Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BQTO-uNDC2v2g67yEZcSJdweRwE.roa
File: BQTO-uNDC2v2g67yEZcSJdweRwE.roa (raw, json)
Hash identifier: mlW2OkWu5LtG3dMU1B8gD64+4zyBH9I783tOcZD7OOY=
Subject key identifier: 05:04:CE:FA:E3:43:0B:6B:F6:83:AE:F2:11:97:12:25:DC:1E:47:01
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 406A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BQTO-uNDC2v2g67yEZcSJdweRwE.roa
Signing time: Sun 14 Apr 2024 11:22:52 +0000
ROA not before: Sun 14 Apr 2024 11:22:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16490 (0x406a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 11:22:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0504CEFAE3430B6BF683AEF211971225DC1E4701
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:c9:b2:2f:82:0d:ab:94:31:12:3d:a2:89:b9:
e0:18:a0:ec:25:dd:54:e6:1a:0e:45:1f:e2:f7:82:
1c:28:80:a2:14:fb:c1:8f:75:9e:b2:20:81:42:22:
70:4a:ad:f5:98:65:d5:de:8c:05:57:6e:92:d5:91:
70:51:c4:13:20:17:b9:c6:8e:9b:12:2c:40:ad:26:
6d:8f:86:e8:9b:f3:ef:85:bc:4d:7b:13:b4:20:63:
01:6a:ec:b1:71:35:9f:c0:3d:5e:9e:e1:ae:b8:1e:
a6:30:cc:34:1d:22:c9:75:1a:7f:e3:7e:3e:48:e8:
4f:d4:fa:77:da:75:a6:87:e4:73:5a:04:b2:18:f5:
15:4e:76:3e:71:e3:47:f8:9a:b7:08:69:3a:73:9f:
26:23:ca:40:0c:58:44:b3:a0:10:6c:1a:91:8d:eb:
45:8a:f9:31:1e:ee:48:03:69:5a:67:28:df:cf:ef:
63:dd:04:ab:50:f6:e0:f7:af:73:e2:fb:e5:9a:86:
c6:0a:80:15:9b:9e:0f:e2:53:7a:74:7d:51:c6:00:
d4:a3:75:90:81:b5:31:2a:e7:96:1e:ec:a6:a8:f6:
b1:24:b1:8c:79:11:2d:53:c2:8c:65:09:c8:cf:f5:
e9:61:d3:17:34:e5:1a:fa:55:37:42:6b:b9:c8:5d:
6b:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:04:CE:FA:E3:43:0B:6B:F6:83:AE:F2:11:97:12:25:DC:1E:47:01
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BQTO-uNDC2v2g67yEZcSJdweRwE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
22:2c:5b:6a:dd:70:b4:6c:87:44:89:ea:53:74:c4:2f:a1:78:
f4:5e:c8:d8:74:53:3f:ef:39:95:a1:4b:7a:b3:18:38:0a:3b:
62:74:5b:d3:8f:8f:7f:3b:5f:0a:64:c3:27:2b:90:be:7d:6c:
9d:95:4c:72:4f:84:52:11:bb:a4:32:a2:be:dd:ef:5a:d3:49:
61:b9:87:85:61:6a:8a:0b:83:d3:bf:34:0c:a9:dd:c9:58:0e:
d4:e5:26:ff:b9:b9:88:ed:43:69:dd:83:44:e2:40:26:5c:e7:
e0:a4:ca:66:b9:7d:25:04:d7:1d:d3:8c:0a:05:14:39:3b:8a:
0c:7d:36:e6:78:88:dd:84:ee:45:ff:16:85:69:7e:1d:25:61:
83:f1:af:30:34:29:9d:ec:46:41:da:8a:a5:c9:b1:39:8f:cc:
e9:fe:13:66:45:78:dc:bb:d0:8d:5a:39:92:10:c8:34:00:05:
18:aa:e7:38:09:f7:00:98:22:ed:a7:23:9a:d6:f6:ac:f5:5f:
c2:7d:b9:b7:ea:6c:ce:e7:8c:d4:4b:2d:fa:00:bc:8f:ed:6d:
f2:97:be:2d:a0:83:d4:c1:c3:3e:27:86:ec:a3:c5:cf:b1:10:
46:0b:4d:b4:c3:39:e8:45:95:8c:29:65:c6:cd:bb:e1:db:85:
74:e5:76:39
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQGowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQx
MTIyNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA1MDRDRUZBRTM0MzBC
NkJGNjgzQUVGMjExOTcxMjI1REMxRTQ3MDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFybIvgg2rlDESPaKJueAYoOwl3VTmGg5FH+L3ghwogKIU+8GP
dZ6yIIFCInBKrfWYZdXejAVXbpLVkXBRxBMgF7nGjpsSLECtJm2Phuib8++FvE17
E7QgYwFq7LFxNZ/APV6e4a64HqYwzDQdIsl1Gn/jfj5I6E/U+nfadaaH5HNaBLIY
9RVOdj5x40f4mrcIaTpznyYjykAMWESzoBBsGpGN60WK+TEe7kgDaVpnKN/P72Pd
BKtQ9uD3r3Pi++WahsYKgBWbng/iU3p0fVHGANSjdZCBtTEq55Ye7Kao9rEksYx5
ES1TwoxlCcjP9elh0xc05Rr6VTdCa7nIXWsJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUBQTO+uNDC2v2g67yEZcSJdweRwEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JRVE8tdU5EQzJ2Mmc2
N3lFWmNTSmR3ZVJ3RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAIixbat1wtGyHRInqU3TEL6F49F7I2HRT
P+85laFLerMYOAo7YnRb04+PfztfCmTDJyuQvn1snZVMck+EUhG7pDKivt3vWtNJ
YbmHhWFqiguD0780DKndyVgO1OUm/7m5iO1Dad2DROJAJlzn4KTKZrl9JQTXHdOM
CgUUOTuKDH025niI3YTuRf8WhWl+HSVhg/GvMDQpnexGQdqKpcmxOY/M6f4TZkV4
3LvQjVo5khDINAAFGKrnOAn3AJgi7acjmtb2rPVfwn25t+pszueM1Est+gC8j+1t
8pe+LaCD1MHDPieG7KPFz7EQRgtNtMM56EWVjCllxs274duFdOV2OQ==
-----END CERTIFICATE-----
Generated at Sun Apr 14 16:37:35 2024 by rpki-client on console.sobornost.net