Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/S1994IEOk295qTbB-QC0WFn1RqM.roa
File: S1994IEOk295qTbB-QC0WFn1RqM.roa (raw, json)
Hash identifier: ZYMsV5DAvQaUe6ZKhzqC7buzp+fOGc6HvL5hJtdushk=
Subject key identifier: 4B:5F:7D:E0:81:0E:93:6F:79:A9:36:C1:F9:00:B4:58:59:F5:46:A3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 33FA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S1994IEOk295qTbB-QC0WFn1RqM.roa
Signing time: Thu 28 Mar 2024 21:22:06 +0000
ROA not before: Thu 28 Mar 2024 21:22:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13306 (0x33fa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 21:22:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4B5F7DE0810E936F79A936C1F900B45859F546A3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:34:c0:26:a5:44:30:11:50:cd:dd:36:be:c3:
ac:b1:16:a7:f1:37:f7:09:db:07:69:22:13:58:5f:
53:fe:a7:cc:ec:a7:51:c9:3b:97:80:bf:8a:fc:da:
9f:84:65:f1:cf:da:24:d8:34:d3:58:f6:d3:6c:36:
b1:a2:d6:f6:bd:e7:e9:39:88:fe:8b:f1:71:4d:48:
c5:a3:ce:6c:08:50:6f:49:e9:df:16:3a:16:7d:30:
14:07:4a:dc:bd:c9:91:9c:03:39:c8:0e:a0:c1:d8:
bc:17:22:ff:40:2c:9d:38:49:ce:37:d2:54:76:98:
11:b2:37:17:55:80:f3:45:3e:d9:cf:9d:58:b1:70:
d2:a7:ab:11:df:2c:47:21:3c:19:13:67:18:72:56:
43:a7:92:c1:53:eb:42:19:a6:03:67:58:60:12:f5:
4e:f9:1b:fb:7d:38:7f:9c:28:d9:e8:3c:60:ca:0e:
cb:a4:68:0e:e2:55:d3:1b:aa:24:99:f0:f9:d0:7b:
fb:a1:c4:5d:69:e4:63:1d:98:20:17:56:8d:ee:12:
61:c7:9c:4c:1b:da:0f:22:60:8b:b4:43:e9:de:15:
cb:9f:1f:d0:b2:c5:f7:eb:55:0d:2f:1b:d6:88:49:
3b:92:7a:0e:7b:90:c7:bb:4d:02:5e:20:86:a9:f8:
b7:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:5F:7D:E0:81:0E:93:6F:79:A9:36:C1:F9:00:B4:58:59:F5:46:A3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S1994IEOk295qTbB-QC0WFn1RqM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ae:b4:95:f4:48:f7:4d:49:79:ae:06:7f:8c:99:25:c4:e6:e6:
2e:59:31:fc:f8:91:1d:a1:69:19:79:60:92:55:87:20:68:8b:
0d:91:bf:85:66:c1:ec:a4:03:57:68:82:9e:74:57:73:ab:ea:
81:f9:38:9d:69:ff:62:ce:61:42:ee:b3:24:81:7c:3e:9d:d7:
a3:38:55:2f:b4:98:72:be:87:e3:51:aa:d2:d2:5c:e3:05:85:
93:45:07:0b:fd:92:73:47:36:5f:a0:44:32:a7:47:b8:b5:c7:
a7:f9:74:ab:67:47:7c:31:76:b9:27:c4:0d:c7:a8:38:b0:c1:
6b:05:bc:df:85:c3:79:19:cb:7a:ac:30:bb:18:13:1b:be:44:
44:0b:51:d0:e1:37:98:ad:db:b5:45:b7:37:44:97:7a:e1:7d:
f0:99:7e:4a:98:cb:44:a9:a0:b2:a5:30:50:aa:83:0b:18:93:
1e:51:2c:cb:0b:4e:f5:d3:f6:bd:fa:01:04:c7:5e:9f:38:55:
a8:30:6b:ac:b1:bf:8b:cd:a0:d1:13:50:6c:ab:c0:98:a3:72:
93:fe:32:ee:df:03:7d:f4:9e:37:c0:d2:7a:ae:87:27:ca:06:
67:be:45:09:36:f2:7b:da:d8:38:31:ee:33:85:ea:55:ec:96:
f7:5e:02:6d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICM/owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgy
MTIyMDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRCNUY3REUwODEwRTkz
NkY3OUE5MzZDMUY5MDBCNDU4NTlGNTQ2QTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/NMAmpUQwEVDN3Ta+w6yxFqfxN/cJ2wdpIhNYX1P+p8zsp1HJ
O5eAv4r82p+EZfHP2iTYNNNY9tNsNrGi1va95+k5iP6L8XFNSMWjzmwIUG9J6d8W
OhZ9MBQHSty9yZGcAznIDqDB2LwXIv9ALJ04Sc430lR2mBGyNxdVgPNFPtnPnVix
cNKnqxHfLEchPBkTZxhyVkOnksFT60IZpgNnWGAS9U75G/t9OH+cKNnoPGDKDsuk
aA7iVdMbqiSZ8PnQe/uhxF1p5GMdmCAXVo3uEmHHnEwb2g8iYIu0Q+neFcufH9Cy
xffrVQ0vG9aISTuSeg57kMe7TQJeIIap+LdzAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUS1994IEOk295qTbB+QC0WFn1RqMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1MxOTk0SUVPazI5NXFU
YkItUUMwV0ZuMVJxTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEArrSV9Ej3TUl5rgZ/jJklxObmLlkx/PiR
HaFpGXlgklWHIGiLDZG/hWbB7KQDV2iCnnRXc6vqgfk4nWn/Ys5hQu6zJIF8Pp3X
ozhVL7SYcr6H41Gq0tJc4wWFk0UHC/2Sc0c2X6BEMqdHuLXHp/l0q2dHfDF2uSfE
DceoOLDBawW834XDeRnLeqwwuxgTG75ERAtR0OE3mK3btUW3N0SXeuF98Jl+SpjL
RKmgsqUwUKqDCxiTHlEsywtO9dP2vfoBBMdenzhVqDBrrLG/i82g0RNQbKvAmKNy
k/4y7t8DffSeN8DSeq6HJ8oGZ75FCTbye9rYODHuM4XqVeyW914CbQ==
-----END CERTIFICATE-----
Generated at Fri Mar 29 05:42:23 2024 by rpki-client on console.sobornost.net