Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PMtI49OO6ZYJPlP-19fPwrP9Lfo.roa
File: PMtI49OO6ZYJPlP-19fPwrP9Lfo.roa (raw, json)
Hash identifier: bR1+jk7JVkJ6r1jSeUUK0j8JxZ5KLyxzqJtsnpMxu3U=
Subject key identifier: 3C:CB:48:E3:D3:8E:E9:96:09:3E:53:FE:D7:D7:CF:C2:B3:FD:2D:FA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54BA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PMtI49OO6ZYJPlP-19fPwrP9Lfo.roa
Signing time: Sat 11 May 2024 13:24:24 +0000
ROA not before: Sat 11 May 2024 13:24:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21690 (0x54ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 13:24:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3CCB48E3D38EE996093E53FED7D7CFC2B3FD2DFA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:ec:f3:a5:4f:8f:c2:6f:92:f2:c5:42:4c:2b:
9e:be:92:cc:2a:c4:e6:f9:97:e8:e3:80:4e:88:7f:
50:46:e1:c8:a3:bc:e3:74:b0:b0:6a:f3:6d:ad:d9:
e0:77:1d:b8:d2:69:93:0d:51:f2:75:a8:85:67:b9:
85:53:32:9b:41:4d:90:3d:b5:80:17:e9:09:9b:f6:
ef:5a:b8:ff:d9:6f:c8:4b:6a:48:2a:dd:d5:ac:c4:
a0:0b:96:e1:14:15:32:04:31:6c:0d:23:33:ab:69:
2b:c1:2c:10:fa:c2:21:22:48:0e:54:fe:12:73:e1:
60:14:ca:ac:ed:25:a7:e7:2c:b1:3c:8b:e0:53:0d:
93:14:bd:ac:b6:54:54:9d:c6:71:21:9c:5c:23:59:
c6:c5:2e:7c:18:bd:91:fd:b9:96:ab:f0:a8:c8:90:
49:b9:72:0e:c6:9d:f1:6c:ec:fd:42:50:c4:31:b8:
1b:1f:28:fd:a0:af:36:a0:03:e4:a0:3f:8f:36:58:
4a:86:27:71:ad:3f:43:2b:d1:52:8b:97:10:c1:bf:
b2:6d:27:85:50:be:ce:20:6f:10:43:00:2b:c8:b4:
c0:64:41:8b:48:b3:08:96:57:41:29:77:05:07:f4:
46:5f:d6:69:ee:c2:2b:73:0c:b6:0f:8f:a6:45:9a:
58:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:CB:48:E3:D3:8E:E9:96:09:3E:53:FE:D7:D7:CF:C2:B3:FD:2D:FA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PMtI49OO6ZYJPlP-19fPwrP9Lfo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
73:0f:62:60:b9:6b:f1:b2:a2:cd:b6:86:91:e2:36:36:b7:5b:
b1:ad:9d:2f:50:55:a0:bf:f9:ba:80:54:19:92:1a:b7:3d:f0:
e0:31:33:d7:ca:3d:3a:50:b7:94:35:57:09:41:07:56:31:eb:
f4:4c:f0:0b:b3:b8:5a:63:a5:84:7f:33:86:b1:bd:0f:33:eb:
1c:7e:eb:2e:f0:ae:79:71:df:0c:2c:cf:68:07:9c:b1:1a:82:
e9:4c:c7:bc:7d:eb:41:98:7f:5d:c1:9d:39:94:9f:18:13:5b:
f5:6f:43:0c:98:4f:32:9f:5c:e3:b8:fc:10:0e:d6:5d:90:41:
27:b8:d4:8d:87:52:71:49:5a:10:4d:7b:16:c0:1c:6d:36:bd:
40:47:3f:13:79:95:ac:02:ff:d3:2d:1e:23:ab:2c:fe:18:b3:
c6:4b:7f:63:03:05:17:d0:5f:3a:03:62:d8:73:d8:06:02:72:
c6:98:e8:ba:fa:35:60:9d:86:c7:d0:19:db:ff:fb:7b:c1:e0:
10:6e:57:66:a9:7e:c5:92:1a:ca:6c:3f:7d:91:a5:5d:a3:21:
ec:c0:e0:8c:f9:21:d0:ec:11:e5:0c:1b:26:ce:6b:94:ff:05:
d7:87:2f:4f:f5:4b:4b:3b:06:0b:48:73:6f:a6:b7:15:f6:00:
76:13:92:23
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVLowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEx
MzI0MjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNDQ0I0OEUzRDM4RUU5
OTYwOTNFNTNGRUQ3RDdDRkMyQjNGRDJERkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC97POlT4/Cb5LyxUJMK56+kswqxOb5l+jjgE6If1BG4cijvON0
sLBq822t2eB3HbjSaZMNUfJ1qIVnuYVTMptBTZA9tYAX6Qmb9u9auP/Zb8hLakgq
3dWsxKALluEUFTIEMWwNIzOraSvBLBD6wiEiSA5U/hJz4WAUyqztJafnLLE8i+BT
DZMUvay2VFSdxnEhnFwjWcbFLnwYvZH9uZar8KjIkEm5cg7GnfFs7P1CUMQxuBsf
KP2grzagA+SgP482WEqGJ3GtP0Mr0VKLlxDBv7JtJ4VQvs4gbxBDACvItMBkQYtI
swiWV0EpdwUH9EZf1mnuwitzDLYPj6ZFmlhpAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUPMtI49OO6ZYJPlP+19fPwrP9LfowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BNdEk0OU9PNlpZSlBs
UC0xOWZQd3JQOUxmby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAcw9iYLlr8bKizbaGkeI2Nrdbsa2dL1BV
oL/5uoBUGZIatz3w4DEz18o9OlC3lDVXCUEHVjHr9EzwC7O4WmOlhH8zhrG9DzPr
HH7rLvCueXHfDCzPaAecsRqC6UzHvH3rQZh/XcGdOZSfGBNb9W9DDJhPMp9c47j8
EA7WXZBBJ7jUjYdScUlaEE17FsAcbTa9QEc/E3mVrAL/0y0eI6ss/hizxkt/YwMF
F9BfOgNi2HPYBgJyxpjouvo1YJ2Gx9AZ2//7e8HgEG5XZql+xZIaymw/fZGlXaMh
7MDgjPkh0OwR5QwbJs5rlP8F14cvT/VLSzsGC0hzb6a3FfYAdhOSIw==
-----END CERTIFICATE-----
Generated at Sat May 11 18:33:36 2024 by rpki-client on console.sobornost.net