Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BiSQ8aWvBm6PY_KXR-l3XfycpIk.roa
File: BiSQ8aWvBm6PY_KXR-l3XfycpIk.roa (raw, json)
Hash identifier: nlVIp6yxUmQ99v7aqwbydpq9IjhnZ1SCOUQ5MCfqiak=
Subject key identifier: 06:24:90:F1:A5:AF:06:6E:8F:63:F2:97:47:E9:77:5D:FC:9C:A4:89
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E42
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BiSQ8aWvBm6PY_KXR-l3XfycpIk.roa
Signing time: Thu 11 Apr 2024 14:23:14 +0000
ROA not before: Thu 11 Apr 2024 14:23:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15938 (0x3e42)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 14:23:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=062490F1A5AF066E8F63F29747E9775DFC9CA489
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:18:99:01:0d:99:49:22:42:e7:50:e8:8d:14:
bf:9a:38:09:0b:d7:1c:be:e9:02:06:f9:36:65:4c:
9d:d0:1f:d2:78:aa:7e:3d:37:e5:13:52:fc:42:e4:
46:6d:43:8b:e1:4a:b2:62:98:e9:b8:4a:a9:8d:e9:
83:b2:54:e9:9a:aa:61:8e:3f:7a:6a:d1:37:b3:79:
bf:dc:01:e0:81:5c:de:12:b9:fb:08:45:76:22:8b:
b7:8c:b4:16:4b:b0:1d:c5:0b:c9:3e:a6:7f:93:e6:
e0:ba:dc:37:f5:61:81:2d:45:91:25:61:50:cc:bf:
55:b7:ed:15:de:67:c6:af:61:f6:b4:f5:6f:9d:ee:
28:3c:53:49:a7:51:a0:34:80:0a:ec:90:9d:8f:8c:
0c:36:53:e1:46:aa:68:fb:a4:aa:d9:3e:19:4b:60:
2f:a3:b7:12:ed:d2:f7:87:2e:67:a8:4b:fc:f6:40:
a6:0f:ab:d9:76:bb:da:81:ba:1e:d3:fa:27:c3:02:
d9:6b:55:0b:dd:f6:63:ac:10:5f:33:3f:39:5a:e4:
48:b1:f8:69:39:85:40:2e:4b:cb:ed:45:51:b5:15:
f7:9a:a6:43:d1:a0:4d:ab:89:37:1e:05:98:41:32:
c1:ff:d8:86:a3:ab:98:7f:31:ad:cd:20:bc:bb:a3:
17:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:24:90:F1:A5:AF:06:6E:8F:63:F2:97:47:E9:77:5D:FC:9C:A4:89
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BiSQ8aWvBm6PY_KXR-l3XfycpIk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
83:a6:81:c5:ef:fc:fe:5f:1a:98:e1:9c:00:e9:34:6a:ef:2e:
18:7b:1f:5a:53:7f:7b:a9:2f:71:c0:6f:63:bf:fc:3c:42:50:
29:90:58:00:61:1a:bd:30:5d:39:bd:94:9a:2e:82:95:28:f4:
2d:5c:f4:f5:25:b1:4f:99:ea:c8:dc:21:93:aa:8a:1b:f3:19:
27:17:39:db:15:28:7b:67:3f:f3:5d:73:43:6e:e0:c2:9c:73:
3a:17:e5:ff:a4:8b:b2:29:90:03:e2:0f:ca:df:f8:2f:27:81:
e6:dd:4a:80:bb:b6:c4:07:3d:44:5a:dd:b3:cb:b1:14:fe:e0:
e6:52:3e:bf:9b:91:2f:38:76:01:40:f8:d2:c5:ad:8a:28:4f:
18:be:88:b2:83:40:0a:8e:e4:00:9f:d8:b0:9a:2e:1d:e9:f2:
6a:55:d3:31:14:b5:6f:50:75:6b:4e:77:58:69:b6:0a:61:83:
bf:99:64:50:7a:1c:5b:83:33:46:99:b2:93:47:4c:60:6d:34:
be:46:af:f7:34:c4:77:fd:07:ff:0a:55:ae:ce:87:e8:31:cb:
00:68:70:04:b0:f7:ed:ac:03:d8:e7:87:ec:a5:6c:2b:cd:cc:
f6:6a:a4:2c:53:f2:b3:c3:94:23:85:36:58:65:64:4f:95:33:
08:4b:ca:13
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPkIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEx
NDIzMTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA2MjQ5MEYxQTVBRjA2
NkU4RjYzRjI5NzQ3RTk3NzVERkM5Q0E0ODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTGJkBDZlJIkLnUOiNFL+aOAkL1xy+6QIG+TZlTJ3QH9J4qn49
N+UTUvxC5EZtQ4vhSrJimOm4SqmN6YOyVOmaqmGOP3pq0Tezeb/cAeCBXN4SufsI
RXYii7eMtBZLsB3FC8k+pn+T5uC63Df1YYEtRZElYVDMv1W37RXeZ8avYfa09W+d
7ig8U0mnUaA0gArskJ2PjAw2U+FGqmj7pKrZPhlLYC+jtxLt0veHLmeoS/z2QKYP
q9l2u9qBuh7T+ifDAtlrVQvd9mOsEF8zPzla5Eix+Gk5hUAuS8vtRVG1FfeapkPR
oE2riTceBZhBMsH/2Iajq5h/Ma3NILy7oxfHAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUBiSQ8aWvBm6PY/KXR+l3XfycpIkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JpU1E4YVd2Qm02UFlf
S1hSLWwzWGZ5Y3BJay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAg6aBxe/8/l8amOGcAOk0au8uGHsfWlN/
e6kvccBvY7/8PEJQKZBYAGEavTBdOb2Umi6ClSj0LVz09SWxT5nqyNwhk6qKG/MZ
Jxc52xUoe2c/811zQ27gwpxzOhfl/6SLsimQA+IPyt/4LyeB5t1KgLu2xAc9RFrd
s8uxFP7g5lI+v5uRLzh2AUD40sWtiihPGL6IsoNACo7kAJ/YsJouHenyalXTMRS1
b1B1a053WGm2CmGDv5lkUHocW4MzRpmyk0dMYG00vkav9zTEd/0H/wpVrs6H6DHL
AGhwBLD37awD2OeH7KVsK83M9mqkLFPys8OUI4U2WGVkT5UzCEvKEw==
-----END CERTIFICATE-----
Generated at Thu Apr 11 20:58:45 2024 by rpki-client on console.sobornost.net