Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Awr_xDVmV3ZifE5ODfnYZBXvke8.roa
File: Awr_xDVmV3ZifE5ODfnYZBXvke8.roa (raw, json)
Hash identifier: APRtPZ5iSzcimSAqvPrNhhMHPhc3lHiZYazutHRKG7I=
Subject key identifier: 03:0A:FF:C4:35:66:57:76:62:7C:4E:4E:0D:F9:D8:64:15:EF:91:EF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4402
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Awr_xDVmV3ZifE5ODfnYZBXvke8.roa
Signing time: Fri 19 Apr 2024 06:23:00 +0000
ROA not before: Fri 19 Apr 2024 06:23:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17410 (0x4402)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 06:23:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=030AFFC435665776627C4E4E0DF9D86415EF91EF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:64:03:2f:29:a8:27:cc:39:df:fc:35:fb:94:
17:8b:88:e9:6c:f7:95:c8:75:85:ea:96:97:ea:ee:
a2:3c:5c:3e:e1:a0:e4:d1:94:92:44:0f:9c:6b:42:
7f:c4:62:c8:f7:fd:1a:f3:0f:cc:5b:5d:a2:8d:7a:
b1:c3:16:6c:f8:24:b4:84:be:b1:48:eb:9e:f0:df:
b5:99:f4:65:14:e9:f7:9d:ab:17:be:90:80:c0:13:
e7:1d:9d:70:49:b5:a6:7c:0e:df:10:60:28:8c:92:
0f:c2:fa:18:f4:db:d3:52:d8:e1:91:f4:08:76:36:
ab:e5:54:22:a0:b2:9a:fa:8f:e2:7b:fa:ef:33:a1:
70:87:41:b9:16:ce:f9:94:4e:81:37:b4:c2:88:5c:
11:79:5c:90:01:f8:31:92:a9:81:aa:a1:45:35:5d:
02:d1:4e:96:b5:9e:15:75:fa:ab:ab:7b:b9:8a:9d:
fc:cc:82:2b:4c:96:9d:7c:cf:28:d2:7f:54:2c:27:
a6:bb:80:20:33:06:e0:b5:84:0b:55:ef:ee:2a:42:
7b:12:d5:b0:8e:b3:29:78:84:3a:d7:2a:ad:ad:bc:
41:c5:ed:63:96:f6:ab:da:9c:fc:45:2f:cd:c1:07:
0c:27:8e:dc:4d:ba:63:41:6a:b3:b2:21:21:d9:6a:
21:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:0A:FF:C4:35:66:57:76:62:7C:4E:4E:0D:F9:D8:64:15:EF:91:EF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Awr_xDVmV3ZifE5ODfnYZBXvke8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7d:2b:5b:93:b8:da:d6:d4:4a:22:89:e7:b5:2f:6d:63:5b:ce:
5e:04:76:4c:e1:23:ab:21:13:2e:e7:70:07:9b:aa:d8:6b:c0:
21:ad:f3:d2:4e:82:6b:1f:89:db:f3:37:39:1d:16:9f:31:24:
36:49:8c:5c:ce:7f:4d:1f:86:aa:ea:eb:24:8b:7f:fa:1e:e0:
70:75:12:14:b0:36:05:5f:96:1e:52:0d:c4:24:db:1c:83:61:
bb:a4:3d:fa:a8:3b:9f:a4:42:02:53:2a:d6:af:51:ae:ef:4c:
83:cd:90:02:f9:62:e3:b2:19:8a:5f:21:f9:7d:4c:37:55:c6:
17:c1:f5:f6:ea:2b:17:3f:de:da:5e:58:1a:02:86:67:8f:91:
ae:b1:31:65:48:f9:83:62:14:ce:0e:04:1a:f1:c8:7d:18:d4:
65:2a:80:3b:e0:db:89:da:3b:8f:f2:aa:b4:d8:c5:b5:22:03:
3d:21:5d:c8:4d:cc:a3:27:7d:02:b2:a9:40:d2:da:18:c1:2e:
37:46:42:32:99:2b:7b:81:20:08:b4:cb:13:d8:68:17:be:0a:
cc:2a:2a:42:9a:f6:7c:f6:6f:1f:22:89:5e:0e:f6:f8:5d:53:
b8:96:f0:0c:b6:4e:4e:70:24:e0:cf:30:10:56:d9:b8:71:e3:
ca:fd:4c:48
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRAIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkw
NjIzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAzMEFGRkM0MzU2NjU3
NzY2MjdDNEU0RTBERjlEODY0MTVFRjkxRUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmZAMvKagnzDnf/DX7lBeLiOls95XIdYXqlpfq7qI8XD7hoOTR
lJJED5xrQn/EYsj3/RrzD8xbXaKNerHDFmz4JLSEvrFI657w37WZ9GUU6fedqxe+
kIDAE+cdnXBJtaZ8Dt8QYCiMkg/C+hj029NS2OGR9Ah2NqvlVCKgspr6j+J7+u8z
oXCHQbkWzvmUToE3tMKIXBF5XJAB+DGSqYGqoUU1XQLRTpa1nhV1+qure7mKnfzM
gitMlp18zyjSf1QsJ6a7gCAzBuC1hAtV7+4qQnsS1bCOsyl4hDrXKq2tvEHF7WOW
9qvanPxFL83BBwwnjtxNumNBarOyISHZaiEDAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUAwr/xDVmV3ZifE5ODfnYZBXvke8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0F3cl94RFZtVjNaaWZF
NU9EZm5ZWkJYdmtlOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAfStbk7ja1tRKIonntS9tY1vOXgR2TOEj
qyETLudwB5uq2GvAIa3z0k6Cax+J2/M3OR0WnzEkNkmMXM5/TR+GqurrJIt/+h7g
cHUSFLA2BV+WHlINxCTbHINhu6Q9+qg7n6RCAlMq1q9Rru9Mg82QAvli47IZil8h
+X1MN1XGF8H19uorFz/e2l5YGgKGZ4+RrrExZUj5g2IUzg4EGvHIfRjUZSqAO+Db
ido7j/KqtNjFtSIDPSFdyE3Moyd9ArKpQNLaGMEuN0ZCMpkre4EgCLTLE9hoF74K
zCoqQpr2fPZvHyKJXg72+F1TuJbwDLZOTnAk4M8wEFbZuHHjyv1MSA==
-----END CERTIFICATE-----
Generated at Fri Apr 19 13:04:05 2024 by rpki-client on console.sobornost.net