Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/6FBrXNwE_h2plaN3Ff6YiV5mx74.roa
File: 6FBrXNwE_h2plaN3Ff6YiV5mx74.roa (raw, json)
Hash identifier: 2GphBpN7Uc/qcopJgDEJA6iqcQ9DkwtNtv6muGY8UJ8=
Subject key identifier: E8:50:6B:5C:DC:04:FE:1D:A9:95:A3:77:15:FE:98:89:5E:66:C7:BE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 49AA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6FBrXNwE_h2plaN3Ff6YiV5mx74.roa
Signing time: Fri 26 Apr 2024 19:23:24 +0000
ROA not before: Fri 26 Apr 2024 19:23:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18858 (0x49aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 26 19:23:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E8506B5CDC04FE1DA995A37715FE98895E66C7BE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:3d:e9:40:55:b4:9d:d2:73:81:88:d4:a1:ce:
88:dc:b1:79:f2:99:72:92:24:da:4a:ad:a0:b0:ca:
ef:37:1d:e0:65:dc:02:88:56:85:c7:84:a8:d9:e0:
90:ff:64:1b:b4:39:1d:42:4a:f9:d7:46:70:89:24:
4d:c8:04:7d:a6:64:a1:13:b7:a7:ce:97:9a:82:12:
6b:7c:c5:ce:a5:c4:cb:21:20:c7:14:6d:de:1b:22:
ba:28:18:10:84:d6:5f:22:60:aa:e3:86:76:40:6a:
6e:44:52:0c:f5:d0:d5:f1:30:03:fe:2f:60:dd:fc:
c0:31:8a:21:e9:e0:c0:62:d6:74:d9:43:30:58:22:
cf:24:b5:89:d3:3f:35:36:84:72:fb:7d:cc:4a:75:
22:12:8e:1b:87:dc:ae:7d:03:31:ca:5b:64:09:6d:
c6:42:a8:4d:df:06:e9:68:44:f4:22:23:b2:36:fc:
a7:20:15:7e:ce:8a:a3:ba:10:77:76:0f:43:df:65:
70:ee:44:8e:64:a8:50:9f:70:66:8f:c9:59:b7:c9:
20:e3:96:94:b7:0b:6e:ac:01:ed:99:24:be:6d:00:
e9:4b:a6:08:2b:76:61:2b:15:38:fe:0a:bb:f0:bc:
72:6f:b3:a6:db:0e:da:03:3b:b0:63:5d:ab:d6:ef:
9c:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:50:6B:5C:DC:04:FE:1D:A9:95:A3:77:15:FE:98:89:5E:66:C7:BE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6FBrXNwE_h2plaN3Ff6YiV5mx74.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4b:0b:8a:78:95:ff:79:dd:d8:d1:80:e7:2c:c8:95:ba:eb:c5:
eb:c5:dc:46:46:3f:33:2d:da:86:98:c9:aa:8c:47:6a:d3:bf:
7d:a9:7a:b2:eb:d8:08:87:32:30:71:6d:18:85:72:7a:a9:fd:
22:9f:7d:9c:d8:9f:c8:ba:88:47:56:e0:e5:81:31:ff:59:06:
9d:a7:aa:07:54:bb:d6:20:d2:2b:35:ab:9a:c5:c0:97:f2:4d:
a0:ec:70:d2:fd:ba:0d:bf:f4:74:6e:f2:75:d8:b4:fc:4f:af:
12:59:3a:3d:16:76:75:6e:47:1e:24:cb:20:cd:cf:0b:91:d9:
1c:0f:73:9f:97:66:35:e7:78:d9:fd:c1:90:22:28:8b:88:ae:
5d:b5:b1:32:fa:55:5a:01:72:02:85:7c:76:b7:cc:85:c9:21:
bc:a6:7f:45:58:a1:1e:bd:c1:af:bc:5f:06:ea:51:f6:bc:91:
ad:e7:2f:08:50:a1:6d:e5:70:a8:f1:03:37:98:a4:00:03:13:
76:11:71:10:fd:b7:e5:e9:4b:62:ec:c9:e1:58:b5:fd:9e:fa:
29:3d:22:f2:80:59:67:52:33:e5:6b:5c:5b:eb:7e:31:bd:a7:
71:e2:e0:1e:0e:30:ce:0d:a6:a3:9e:4b:d3:99:4c:65:ba:92:
5c:30:61:0f
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSaowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjYx
OTIzMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU4NTA2QjVDREMwNEZF
MURBOTk1QTM3NzE1RkU5ODg5NUU2NkM3QkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFPelAVbSd0nOBiNShzojcsXnymXKSJNpKraCwyu83HeBl3AKI
VoXHhKjZ4JD/ZBu0OR1CSvnXRnCJJE3IBH2mZKETt6fOl5qCEmt8xc6lxMshIMcU
bd4bIrooGBCE1l8iYKrjhnZAam5EUgz10NXxMAP+L2Dd/MAxiiHp4MBi1nTZQzBY
Is8ktYnTPzU2hHL7fcxKdSISjhuH3K59AzHKW2QJbcZCqE3fBuloRPQiI7I2/Kcg
FX7OiqO6EHd2D0PfZXDuRI5kqFCfcGaPyVm3ySDjlpS3C26sAe2ZJL5tAOlLpggr
dmErFTj+CrvwvHJvs6bbDtoDO7BjXavW75zBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU6FBrXNwE/h2plaN3Ff6YiV5mx74wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzZGQnJYTndFX2gycGxh
TjNGZjZZaVY1bXg3NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEASwuKeJX/ed3Y0YDnLMiVuuvF68XcRkY/
My3ahpjJqoxHatO/fal6suvYCIcyMHFtGIVyeqn9Ip99nNifyLqIR1bg5YEx/1kG
naeqB1S71iDSKzWrmsXAl/JNoOxw0v26Db/0dG7yddi0/E+vElk6PRZ2dW5HHiTL
IM3PC5HZHA9zn5dmNed42f3BkCIoi4iuXbWxMvpVWgFyAoV8drfMhckhvKZ/RVih
Hr3Br7xfBupR9ryRrecvCFChbeVwqPEDN5ikAAMTdhFxEP235elLYuzJ4Vi1/Z76
KT0i8oBZZ1Iz5WtcW+t+Mb2nceLgHg4wzg2mo55L05lMZbqSXDBhDw==
-----END CERTIFICATE-----
Generated at Sat Apr 27 10:40:45 2024 by rpki-client on console.sobornost.net