Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ERKCUEPmxdLRiCItp5GaPj64eQk.roa
File: ERKCUEPmxdLRiCItp5GaPj64eQk.roa (raw, json)
Hash identifier: QT9OEs99ntYFapFjmigFn/OgQq0V+Kmieyk/M7wzCoc=
Subject key identifier: 11:12:82:50:43:E6:C5:D2:D1:88:22:2D:A7:91:9A:3E:3E:B8:79:09
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34FE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ERKCUEPmxdLRiCItp5GaPj64eQk.roa
Signing time: Sat 30 Mar 2024 05:52:10 +0000
ROA not before: Sat 30 Mar 2024 05:52:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13566 (0x34fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 05:52:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1112825043E6C5D2D188222DA7919A3E3EB87909
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:e3:8e:2d:1a:a0:97:d7:c8:65:67:ad:16:34:
5b:80:7d:e3:67:4c:ce:cf:98:23:24:30:a4:03:89:
5e:d3:e4:eb:14:fa:ff:6e:33:0c:ae:75:7d:fe:3e:
ba:24:7c:8b:7b:1e:75:91:62:e0:2c:f9:79:48:7c:
7a:4f:bb:ec:9c:f5:51:1d:94:e6:11:a2:cc:9c:4f:
17:11:0f:a2:6f:0a:b2:db:9c:cd:d4:2b:c7:94:4c:
36:33:72:c8:fb:e9:98:90:fc:fb:db:02:ea:9a:45:
10:1b:52:30:85:19:2c:ea:7b:76:6b:7d:f4:c5:64:
eb:b7:c0:79:dd:39:a1:cc:97:8f:9c:0d:47:62:06:
76:04:89:54:7e:d6:c0:cd:09:df:3d:22:4c:f7:f9:
06:32:c2:f6:93:aa:18:5d:70:7d:54:27:47:57:aa:
79:53:73:f9:b6:8f:96:51:2d:f3:37:c5:a3:dc:0e:
dc:51:6b:33:c9:75:ed:66:89:8a:3a:e8:df:59:67:
6c:d3:87:3f:e4:43:6b:31:94:33:76:a1:35:13:f6:
16:d4:f0:26:e4:3e:ec:0b:97:f4:2a:70:be:d3:bd:
a2:4d:87:8c:23:b7:22:50:28:2b:90:af:02:86:2e:
f7:3b:f2:ee:1f:7f:60:c8:f2:60:a7:be:e7:b4:9b:
30:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:12:82:50:43:E6:C5:D2:D1:88:22:2D:A7:91:9A:3E:3E:B8:79:09
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ERKCUEPmxdLRiCItp5GaPj64eQk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b3:ea:d8:bc:1b:67:06:af:12:8d:74:9a:62:4c:f3:d1:d0:5a:
57:8c:fd:41:fe:0f:c4:f2:17:f9:02:fc:b7:2d:f5:05:ad:e7:
97:44:2a:b0:f3:d5:59:f5:13:d0:18:30:b2:d2:35:56:15:23:
35:68:13:f4:fe:61:33:d3:01:df:b5:13:1b:1c:37:4e:da:b5:
2b:6e:ab:d8:a1:e7:d3:fc:fb:47:81:bb:17:95:50:a9:7b:14:
23:63:a8:38:39:36:e3:e8:94:d7:6b:c5:6c:49:33:7d:bd:dc:
58:c1:2b:53:a5:62:92:9a:88:86:8c:ee:ff:88:2d:20:51:22:
52:9d:f9:44:ef:04:00:f8:8a:da:2c:9f:39:54:24:23:3f:0e:
90:6c:40:a5:a1:88:0c:87:56:9e:0c:4e:f5:16:21:83:53:98:
01:28:3a:dd:55:d1:3f:8d:1a:6e:a1:7d:34:79:18:77:ae:0f:
5a:48:e2:c6:e5:e6:c4:cf:b4:2c:49:1f:6f:c3:32:5d:b5:61:
a1:36:7c:3f:61:7c:f3:11:8a:98:31:82:6b:4f:d2:38:2b:27:
9f:04:09:b2:f7:40:cf:46:f4:5c:98:de:bd:a2:d5:fc:e3:a3:
c3:38:0e:59:79:37:63:88:67:94:82:06:10:3a:1b:a3:ac:bc:
4f:79:08:20
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNP4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAw
NTUyMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDExMTI4MjUwNDNFNkM1
RDJEMTg4MjIyREE3OTE5QTNFM0VCODc5MDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDC444tGqCX18hlZ60WNFuAfeNnTM7PmCMkMKQDiV7T5OsU+v9u
MwyudX3+ProkfIt7HnWRYuAs+XlIfHpPu+yc9VEdlOYRosycTxcRD6JvCrLbnM3U
K8eUTDYzcsj76ZiQ/PvbAuqaRRAbUjCFGSzqe3ZrffTFZOu3wHndOaHMl4+cDUdi
BnYEiVR+1sDNCd89Ikz3+QYywvaTqhhdcH1UJ0dXqnlTc/m2j5ZRLfM3xaPcDtxR
azPJde1miYo66N9ZZ2zThz/kQ2sxlDN2oTUT9hbU8CbkPuwLl/QqcL7TvaJNh4wj
tyJQKCuQrwKGLvc78u4ff2DI8mCnvue0mzD5AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUERKCUEPmxdLRiCItp5GaPj64eQkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0VSS0NVRVBteGRMUmlD
SXRwNUdhUGo2NGVRay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAs+rYvBtnBq8SjXSaYkzz0dBaV4z9Qf4P
xPIX+QL8ty31Ba3nl0QqsPPVWfUT0BgwstI1VhUjNWgT9P5hM9MB37UTGxw3Ttq1
K26r2KHn0/z7R4G7F5VQqXsUI2OoODk24+iU12vFbEkzfb3cWMErU6VikpqIhozu
/4gtIFEiUp35RO8EAPiK2iyfOVQkIz8OkGxApaGIDIdWngxO9RYhg1OYASg63VXR
P40abqF9NHkYd64PWkjixuXmxM+0LEkfb8MyXbVhoTZ8P2F88xGKmDGCa0/SOCsn
nwQJsvdAz0b0XJjevaLV/OOjwzgOWXk3Y4hnlIIGEDobo6y8T3kIIA==
-----END CERTIFICATE-----
Generated at Sat Mar 30 11:14:55 2024 by rpki-client on console.sobornost.net