Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WUQFCQprIiW_Xr2_U1nWf4_KcpE.roa
File: WUQFCQprIiW_Xr2_U1nWf4_KcpE.roa (raw, json)
Hash identifier: byeNfGiVBRXVOTut73kEbBicAH7O9SMkcZKAG1zzCHA=
Subject key identifier: 59:44:05:09:0A:6B:22:25:BF:5E:BD:BF:53:59:D6:7F:8F:CA:72:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A3E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WUQFCQprIiW_Xr2_U1nWf4_KcpE.roa
Signing time: Sat 27 Apr 2024 13:53:25 +0000
ROA not before: Sat 27 Apr 2024 13:53:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19006 (0x4a3e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 13:53:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=594405090A6B2225BF5EBDBF5359D67F8FCA7291
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:b6:44:fd:9e:94:ac:91:2b:42:f4:9e:2d:ea:
25:bd:e3:3a:51:78:06:71:92:b9:a5:11:3c:d1:0c:
e9:30:a9:e9:b1:f7:6b:68:e1:01:85:56:f9:b2:d7:
b7:bd:10:a1:de:2f:64:d6:71:35:7f:d0:f0:06:28:
67:8d:fa:41:f8:bf:f7:e2:be:59:2a:41:0f:4b:71:
22:29:13:02:69:7c:12:f8:a7:5f:9f:b3:0f:1c:6b:
7e:d8:d5:6b:cc:ba:a7:db:bc:52:31:4e:ba:65:23:
fb:6a:ff:c1:da:3c:af:ce:49:2d:fa:a3:a7:0a:69:
4f:d0:3e:08:dd:11:00:57:18:a0:69:e6:49:66:38:
2c:54:9a:b9:95:4d:f6:9f:89:a3:9a:3f:61:74:77:
2d:0c:fe:57:3e:aa:40:43:93:ca:c7:84:af:40:21:
81:5a:6d:9b:8d:57:56:36:a7:07:ce:0d:d8:c7:c1:
4a:3e:c7:76:35:d7:75:29:10:3c:07:05:b9:8e:26:
f9:2c:20:2f:92:24:23:73:f4:e3:44:eb:41:ec:cb:
d1:b2:b7:08:e2:31:6b:6d:a7:61:94:4a:9f:0b:43:
9d:99:9d:5a:19:44:af:ee:6b:da:9d:82:20:e9:41:
35:ce:87:0c:6e:4c:ee:53:8e:67:bb:c6:ee:96:6a:
e7:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:44:05:09:0A:6B:22:25:BF:5E:BD:BF:53:59:D6:7F:8F:CA:72:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WUQFCQprIiW_Xr2_U1nWf4_KcpE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
04:c4:3c:8f:15:a6:e3:2e:5c:30:d5:96:ed:93:9f:39:45:cb:
e7:41:69:5f:60:45:56:1c:a3:c4:4b:d8:38:76:7f:0a:b3:b6:
90:eb:de:dd:98:a3:fb:19:b9:5b:01:89:14:94:00:68:91:a4:
f2:0c:a5:9d:c0:00:aa:29:90:aa:7c:ad:d4:39:99:7b:5e:26:
c0:92:2b:c4:6e:f3:ed:2c:e6:02:d8:ba:4a:0c:47:09:62:ac:
36:84:99:72:e7:03:68:2f:11:7a:99:06:eb:7b:36:3d:e8:26:
3d:89:f2:ea:b3:bd:31:71:62:b8:9b:f5:56:ed:a7:d9:00:07:
69:86:65:63:91:3a:33:bb:f6:cd:47:98:c6:6a:e6:39:e7:4d:
80:b4:f9:32:6d:8f:e9:63:d0:8e:23:f6:de:a2:b0:0c:02:5f:
e0:5f:40:79:11:5a:30:cc:94:ef:ff:4d:5a:96:0d:a9:4f:05:
55:23:7e:91:12:9e:9f:fc:96:53:af:01:76:14:22:6a:24:85:
28:5d:6b:65:ed:dc:60:ce:cc:bc:42:97:9e:6e:7a:24:7c:ec:
38:c3:e2:4f:aa:a6:78:1a:e4:a0:cb:b0:d1:0a:65:aa:f1:4c:
43:1b:3a:38:fc:24:14:8c:44:f6:e4:f2:27:6a:ee:7f:fb:aa:
d4:49:84:09
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSj4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcx
MzUzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU5NDQwNTA5MEE2QjIy
MjVCRjVFQkRCRjUzNTlENjdGOEZDQTcyOTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbtkT9npSskStC9J4t6iW94zpReAZxkrmlETzRDOkwqemx92to
4QGFVvmy17e9EKHeL2TWcTV/0PAGKGeN+kH4v/fivlkqQQ9LcSIpEwJpfBL4p1+f
sw8ca37Y1WvMuqfbvFIxTrplI/tq/8HaPK/OSS36o6cKaU/QPgjdEQBXGKBp5klm
OCxUmrmVTfafiaOaP2F0dy0M/lc+qkBDk8rHhK9AIYFabZuNV1Y2pwfODdjHwUo+
x3Y113UpEDwHBbmOJvksIC+SJCNz9ONE60Hsy9GytwjiMWttp2GUSp8LQ52ZnVoZ
RK/ua9qdgiDpQTXOhwxuTO5Tjme7xu6WaueBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUWUQFCQprIiW/Xr2/U1nWf4/KcpEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dVUUZDUXBySWlXX1hy
Ml9VMW5XZjRfS2NwRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEABMQ8jxWm4y5cMNWW7ZOfOUXL50FpX2BF
VhyjxEvYOHZ/CrO2kOve3Zij+xm5WwGJFJQAaJGk8gylncAAqimQqnyt1DmZe14m
wJIrxG7z7SzmAti6SgxHCWKsNoSZcucDaC8RepkG63s2PegmPYny6rO9MXFiuJv1
Vu2n2QAHaYZlY5E6M7v2zUeYxmrmOedNgLT5Mm2P6WPQjiP23qKwDAJf4F9AeRFa
MMyU7/9NWpYNqU8FVSN+kRKen/yWU68BdhQiaiSFKF1rZe3cYM7MvEKXnm56JHzs
OMPiT6qmeBrkoMuw0QplqvFMQxs6OPwkFIxE9uTyJ2ruf/uq1EmECQ==
-----END CERTIFICATE-----
Generated at Sat Apr 27 20:46:50 2024 by rpki-client on console.sobornost.net