a5:df:dc:
e2:d3:e6:45:64:c2:8e:89:1d:83:9b:28:99:e5:ea:b7:fb:8c:
60:b7:a5:bc:8c:af:ca:28:86:0a:8f:e0:f0:67:7a:69:9e:21:
54:28:61:59:5f:d0:f2:cf:4b:16:91:12:01:4e:11:d7:b7:28:
2a:4a:e6:58:cc:9e:91:8d:e8:d9:6b:cb:07:a5:08:f4:b4:f9:
80:91:37:27
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOnowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDYx
MzIyMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUxNDEyQ0E1NkQ3QjJG
QjUxMzJEMzJGQ0VDRTFGMkVCNUJDRUY1RTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCYkIWPgU9yjAa8yUd/J+/Rc9LkgqbjVlNKv+zsUY04othEEt+d
qZ0qSsUcKoZkY4SVar22X527wHAkCaP6wUpWOHyZYkSFOeISwY9o4G9OxpsF8buG
LbPiI5x2F4Bl8VsD9aXlZHddo/FwE7gN6eM3KZwatTvY1g8KiOUcrEf8fjVGgbHg
QrNgLP1X/ngzPZF1F++WEUwwFmjSuvr19ortFuNfYTIvNqO/MciN2dKnxWZvFZwr
+9gJhbyd+2JjvsdcqxF8X113Fbqs6+pjZ0/3fkl44wxWapfums7+q7qgQF7TpmQG
p66WOEuBxFj+Lt6ybohNLrLBKsS50sioouWLAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU4UEspW17L7UTLTL87OHy61vO9ekwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRVRXNwVzE3TDdVVExU
TDg3T0h5NjF2Tzllay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAfOEYRg0FiX9qEC2wbqMfTFb+6GacDGbS
6bVFY0xE5QIA3dwyUg9zSJvApsifvfqaLZmsrRle20NdXbb/jXDN2lB0Z5x7Q66j
30U2cVs6K+0Us6Jaa7t2P+7N4z48ogmux7OZZXMGYP0T8UcCDaUhUgfbvu8SSItZ
ftYf5a+6Fkq7SKMsMPs225WPIF3PmVNl+8gHE4uDvxv/XXG+Vnn6Y4dvLMH+B4Hs
yLE1JVNiOMIupd/c4tPmRWTCjokdg5someXqt/uMYLelvIyvyiiGCo/g8Gd6aZ4h
VChhWV/Q8s9LFpESAU4R17coKkrmWMyekY3o2WvLB6UI9LT5gJE3Jw==
-----END CERTIFICATE-----
Generated at Sat Apr 6 20:08:04 2024 by rpki-client on console.sobornost.net