Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7oznAT2yxln0KnZTPCvASW7CGew.roa
File: 7oznAT2yxln0KnZTPCvASW7CGew.roa (raw, json)
Hash identifier: tVXgzSe2e4YjNNNcdnnyMfPsodeo0roamYnpspejhsY=
Subject key identifier: EE:8C:E7:01:3D:B2:C6:59:F4:2A:76:53:3C:2B:C0:49:6E:C2:19:EC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 544E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7oznAT2yxln0KnZTPCvASW7CGew.roa
Signing time: Fri 10 May 2024 23:54:07 +0000
ROA not before: Fri 10 May 2024 23:54:07 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21582 (0x544e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 23:54:07 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EE8CE7013DB2C659F42A76533C2BC0496EC219EC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:4c:94:ff:67:0d:cd:c6:ab:2f:9c:2b:96:31:
a8:47:c1:e5:06:ec:0e:6f:59:41:8d:23:77:fb:66:
79:4d:9e:cd:39:99:ff:ea:04:3c:53:cf:1a:c1:33:
df:a9:3e:aa:6f:cd:19:1f:1a:86:43:de:88:07:3a:
2c:05:87:43:c5:7e:b3:fc:44:60:33:22:ca:d6:ec:
15:ce:d1:cc:e5:de:de:bb:9f:f9:01:94:f0:0f:0c:
41:37:84:fb:c0:fb:e7:31:b1:0c:a8:fc:e5:07:36:
fb:55:33:c0:ba:15:f5:99:1d:1b:71:b4:0b:ea:90:
fe:29:47:13:d7:44:5d:45:b9:84:b8:f5:c6:d5:85:
18:dd:a4:df:08:cc:88:32:20:f9:b7:b4:55:33:79:
ff:0f:c8:8b:97:36:e8:ab:c6:45:94:2d:45:db:98:
48:2f:20:bf:c9:c0:49:ac:43:70:04:fa:82:87:a9:
e8:3c:21:77:77:32:64:2c:10:14:b7:5b:ef:b1:b6:
a3:1a:fa:77:fc:ad:25:8f:5a:94:7a:7d:75:c2:92:
6b:4b:93:da:b7:e2:eb:25:e4:89:ec:8b:95:14:76:
de:f9:43:75:cd:a5:cc:7b:21:d5:7f:22:34:33:99:
1e:45:0c:f1:f6:96:ef:7d:8d:5a:70:83:c4:60:6b:
0f:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:8C:E7:01:3D:B2:C6:59:F4:2A:76:53:3C:2B:C0:49:6E:C2:19:EC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7oznAT2yxln0KnZTPCvASW7CGew.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ae:28:83:4e:09:1c:ac:0b:17:52:d8:d6:04:93:55:39:9b:6c:
56:d8:5e:86:aa:e7:09:cb:2f:42:1a:ca:40:5d:e8:39:75:1e:
88:ee:9f:5e:cb:ff:5c:87:db:57:70:21:33:2c:dd:ea:9b:b6:
91:05:f1:8d:bb:64:43:a4:4e:c5:09:cc:ab:9e:a4:8d:6a:bb:
7f:cf:86:7c:87:15:e9:0e:6b:d5:fc:66:f6:3f:f6:e7:e8:30:
e6:44:7d:10:4b:2c:4d:88:0a:26:82:8b:04:00:c0:9c:81:f0:
e4:8c:e6:92:ca:0d:d8:55:88:97:be:70:6a:6e:98:b8:ab:4b:
27:05:eb:b7:56:73:4c:79:86:8e:36:f3:34:62:54:f8:32:9c:
41:5a:24:cc:ed:ef:c8:4d:07:28:a2:cc:3e:40:16:08:18:17:
1d:d4:40:e6:cc:8e:32:b3:a9:a0:9e:92:34:f2:bc:91:b9:8c:
d2:57:7a:75:64:ea:92:3e:c3:2f:1b:12:7e:0d:e1:51:86:29:
62:be:2e:5f:53:ec:f8:96:23:39:33:26:ff:58:4d:97:d1:bc:
0b:7f:a8:ef:de:9d:3c:e5:53:23:5f:16:2b:00:1e:a7:1e:5e:
65:ee:4b:a5:bb:83:50:ab:ed:8f:01:89:58:ad:db:25:42:c7:
c9:3a:5b:a9
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVE4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAy
MzU0MDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVFOENFNzAxM0RCMkM2
NTlGNDJBNzY1MzNDMkJDMDQ5NkVDMjE5RUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHTJT/Zw3NxqsvnCuWMahHweUG7A5vWUGNI3f7ZnlNns05mf/q
BDxTzxrBM9+pPqpvzRkfGoZD3ogHOiwFh0PFfrP8RGAzIsrW7BXO0czl3t67n/kB
lPAPDEE3hPvA++cxsQyo/OUHNvtVM8C6FfWZHRtxtAvqkP4pRxPXRF1FuYS49cbV
hRjdpN8IzIgyIPm3tFUzef8PyIuXNuirxkWULUXbmEgvIL/JwEmsQ3AE+oKHqeg8
IXd3MmQsEBS3W++xtqMa+nf8rSWPWpR6fXXCkmtLk9q34usl5Insi5UUdt75Q3XN
pcx7IdV/IjQzmR5FDPH2lu99jVpwg8Rgaw/bAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU7oznAT2yxln0KnZTPCvASW7CGewwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Lzdvem5BVDJ5eGxuMEtu
WlRQQ3ZBU1c3Q0dldy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAriiDTgkcrAsXUtjWBJNVOZtsVthehqrn
CcsvQhrKQF3oOXUeiO6fXsv/XIfbV3AhMyzd6pu2kQXxjbtkQ6ROxQnMq56kjWq7
f8+GfIcV6Q5r1fxm9j/25+gw5kR9EEssTYgKJoKLBADAnIHw5IzmksoN2FWIl75w
am6YuKtLJwXrt1ZzTHmGjjbzNGJU+DKcQVokzO3vyE0HKKLMPkAWCBgXHdRA5syO
MrOpoJ6SNPK8kbmM0ld6dWTqkj7DLxsSfg3hUYYpYr4uX1Ps+JYjOTMm/1hNl9G8
C3+o796dPOVTI18WKwAepx5eZe5LpbuDUKvtjwGJWK3bJULHyTpbqQ==
-----END CERTIFICATE-----
Generated at Sat May 11 14:26:45 2024 by rpki-client on console.sobornost.net