Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/71fuqys3Pp3GHiLhIKnJB921T-A.roa
File: 71fuqys3Pp3GHiLhIKnJB921T-A.roa (raw, json)
Hash identifier: yJBQ2mgNmJwI3w3SMwKOJWPyNrtDPKZ9wZO3GLTOmGs=
Subject key identifier: EF:57:EE:AB:2B:37:3E:9D:C6:1E:22:E1:20:A9:C9:07:DD:B5:4F:E0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C9A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/71fuqys3Pp3GHiLhIKnJB921T-A.roa
Signing time: Tue 30 Apr 2024 17:23:34 +0000
ROA not before: Tue 30 Apr 2024 17:23:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19610 (0x4c9a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 17:23:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EF57EEAB2B373E9DC61E22E120A9C907DDB54FE0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:0f:52:43:bc:a5:ea:67:57:5d:48:d0:ec:ab:
74:af:38:30:52:ae:14:21:37:b5:87:59:ca:da:8b:
57:ae:3f:77:de:6a:ad:d2:61:a1:d9:d3:7d:1b:62:
81:61:1b:60:b8:e3:de:86:41:c2:3e:e0:6f:89:cc:
1d:ad:d3:e9:2b:49:a2:f9:38:8e:3d:16:d1:3a:5c:
45:65:d2:7c:43:6c:ca:b6:25:d3:2c:bf:a2:0d:14:
f1:ce:7d:c6:d0:28:fa:f3:ec:1b:94:c6:71:b5:01:
7f:9f:6a:8b:2c:3f:5e:10:8d:82:fd:59:3d:61:33:
cf:5d:53:32:e2:f5:0f:21:0a:5e:29:36:14:6b:6c:
52:2f:6f:76:11:1c:12:46:8a:eb:dc:36:6e:2c:5d:
98:bf:63:41:be:4a:d8:ff:51:cc:f9:af:70:67:a1:
c2:70:5f:ba:7e:31:c9:3d:4d:73:b6:a2:9a:d1:46:
c4:41:20:20:70:21:39:eb:6e:9c:3b:8e:f1:e2:24:
b2:0b:90:20:a7:c6:60:fc:04:45:fe:8b:4d:f8:d0:
73:d1:4d:8e:f6:ca:e3:5e:7e:ac:f2:5a:74:1d:c2:
bf:4f:55:8f:ec:a5:da:1e:d8:5c:f7:6e:72:95:26:
9f:4f:39:33:18:0f:e7:90:3a:61:fd:ca:df:1b:f6:
30:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:57:EE:AB:2B:37:3E:9D:C6:1E:22:E1:20:A9:C9:07:DD:B5:4F:E0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/71fuqys3Pp3GHiLhIKnJB921T-A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4e:bf:36:3f:89:66:79:32:09:fc:2c:3f:e5:c7:59:8f:3d:ea:
39:3d:42:3d:c4:f7:ce:8e:d4:f6:91:5a:84:57:0c:33:2a:25:
24:cf:28:59:be:c8:1b:ac:f7:d0:17:94:17:07:9a:55:a0:f4:
81:e0:72:28:50:e9:5e:7b:38:16:c5:b0:81:e3:5f:bf:ba:59:
c8:ba:ab:d4:e3:ef:45:46:87:37:21:22:6d:06:17:90:3e:69:
8e:df:59:e2:7a:5e:9c:5e:87:9b:a1:11:8a:19:ef:c5:f5:6e:
7f:3b:a7:5c:5e:84:99:78:b2:2b:e7:66:96:67:ce:4e:ea:2d:
12:73:1d:82:95:41:b5:91:09:49:7c:9e:97:bf:83:aa:f2:b6:
ce:77:ca:01:c7:26:57:d0:8c:37:44:c5:38:f5:26:fc:8d:80:
2d:81:c8:c2:a9:c8:c3:b1:72:0d:44:dc:d7:f3:b4:0a:a6:e4:
78:90:bb:40:60:50:64:34:76:c2:69:6a:7e:40:5e:73:03:65:
a9:6e:95:51:da:89:d5:9b:72:7a:39:72:01:f7:17:7f:95:86:
cc:65:74:93:fc:02:90:ed:7a:88:eb:e9:c9:09:7c:54:7f:fd:
0e:7d:6d:3d:c7:fc:3f:26:fd:e2:fd:c1:4e:bf:3b:f2:69:1e:
e4:37:8e:b1
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTJowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAx
NzIzMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVGNTdFRUFCMkIzNzNF
OURDNjFFMjJFMTIwQTlDOTA3RERCNTRGRTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCyD1JDvKXqZ1ddSNDsq3SvODBSrhQhN7WHWcrai1euP3feaq3S
YaHZ030bYoFhG2C4496GQcI+4G+JzB2t0+krSaL5OI49FtE6XEVl0nxDbMq2JdMs
v6INFPHOfcbQKPrz7BuUxnG1AX+faossP14QjYL9WT1hM89dUzLi9Q8hCl4pNhRr
bFIvb3YRHBJGiuvcNm4sXZi/Y0G+Stj/Ucz5r3BnocJwX7p+Mck9TXO2oprRRsRB
ICBwITnrbpw7jvHiJLILkCCnxmD8BEX+i0340HPRTY72yuNefqzyWnQdwr9PVY/s
pdoe2Fz3bnKVJp9POTMYD+eQOmH9yt8b9jA5AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU71fuqys3Pp3GHiLhIKnJB921T+AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzcxZnVxeXMzUHAzR0hp
TGhJS25KQjkyMVQtQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEATr82P4lmeTIJ/Cw/5cdZjz3qOT1CPcT3
zo7U9pFahFcMMyolJM8oWb7IG6z30BeUFweaVaD0geByKFDpXns4FsWwgeNfv7pZ
yLqr1OPvRUaHNyEibQYXkD5pjt9Z4npenF6Hm6ERihnvxfVufzunXF6EmXiyK+dm
lmfOTuotEnMdgpVBtZEJSXyel7+DqvK2znfKAccmV9CMN0TFOPUm/I2ALYHIwqnI
w7FyDUTc1/O0CqbkeJC7QGBQZDR2wmlqfkBecwNlqW6VUdqJ1ZtyejlyAfcXf5WG
zGV0k/wCkO16iOvpyQl8VH/9Dn1tPcf8Pyb94v3BTr878mke5DeOsQ==
-----END CERTIFICATE-----
Generated at Tue Apr 30 22:25:24 2024 by rpki-client on console.sobornost.net