Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4ZQ9C2kPvjhcK-SVWdSP6qq_IqQ.roa
File: 4ZQ9C2kPvjhcK-SVWdSP6qq_IqQ.roa (raw, json)
Hash identifier: +MnFH9+ySwuqTfY5XXQuzVziylnxgXjVO7exnhw4LYU=
Subject key identifier: E1:94:3D:0B:69:0F:BE:38:5C:2B:E4:95:59:D4:8F:EA:AA:BF:22:A4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C8A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4ZQ9C2kPvjhcK-SVWdSP6qq_IqQ.roa
Signing time: Tue 09 Apr 2024 07:22:35 +0000
ROA not before: Tue 09 Apr 2024 07:22:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15498 (0x3c8a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 07:22:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E1943D0B690FBE385C2BE49559D48FEAAABF22A4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:a7:9d:d0:61:c8:cb:f7:54:e8:9d:03:3f:d9:
d9:51:5e:de:bc:a8:2e:3d:06:5b:3d:36:67:71:6b:
a1:9c:e9:f2:06:a5:01:94:37:84:95:df:e2:b3:89:
cf:fa:79:ef:b7:97:1c:bc:80:e9:d9:67:6e:c1:7a:
68:f8:ae:98:63:1a:2f:00:05:03:33:77:4d:e4:93:
33:c6:58:7b:66:93:d7:0f:f7:e5:13:12:62:3d:a5:
3d:c3:41:7a:1c:07:6e:fe:9f:53:c4:f8:81:08:f9:
4d:aa:f1:03:1f:68:2d:5c:33:11:3c:a8:5f:b6:45:
d2:34:6d:01:94:ac:f6:e4:a0:f7:26:b8:77:fe:25:
39:a8:09:dd:6c:7f:75:e8:e9:f3:76:a9:4d:a5:f9:
9c:28:59:96:d8:54:a5:ee:7c:21:a6:4b:4c:47:0d:
60:aa:44:b0:1b:93:3b:0e:4d:59:35:25:89:23:12:
e4:3a:f2:22:f5:92:c0:7d:6e:63:43:6e:41:35:bd:
49:0c:0e:29:7a:ff:58:30:f6:b3:bb:28:eb:aa:a5:
2b:ce:3c:cb:35:5c:8c:52:2b:6a:84:76:29:8d:23:
e5:90:20:6d:01:2c:69:f9:e2:a5:b7:28:1b:a0:fb:
c3:dd:75:4d:1d:6a:15:8b:b8:53:90:3a:7d:f4:ac:
46:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:94:3D:0B:69:0F:BE:38:5C:2B:E4:95:59:D4:8F:EA:AA:BF:22:A4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4ZQ9C2kPvjhcK-SVWdSP6qq_IqQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b0:de:7d:99:5c:50:4d:79:72:be:6e:0d:13:82:19:d9:c7:2b:
61:21:e0:33:ef:3f:07:a5:a5:43:e8:72:f2:49:18:f8:0a:42:
41:35:36:81:02:2f:72:35:ef:23:92:87:6a:6d:3b:56:b6:66:
3e:8d:54:7b:69:fe:90:29:78:d8:70:6a:ed:ed:63:8a:5d:46:
f7:2e:bd:7b:39:1e:35:77:c5:07:3e:ca:88:16:e6:ce:8c:fb:
db:92:b8:f0:0c:92:e5:eb:cb:1f:40:8e:76:53:b6:02:3e:13:
99:87:1c:7d:e9:74:55:31:77:b2:48:f0:3f:4f:26:b9:24:58:
ac:32:51:ba:5c:ad:ec:c9:4c:43:71:6c:6e:86:69:9b:f6:27:
bd:e5:b3:e9:22:f4:98:63:57:7c:11:58:74:ec:fc:ee:c6:00:
83:82:87:4c:7a:84:7f:80:6b:1e:3a:80:31:d0:4c:f6:c9:47:
9e:86:f6:86:c6:18:16:07:1d:68:61:32:0e:15:9d:cb:43:6a:
05:74:5e:19:24:8e:17:ca:2e:d5:00:22:4a:d7:53:c7:c9:7f:
16:4d:ce:d4:e7:e6:7c:a2:ae:7a:cf:18:9c:d1:74:db:3c:1d:
2b:fc:f1:4e:08:cb:d7:64:ef:63:41:f4:07:b7:5c:a6:32:ff:
72:00:11:b8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPIowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkw
NzIyMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUxOTQzRDBCNjkwRkJF
Mzg1QzJCRTQ5NTU5RDQ4RkVBQUFCRjIyQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDyp53QYcjL91TonQM/2dlRXt68qC49Bls9Nmdxa6Gc6fIGpQGU
N4SV3+Kzic/6ee+3lxy8gOnZZ27Bemj4rphjGi8ABQMzd03kkzPGWHtmk9cP9+UT
EmI9pT3DQXocB27+n1PE+IEI+U2q8QMfaC1cMxE8qF+2RdI0bQGUrPbkoPcmuHf+
JTmoCd1sf3Xo6fN2qU2l+ZwoWZbYVKXufCGmS0xHDWCqRLAbkzsOTVk1JYkjEuQ6
8iL1ksB9bmNDbkE1vUkMDil6/1gw9rO7KOuqpSvOPMs1XIxSK2qEdimNI+WQIG0B
LGn54qW3KBug+8PddU0dahWLuFOQOn30rEYfAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU4ZQ9C2kPvjhcK+SVWdSP6qq/IqQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRaUTlDMmtQdmpoY0st
U1ZXZFNQNnFxX0lxUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAsN59mVxQTXlyvm4NE4IZ2ccrYSHgM+8/
B6WlQ+hy8kkY+ApCQTU2gQIvcjXvI5KHam07VrZmPo1Ue2n+kCl42HBq7e1jil1G
9y69ezkeNXfFBz7KiBbmzoz725K48AyS5evLH0COdlO2Aj4TmYccfel0VTF3skjw
P08muSRYrDJRulyt7MlMQ3FsboZpm/YnveWz6SL0mGNXfBFYdOz87sYAg4KHTHqE
f4BrHjqAMdBM9slHnob2hsYYFgcdaGEyDhWdy0NqBXReGSSOF8ou1QAiStdTx8l/
Fk3O1OfmfKKues8YnNF02zwdK/zxTgjL12TvY0H0B7dcpjL/cgARuA==
-----END CERTIFICATE-----
Generated at Tue Apr 9 13:37:39 2024 by rpki-client on console.sobornost.net