Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7NJbdmTHoRpVnQLdYJfSeOBXAs0.roa
File: 7NJbdmTHoRpVnQLdYJfSeOBXAs0.roa (raw, json)
Hash identifier: DSs6ZTrlY8OF2NcSCxcfzKXcd2e8P8QorTkwANEgNO4=
Subject key identifier: EC:D2:5B:76:64:C7:A1:1A:55:9D:02:DD:60:97:D2:78:E0:57:02:CD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 557A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7NJbdmTHoRpVnQLdYJfSeOBXAs0.roa
Signing time: Sun 12 May 2024 13:24:15 +0000
ROA not before: Sun 12 May 2024 13:24:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21882 (0x557a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 13:24:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ECD25B7664C7A11A559D02DD6097D278E05702CD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:9f:72:a7:21:6c:6e:91:ee:43:87:1a:5e:9f:
8c:61:14:f6:6d:b9:ca:b3:0f:12:5e:55:8e:0f:e3:
90:4f:b2:e0:8b:b3:3e:b4:45:20:8d:f7:1a:e4:74:
8e:e0:af:31:d9:c3:63:f3:d8:87:7b:51:4f:41:99:
38:f0:a5:fd:57:b1:f3:b2:ab:b3:76:aa:a6:6e:24:
84:85:2f:72:a6:cf:01:76:c8:27:01:cb:2d:8b:89:
50:0f:35:83:01:6f:db:dd:97:4c:6c:b7:5f:e5:75:
d1:49:58:17:3f:f2:89:50:cc:ab:48:0a:b7:c3:ee:
fc:41:c8:fd:72:6d:14:b2:0b:81:2c:8d:38:20:89:
e8:8b:e7:93:8b:0b:b2:e1:c5:2d:97:f0:30:c2:c2:
fa:fc:04:23:2b:18:ab:2c:e2:d2:ad:32:ed:0a:d3:
11:ea:aa:7a:28:d2:02:54:d5:ab:d2:f3:28:05:9e:
bb:65:53:30:cc:db:f2:f2:4a:41:d5:cd:79:18:e5:
c6:f2:0d:b2:1d:aa:9d:36:ea:90:6c:67:52:7f:a6:
54:8f:fb:2c:30:5d:ba:dd:56:ff:3c:79:53:34:12:
e1:f4:dc:6a:9b:d6:8b:87:fe:11:0e:10:44:bb:79:
91:a9:2d:5d:56:59:b9:98:44:07:2d:c7:76:ce:c9:
4f:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:D2:5B:76:64:C7:A1:1A:55:9D:02:DD:60:97:D2:78:E0:57:02:CD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7NJbdmTHoRpVnQLdYJfSeOBXAs0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
89:f0:b9:27:bd:fc:11:c0:1c:ce:1f:1d:90:5b:17:fc:93:60:
1c:ca:bc:d0:1c:03:98:52:a4:93:0a:d6:df:c9:0a:84:5e:19:
ad:2b:74:4f:76:4c:bc:0f:a0:e7:cf:5a:ab:84:e5:e4:48:41:
cd:9b:b2:ee:6c:f0:da:16:98:93:45:2e:c1:52:bb:fb:62:75:
2c:33:6a:81:a7:1a:c1:ab:04:89:62:72:52:c8:22:f9:05:55:
21:f4:a3:c8:b7:09:76:dd:06:c3:25:5e:7a:aa:c9:64:13:57:
ef:ca:d0:9e:4e:c9:64:0f:75:e1:87:f3:52:8f:d7:ca:25:30:
ab:fe:ea:b3:6f:fb:ba:c8:bf:3a:91:27:52:06:d2:4e:7e:4e:
e5:0b:59:5f:b1:96:61:81:6d:a6:2a:bc:f0:59:ed:32:66:e1:
4f:33:60:37:96:16:3f:5d:38:40:79:89:29:ef:fb:15:4e:45:
55:39:95:98:55:e0:a5:8f:94:e5:2f:f2:08:76:2d:24:7d:9d:
9e:5a:01:e8:36:55:e2:af:94:2a:9d:c1:19:1b:9d:d3:29:79:
5f:46:a6:04:b9:c2:8c:a3:19:82:ac:28:ea:36:26:95:a2:d5:
f5:aa:bc:61:3d:f7:ca:49:be:39:1c:28:ec:1f:00:5d:ef:2a:
be:36:1a:5a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVXowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIx
MzI0MTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVDRDI1Qjc2NjRDN0Ex
MUE1NTlEMDJERDYwOTdEMjc4RTA1NzAyQ0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD0n3KnIWxuke5Dhxpen4xhFPZtucqzDxJeVY4P45BPsuCLsz60
RSCN9xrkdI7grzHZw2Pz2Id7UU9BmTjwpf1XsfOyq7N2qqZuJISFL3KmzwF2yCcB
yy2LiVAPNYMBb9vdl0xst1/lddFJWBc/8olQzKtICrfD7vxByP1ybRSyC4EsjTgg
ieiL55OLC7LhxS2X8DDCwvr8BCMrGKss4tKtMu0K0xHqqnoo0gJU1avS8ygFnrtl
UzDM2/LySkHVzXkY5cbyDbIdqp026pBsZ1J/plSP+ywwXbrdVv88eVM0EuH03Gqb
1ouH/hEOEES7eZGpLV1WWbmYRActx3bOyU8vAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU7NJbdmTHoRpVnQLdYJfSeOBXAs0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdOSmJkbVRIb1JwVm5R
TGRZSmZTZU9CWEFzMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAifC5J738EcAczh8dkFsX/JNgHMq80BwD
mFKkkwrW38kKhF4ZrSt0T3ZMvA+g589aq4Tl5EhBzZuy7mzw2haYk0UuwVK7+2J1
LDNqgacawasEiWJyUsgi+QVVIfSjyLcJdt0GwyVeeqrJZBNX78rQnk7JZA914Yfz
Uo/XyiUwq/7qs2/7usi/OpEnUgbSTn5O5QtZX7GWYYFtpiq88FntMmbhTzNgN5YW
P104QHmJKe/7FU5FVTmVmFXgpY+U5S/yCHYtJH2dnloB6DZV4q+UKp3BGRud0yl5
X0amBLnCjKMZgqwo6jYmlaLV9aq8YT33ykm+ORwo7B8AXe8qvjYaWg==
Generated at Sun May 12 16:26:51 2024 by rpki-client on console.sobornost.net