Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DRn2ok2i-u5Q-YNPa-uzZxY31-M.roa
File: DRn2ok2i-u5Q-YNPa-uzZxY31-M.roa (raw, json)
Hash identifier: 1jC38mzP/WMOeVCm6fQ63oIOLFPU5EH2gw6dmxZLi8c=
Subject key identifier: 0D:19:F6:A2:4D:A2:FA:EE:50:F9:83:4F:6B:EB:B3:67:16:37:D7:E3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4CCA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DRn2ok2i-u5Q-YNPa-uzZxY31-M.roa
Signing time: Tue 30 Apr 2024 23:23:53 +0000
ROA not before: Tue 30 Apr 2024 23:23:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19658 (0x4cca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 23:23:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0D19F6A24DA2FAEE50F9834F6BEBB3671637D7E3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:2a:8a:c1:7e:39:6a:f2:17:ce:0b:62:ad:ff:
50:b3:b2:84:06:2d:c9:73:90:cd:e8:91:9a:11:94:
9a:2e:d7:96:13:cd:37:5f:15:5c:69:e3:36:d8:af:
1f:d5:5d:e2:1c:ab:db:a4:63:65:61:b1:84:b2:3e:
43:94:ff:f3:95:a4:73:ce:23:9c:c5:a7:77:68:77:
b3:e8:f3:40:05:57:99:0d:87:66:eb:06:00:42:1d:
09:c2:c2:ff:57:e7:3b:01:57:7f:51:7e:35:52:4e:
a9:46:f1:f3:f4:f4:70:36:f2:9b:98:4e:91:7e:b4:
d7:66:e6:e4:7e:15:3d:04:29:b6:22:34:37:38:10:
b3:31:be:d7:5a:2f:ef:01:d1:19:c0:2e:bf:ae:6e:
b5:9e:52:40:ac:03:1e:fe:5e:9d:b1:b4:cd:06:76:
2b:76:7f:a9:9f:6f:13:cd:4c:79:e9:96:f7:87:3e:
fb:85:48:2f:47:44:3c:6d:75:25:45:9c:8d:04:c6:
21:a6:c7:9f:e2:fb:c1:e7:bc:70:ad:e6:6b:84:a1:
bf:fc:9d:43:31:11:d0:c9:77:58:45:e6:bd:86:56:
cf:dd:5e:c0:d4:1c:02:3c:0e:3d:13:95:2c:9e:a4:
4e:91:b9:28:4c:59:13:83:8e:02:37:4a:03:55:38:
6d:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:19:F6:A2:4D:A2:FA:EE:50:F9:83:4F:6B:EB:B3:67:16:37:D7:E3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DRn2ok2i-u5Q-YNPa-uzZxY31-M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
41:27:eb:a5:a9:e8:35:b5:6f:3a:01:47:86:01:37:c6:cd:2e:
70:22:79:72:fc:20:40:0d:91:ff:72:86:f2:ef:5d:71:e6:6e:
30:11:aa:cb:89:b7:9e:90:1a:59:27:fd:d8:74:c6:c6:ce:c3:
57:07:89:aa:e8:47:df:a1:17:61:29:bf:46:51:53:6e:64:2f:
c2:00:3a:b7:02:6e:5e:82:da:15:03:00:07:fd:f0:77:1b:9d:
3d:8b:48:63:30:7c:00:c0:6f:65:ec:64:68:de:77:7b:22:33:
5e:c6:11:db:24:df:e0:86:53:36:a8:11:da:e3:ea:bc:b5:37:
5e:f1:9c:0d:62:d1:1b:1d:7e:fc:82:d7:eb:c6:a1:3e:7d:f6:
42:e4:f1:ec:d2:56:d6:55:e1:80:22:bc:ac:30:db:48:4f:05:
b1:86:40:a7:a2:1f:32:e2:41:77:91:37:6c:be:c5:72:c0:51:
e1:5b:c1:8a:70:a9:f2:5c:35:26:fa:b7:9a:96:75:6d:bc:7e:
dd:67:9a:8c:e0:ce:12:54:38:48:b8:33:69:2b:37:4e:72:78:
54:f6:46:f5:04:d2:36:81:97:7c:cf:70:06:4c:88:af:e0:b7:
22:25:41:41:c1:9c:99:06:af:ce:21:7c:6a:44:5f:63:48:33:
27:be:87:f4
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTMowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAy
MzIzNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBEMTlGNkEyNERBMkZB
RUU1MEY5ODM0RjZCRUJCMzY3MTYzN0Q3RTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSKorBfjlq8hfOC2Kt/1CzsoQGLclzkM3okZoRlJou15YTzTdf
FVxp4zbYrx/VXeIcq9ukY2VhsYSyPkOU//OVpHPOI5zFp3dod7Po80AFV5kNh2br
BgBCHQnCwv9X5zsBV39RfjVSTqlG8fP09HA28puYTpF+tNdm5uR+FT0EKbYiNDc4
ELMxvtdaL+8B0RnALr+ubrWeUkCsAx7+Xp2xtM0Gdit2f6mfbxPNTHnplveHPvuF
SC9HRDxtdSVFnI0ExiGmx5/i+8HnvHCt5muEob/8nUMxEdDJd1hF5r2GVs/dXsDU
HAI8Dj0TlSyepE6RuShMWRODjgI3SgNVOG3zAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUDRn2ok2i+u5Q+YNPa+uzZxY31+MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RSbjJvazJpLXU1US1Z
TlBhLXV6WnhZMzEtTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAQSfrpanoNbVvOgFHhgE3xs0ucCJ5cvwg
QA2R/3KG8u9dceZuMBGqy4m3npAaWSf92HTGxs7DVweJquhH36EXYSm/RlFTbmQv
wgA6twJuXoLaFQMAB/3wdxudPYtIYzB8AMBvZexkaN53eyIzXsYR2yTf4IZTNqgR
2uPqvLU3XvGcDWLRGx1+/ILX68ahPn32QuTx7NJW1lXhgCK8rDDbSE8FsYZAp6If
MuJBd5E3bL7FcsBR4VvBinCp8lw1Jvq3mpZ1bbx+3WeajODOElQ4SLgzaSs3TnJ4
VPZG9QTSNoGXfM9wBkyIr+C3IiVBQcGcmQavziF8akRfY0gzJ76H9A==
-----END CERTIFICATE-----
Generated at Wed May 1 14:08:10 2024 by rpki-client on console.sobornost.net