Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7IObIX8gEMyGHykDqvqbT6L2qkk.roa
File: 7IObIX8gEMyGHykDqvqbT6L2qkk.roa (raw, json)
Hash identifier: kvAN/H5A020ufPd6q53fvmOy9wEpAlYyxRlH0rCSkbQ=
Subject key identifier: EC:83:9B:21:7F:20:10:CC:86:1F:29:03:AA:FA:9B:4F:A2:F6:AA:49
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4932
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7IObIX8gEMyGHykDqvqbT6L2qkk.roa
Signing time: Fri 26 Apr 2024 04:23:33 +0000
ROA not before: Fri 26 Apr 2024 04:23:33 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18738 (0x4932)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 26 04:23:33 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EC839B217F2010CC861F2903AAFA9B4FA2F6AA49
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:19:c1:3f:04:0b:dc:bc:40:14:27:5b:fa:1b:
d4:9c:b1:da:87:eb:7e:a3:c7:aa:53:dd:45:d6:0a:
6c:5f:39:04:80:4f:41:cb:2f:c7:27:4c:69:b5:86:
50:be:a3:42:1f:56:31:6d:81:c6:45:d1:ab:b3:a3:
6c:ac:d4:39:29:9a:2e:92:97:e8:06:0d:a9:42:dd:
a0:b0:bb:7b:c1:48:de:a3:c8:f4:4d:05:38:81:6a:
22:bf:c5:4d:05:d9:e7:de:f2:c5:e9:84:58:9f:a9:
60:88:0c:b9:ac:78:c0:b6:2d:09:05:a2:43:d4:1c:
52:ee:67:fc:f0:0e:00:70:a2:ab:07:16:1e:91:34:
17:47:c4:f0:c0:67:14:8e:71:06:78:83:04:dc:f4:
08:bf:81:2f:d4:39:d0:c4:f1:cd:e5:1b:b7:1b:0d:
d4:db:33:10:9c:73:b1:27:6d:f8:db:a3:94:04:5a:
c9:b5:2d:ed:d9:92:89:04:b4:d9:49:07:21:f2:23:
8b:3b:4b:86:c9:1c:b4:51:5b:50:06:65:a1:99:55:
77:67:e4:d3:d2:70:6f:71:63:14:8b:48:23:1e:d5:
f1:4c:9a:7d:61:a7:39:f5:cb:6c:b0:75:f0:b0:aa:
f3:a2:74:83:b8:45:d6:23:45:c3:5a:d0:f9:f8:64:
d7:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:83:9B:21:7F:20:10:CC:86:1F:29:03:AA:FA:9B:4F:A2:F6:AA:49
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7IObIX8gEMyGHykDqvqbT6L2qkk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8e:34:af:a4:d3:fd:88:3a:9d:82:86:bd:11:a8:a7:24:0d:ec:
b1:78:64:28:cd:a7:fb:ad:10:24:10:49:9f:99:dd:a9:1b:f2:
6f:73:e0:f8:bb:58:c2:62:2a:3d:15:54:19:1e:87:f8:11:c7:
e5:fc:cf:4b:85:79:bd:08:48:54:52:03:2d:ec:48:d9:37:70:
f3:21:29:d0:6f:40:13:17:ef:cd:5a:61:99:69:61:73:f7:82:
81:70:ca:3a:c3:e1:c8:73:ff:f0:e1:81:c9:aa:54:5d:f3:ad:
4e:8b:9e:8e:5d:1d:52:18:ff:28:45:24:a9:44:fb:e8:d2:6e:
c9:86:71:8c:97:4a:9a:53:4a:49:2e:0d:56:f8:b5:78:03:7b:
8c:3c:7e:14:d7:45:3d:ad:40:53:f1:b7:c6:62:f1:04:bc:2a:
f2:1f:da:38:c6:7e:c2:5a:85:8e:92:8e:97:8f:35:4b:c0:3f:
c0:e4:99:5a:e0:7a:c4:7f:46:26:3d:24:9a:e8:aa:04:40:1c:
d2:74:c5:d2:53:5a:7e:12:62:e2:0f:63:e0:34:36:2a:bf:4f:
52:83:91:50:c9:e5:76:cd:69:6c:ae:b5:23:3f:92:94:f9:62:
63:62:6f:7d:93:95:1b:bd:8a:a1:6d:96:69:ab:63:cf:32:a3:
45:39:db:1f
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSTIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjYw
NDIzMzNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVDODM5QjIxN0YyMDEw
Q0M4NjFGMjkwM0FBRkE5QjRGQTJGNkFBNDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUGcE/BAvcvEAUJ1v6G9ScsdqH636jx6pT3UXWCmxfOQSAT0HL
L8cnTGm1hlC+o0IfVjFtgcZF0auzo2ys1Dkpmi6Sl+gGDalC3aCwu3vBSN6jyPRN
BTiBaiK/xU0F2efe8sXphFifqWCIDLmseMC2LQkFokPUHFLuZ/zwDgBwoqsHFh6R
NBdHxPDAZxSOcQZ4gwTc9Ai/gS/UOdDE8c3lG7cbDdTbMxCcc7Enbfjbo5QEWsm1
Le3ZkokEtNlJByHyI4s7S4bJHLRRW1AGZaGZVXdn5NPScG9xYxSLSCMe1fFMmn1h
pzn1y2ywdfCwqvOidIO4RdYjRcNa0Pn4ZNf/AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU7IObIX8gEMyGHykDqvqbT6L2qkkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdJT2JJWDhnRU15R0h5
a0RxdnFiVDZMMnFray5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAjjSvpNP9iDqdgoa9EainJA3ssXhkKM2n
+60QJBBJn5ndqRvyb3Pg+LtYwmIqPRVUGR6H+BHH5fzPS4V5vQhIVFIDLexI2Tdw
8yEp0G9AExfvzVphmWlhc/eCgXDKOsPhyHP/8OGByapUXfOtTouejl0dUhj/KEUk
qUT76NJuyYZxjJdKmlNKSS4NVvi1eAN7jDx+FNdFPa1AU/G3xmLxBLwq8h/aOMZ+
wlqFjpKOl481S8A/wOSZWuB6xH9GJj0kmuiqBEAc0nTF0lNafhJi4g9j4DQ2Kr9P
UoORUMnlds1pbK61Iz+SlPliY2JvfZOVG72KoW2WaatjzzKjRTnbHw==
-----END CERTIFICATE-----
Generated at Fri Apr 26 11:11:40 2024 by rpki-client on console.sobornost.net