Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/P1B77zgX9sh9gCNEQaLGccMsXMU.roa
File: P1B77zgX9sh9gCNEQaLGccMsXMU.roa (raw, json)
Hash identifier: 7X65Vdu0Ya3aOOV4EFVuFkoRoUWUvIxOygdo2IR7bEM=
Subject key identifier: 3F:50:7B:EF:38:17:F6:C8:7D:80:23:44:41:A2:C6:71:C3:2C:5C:C5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4ECE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P1B77zgX9sh9gCNEQaLGccMsXMU.roa
Signing time: Fri 03 May 2024 15:53:46 +0000
ROA not before: Fri 03 May 2024 15:53:46 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20174 (0x4ece)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 15:53:46 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3F507BEF3817F6C87D80234441A2C671C32C5CC5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:01:d2:bd:3e:bd:29:90:f2:3d:69:05:d7:df:
98:df:6d:75:c1:3e:71:1e:fb:06:26:d6:e2:08:37:
a5:ad:15:62:3d:81:50:97:63:eb:d9:f1:d1:71:ed:
9e:f4:6c:7d:2e:89:86:3e:4f:e2:be:c0:ae:15:1b:
7b:b2:76:1f:ee:b1:3e:3b:5c:ed:64:a3:e7:bb:04:
0d:47:1d:02:a3:2b:65:ff:30:1d:04:53:d3:d9:1b:
cc:7d:cb:1c:e9:a7:f2:16:02:68:81:40:79:e3:52:
c3:ec:ed:90:0d:f5:cf:0e:8b:e8:45:f3:45:e1:e9:
ff:13:4a:6c:98:31:7d:0c:99:2a:bd:f6:68:3a:5a:
05:9b:97:2e:58:15:db:03:7f:ca:eb:77:79:0e:13:
2d:dc:65:26:3a:9a:a7:af:9d:16:28:3a:4c:06:9d:
af:8f:22:c4:62:c5:83:99:db:1b:93:89:d5:dd:b2:
86:91:06:c7:2e:66:f4:8c:be:c2:9b:5b:b5:ad:ee:
bc:2a:e9:0c:5e:38:33:7f:fd:82:d5:b7:e1:aa:8a:
5c:db:ab:a6:37:ed:21:aa:dc:4e:82:d0:96:c8:d7:
a6:72:51:a6:09:a6:09:33:53:26:34:2a:18:26:29:
c1:a8:8f:d6:93:ac:6a:ff:8d:1a:b4:98:0a:36:87:
f1:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:50:7B:EF:38:17:F6:C8:7D:80:23:44:41:A2:C6:71:C3:2C:5C:C5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P1B77zgX9sh9gCNEQaLGccMsXMU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
0a:13:0c:f6:42:e5:34:de:a1:4b:b1:f4:2e:51:ff:ff:87:fc:
19:d7:57:58:c6:2f:ad:d0:c5:0b:bb:39:da:80:57:b1:f2:2e:
8d:27:6e:09:be:af:cb:d5:0d:f7:55:08:b1:8e:a2:ea:4d:59:
b5:64:7d:7a:af:2a:08:ec:cf:7e:32:34:64:4e:44:31:8f:f6:
d0:5b:eb:53:d0:23:ad:b4:68:6b:dd:b2:f5:ed:af:fa:90:73:
ed:6a:cb:2a:05:b4:e3:db:42:61:4b:78:6e:bc:58:96:ca:ab:
fa:e8:f6:50:25:46:7d:69:49:da:34:08:96:60:ce:94:00:03:
e5:d3:f8:88:d2:9c:ae:d1:b0:91:77:b0:e7:32:94:2d:19:93:
df:0d:65:99:1c:d4:57:92:5a:ef:6e:36:bf:50:24:b4:97:34:
64:c1:77:78:2b:3b:dc:9b:07:28:38:74:af:bb:95:99:8c:37:
ec:c8:02:e8:40:eb:c9:88:79:44:39:38:35:ec:3c:f6:3a:af:
a1:2c:4d:92:c1:05:c0:71:17:3a:45:56:10:2a:f3:83:cb:a5:
1f:29:99:b7:51:ce:b8:72:eb:49:db:d7:9e:aa:5e:13:85:2a:
a0:68:a2:96:e9:bf:3a:2d:58:ed:99:33:b7:3b:f3:2b:4e:e8:
56:2f:7a:b8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTs4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMx
NTUzNDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNGNTA3QkVGMzgxN0Y2
Qzg3RDgwMjM0NDQxQTJDNjcxQzMyQzVDQzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2AdK9Pr0pkPI9aQXX35jfbXXBPnEe+wYm1uIIN6WtFWI9gVCX
Y+vZ8dFx7Z70bH0uiYY+T+K+wK4VG3uydh/usT47XO1ko+e7BA1HHQKjK2X/MB0E
U9PZG8x9yxzpp/IWAmiBQHnjUsPs7ZAN9c8Oi+hF80Xh6f8TSmyYMX0MmSq99mg6
WgWbly5YFdsDf8rrd3kOEy3cZSY6mqevnRYoOkwGna+PIsRixYOZ2xuTidXdsoaR
BscuZvSMvsKbW7Wt7rwq6QxeODN//YLVt+Gqilzbq6Y37SGq3E6C0JbI16ZyUaYJ
pgkzUyY0KhgmKcGoj9aTrGr/jRq0mAo2h/GTAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUP1B77zgX9sh9gCNEQaLGccMsXMUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1AxQjc3emdYOXNoOWdD
TkVRYUxHY2NNc1hNVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAChMM9kLlNN6hS7H0LlH//4f8GddXWMYv
rdDFC7s52oBXsfIujSduCb6vy9UN91UIsY6i6k1ZtWR9eq8qCOzPfjI0ZE5EMY/2
0FvrU9AjrbRoa92y9e2v+pBz7WrLKgW049tCYUt4brxYlsqr+uj2UCVGfWlJ2jQI
lmDOlAAD5dP4iNKcrtGwkXew5zKULRmT3w1lmRzUV5Ja7242v1AktJc0ZMF3eCs7
3JsHKDh0r7uVmYw37MgC6EDryYh5RDk4New89jqvoSxNksEFwHEXOkVWECrzg8ul
HymZt1HOuHLrSdvXnqpeE4UqoGiilum/Oi1Y7ZkztzvzK07oVi96uA==
-----END CERTIFICATE-----
Generated at Fri May 3 20:57:19 2024 by rpki-client on console.sobornost.net