Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AQro_Kc9GmI5W8oC8jyhJbKGN8s.roa
File: AQro_Kc9GmI5W8oC8jyhJbKGN8s.roa (raw, json)
Hash identifier: mnkjDK3C63iu0i7riz7Sml1ebUqjqU8LlC0M2wSZ0js=
Subject key identifier: 01:0A:E8:FC:A7:3D:1A:62:39:5B:CA:02:F2:3C:A1:25:B2:86:37:CB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4BCE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AQro_Kc9GmI5W8oC8jyhJbKGN8s.roa
Signing time: Mon 29 Apr 2024 15:53:34 +0000
ROA not before: Mon 29 Apr 2024 15:53:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19406 (0x4bce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 15:53:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=010AE8FCA73D1A62395BCA02F23CA125B28637CB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ae:00:09:3e:80:4d:b5:44:6f:4b:d3:3e:1b:
cc:90:09:46:23:1a:e0:bf:ac:0b:97:28:5a:4e:34:
7d:7f:07:3d:bd:57:ae:c8:9f:34:2e:65:ea:42:fb:
c6:f7:94:e9:ce:1c:7a:1f:67:b8:ba:c9:1d:1f:d0:
ae:b7:4e:0a:dd:18:5e:ba:06:24:8f:8f:c2:c2:1b:
e4:ce:23:e3:e8:03:1b:c2:b5:d9:88:0b:5d:12:1d:
55:79:28:e2:ec:b5:49:59:39:ba:17:b6:b7:bc:a0:
64:a7:f1:27:16:2c:67:58:82:7a:27:54:41:69:7c:
06:50:38:8c:ba:90:7b:0d:39:85:86:16:e6:d2:b3:
48:69:de:94:05:f0:06:28:b2:69:84:8b:3d:89:83:
b4:1c:b3:d2:f6:9d:a2:4a:76:20:12:2b:08:c4:78:
65:bf:24:07:3a:0a:7e:ed:13:fd:f2:c3:62:d8:3e:
22:d8:c2:25:26:44:04:eb:35:4f:87:be:9c:3d:1c:
1a:8a:07:1f:ad:ba:25:ca:da:62:c4:fa:c5:09:7f:
6c:8d:1b:0a:5e:98:27:f2:fd:97:d8:36:f9:59:a6:
b7:c3:c0:de:ab:c3:db:67:1c:39:6d:1e:cf:f3:40:
88:54:ce:6e:32:14:d1:d0:81:dd:61:94:e2:a5:5b:
79:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:0A:E8:FC:A7:3D:1A:62:39:5B:CA:02:F2:3C:A1:25:B2:86:37:CB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AQro_Kc9GmI5W8oC8jyhJbKGN8s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6f:e4:4b:17:57:d7:48:0c:4e:24:1e:eb:f7:66:43:9c:c1:0d:
65:7c:9a:eb:02:2d:d7:fb:d5:e4:c8:c5:c7:d2:a3:bb:5e:3d:
77:f1:61:61:7a:09:dc:9e:61:c4:0b:a0:36:ce:6a:c6:41:42:
f3:32:23:59:d7:f4:31:6d:63:14:c7:22:c8:86:82:09:39:59:
20:dd:9c:d1:03:ee:1c:e3:4a:0a:ad:b2:1c:f1:bc:98:2d:4b:
a7:59:25:a9:74:9d:74:51:3d:d8:cc:1f:4d:04:0a:f4:c7:1b:
a8:1c:b8:0f:40:73:87:46:30:ec:cb:1d:11:d9:ef:bc:e3:c3:
f8:ac:af:b2:a7:5f:cc:ef:12:8f:36:bf:99:4d:ef:d4:94:0d:
9c:3e:3c:a9:f3:4c:c4:9c:02:fe:e2:f3:c0:80:f9:b7:62:60:
e3:15:d7:d1:3a:50:89:25:9e:bd:82:55:7b:27:fd:ed:7f:ab:
4f:5b:52:6a:37:e0:f4:c7:76:d7:6b:c8:9b:d3:35:7e:e6:12:
78:33:11:e2:19:e9:ca:64:22:b8:21:f9:70:0d:8b:f4:62:91:
43:79:12:3f:a7:1b:dc:7d:9f:ab:50:53:aa:dc:b3:6e:6c:22:
8a:b0:de:31:8e:3d:69:ce:d6:5b:31:30:9d:5b:44:cd:5b:11:
7d:b5:a8:4a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICS84wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkx
NTUzMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAxMEFFOEZDQTczRDFB
NjIzOTVCQ0EwMkYyM0NBMTI1QjI4NjM3Q0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCgrgAJPoBNtURvS9M+G8yQCUYjGuC/rAuXKFpONH1/Bz29V67I
nzQuZepC+8b3lOnOHHofZ7i6yR0f0K63TgrdGF66BiSPj8LCG+TOI+PoAxvCtdmI
C10SHVV5KOLstUlZOboXtre8oGSn8ScWLGdYgnonVEFpfAZQOIy6kHsNOYWGFubS
s0hp3pQF8AYosmmEiz2Jg7Qcs9L2naJKdiASKwjEeGW/JAc6Cn7tE/3yw2LYPiLY
wiUmRATrNU+Hvpw9HBqKBx+tuiXK2mLE+sUJf2yNGwpemCfy/ZfYNvlZprfDwN6r
w9tnHDltHs/zQIhUzm4yFNHQgd1hlOKlW3n5AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUAQro/Kc9GmI5W8oC8jyhJbKGN8swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FRcm9fS2M5R21JNVc4
b0M4anloSmJLR044cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAb+RLF1fXSAxOJB7r92ZDnMENZXya6wIt
1/vV5MjFx9Kju149d/FhYXoJ3J5hxAugNs5qxkFC8zIjWdf0MW1jFMciyIaCCTlZ
IN2c0QPuHONKCq2yHPG8mC1Lp1klqXSddFE92MwfTQQK9McbqBy4D0Bzh0Yw7Msd
EdnvvOPD+KyvsqdfzO8Sjza/mU3v1JQNnD48qfNMxJwC/uLzwID5t2Jg4xXX0TpQ
iSWevYJVeyf97X+rT1tSajfg9Md212vIm9M1fuYSeDMR4hnpymQiuCH5cA2L9GKR
Q3kSP6cb3H2fq1BTqtyzbmwiirDeMY49ac7WWzEwnVtEzVsRfbWoSg==
-----END CERTIFICATE-----
Generated at Mon Apr 29 22:52:33 2024 by rpki-client on console.sobornost.net