Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WWau3GUwqUduoc1tt16T8LV6lbM.roa
File: WWau3GUwqUduoc1tt16T8LV6lbM.roa (raw, json)
Hash identifier: vPxMOc4qsRW/2lTAFUMrQRSaWimwBuh/1m9vR1ziM+U=
Subject key identifier: 59:66:AE:DC:65:30:A9:47:6E:A1:CD:6D:B7:5E:93:F0:B5:7A:95:B3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4BEE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WWau3GUwqUduoc1tt16T8LV6lbM.roa
Signing time: Mon 29 Apr 2024 19:53:32 +0000
ROA not before: Mon 29 Apr 2024 19:53:32 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19438 (0x4bee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 19:53:32 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5966AEDC6530A9476EA1CD6DB75E93F0B57A95B3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:75:e9:ed:d8:d0:42:4d:70:9d:ab:cc:da:1a:
1d:1a:ec:97:86:ea:67:e1:07:b7:ad:c2:e4:d7:f5:
f2:16:23:f9:21:e4:50:5b:ad:50:12:61:3b:51:d3:
93:f1:4e:99:86:fc:19:d1:26:34:88:e1:ea:f5:16:
a4:bd:40:7a:7a:ed:93:f3:d6:03:52:6b:a9:de:ed:
de:a6:47:60:bf:69:48:1f:7d:23:08:a8:59:ae:c3:
99:91:11:b6:8a:65:02:f8:c3:de:4c:38:02:a2:4b:
af:21:d3:d3:d1:12:9a:f9:b9:56:fc:0e:cd:e0:b4:
95:e9:4d:1d:80:17:84:85:35:cc:40:6b:03:a9:d7:
de:63:71:37:05:a1:76:94:74:e2:aa:c5:b7:d9:49:
6f:5a:34:07:a1:a4:e8:66:37:b8:98:1a:27:3b:5f:
67:3e:0b:78:49:37:8c:1f:16:f7:91:6f:5b:6a:7c:
95:81:c0:2b:15:09:91:3d:00:80:48:ac:9a:a3:04:
92:37:3a:8d:49:fb:4a:17:2a:fc:65:4e:ab:15:1d:
5a:83:86:e1:a4:94:bf:a6:8d:f4:44:9f:88:33:be:
ac:c3:53:69:9f:6f:af:1e:54:e5:fc:f7:98:f9:05:
23:70:45:8c:32:0c:a6:ad:08:cf:16:e9:d6:92:dd:
c1:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:66:AE:DC:65:30:A9:47:6E:A1:CD:6D:B7:5E:93:F0:B5:7A:95:B3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WWau3GUwqUduoc1tt16T8LV6lbM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2a:b4:4e:35:e1:db:2a:e8:85:60:24:3b:e2:0c:1a:c2:01:74:
77:11:a7:01:bd:59:02:27:e0:15:1c:46:82:f8:08:9e:4d:0e:
41:27:0c:59:95:2b:fd:53:19:d1:97:02:36:c8:8b:cc:dc:82:
62:ef:1d:68:ec:69:f9:98:88:66:60:b6:c5:8e:c1:98:b1:11:
fd:fb:9b:d2:50:6f:98:30:a2:04:af:a8:b9:3b:50:7d:bc:57:
4b:4d:75:66:7c:df:6f:3a:55:92:7b:07:bf:2c:2d:96:3e:7e:
49:ab:8c:77:7b:cb:35:89:48:47:7c:fa:43:2b:59:cf:ef:0d:
73:42:a1:22:3a:9c:e9:1c:85:86:83:c0:6d:1b:dd:1d:b4:cb:
5e:7f:e1:52:31:64:91:cb:b9:c0:f6:b5:b8:eb:02:b0:3a:29:
3c:59:3f:1c:6c:fb:d7:f6:8a:72:d0:a7:99:e6:9b:59:71:f4:
83:ef:39:56:a3:78:0e:a4:20:9d:91:e1:5b:5f:31:df:b7:a3:
59:e3:da:ff:ac:3d:04:c9:ce:35:34:bb:62:5f:eb:99:1a:fe:
77:ae:c0:05:99:5b:99:42:31:c0:bf:72:ad:4b:80:20:e3:5c:
c1:94:bf:bb:e4:34:a0:e2:64:38:62:fa:14:12:1b:a4:54:78:
a7:90:1a:c3
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICS+4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkx
OTUzMzJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU5NjZBRURDNjUzMEE5
NDc2RUExQ0Q2REI3NUU5M0YwQjU3QTk1QjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtdent2NBCTXCdq8zaGh0a7JeG6mfhB7etwuTX9fIWI/kh5FBb
rVASYTtR05PxTpmG/BnRJjSI4er1FqS9QHp67ZPz1gNSa6ne7d6mR2C/aUgffSMI
qFmuw5mREbaKZQL4w95MOAKiS68h09PREpr5uVb8Ds3gtJXpTR2AF4SFNcxAawOp
195jcTcFoXaUdOKqxbfZSW9aNAehpOhmN7iYGic7X2c+C3hJN4wfFveRb1tqfJWB
wCsVCZE9AIBIrJqjBJI3Oo1J+0oXKvxlTqsVHVqDhuGklL+mjfREn4gzvqzDU2mf
b68eVOX895j5BSNwRYwyDKatCM8W6daS3cGBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUWWau3GUwqUduoc1tt16T8LV6lbMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dXYXUzR1V3cVVkdW9j
MXR0MTZUOExWNmxiTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAKrRONeHbKuiFYCQ74gwawgF0dxGnAb1Z
AifgFRxGgvgInk0OQScMWZUr/VMZ0ZcCNsiLzNyCYu8daOxp+ZiIZmC2xY7BmLER
/fub0lBvmDCiBK+ouTtQfbxXS011ZnzfbzpVknsHvywtlj5+SauMd3vLNYlIR3z6
QytZz+8Nc0KhIjqc6RyFhoPAbRvdHbTLXn/hUjFkkcu5wPa1uOsCsDopPFk/HGz7
1/aKctCnmeabWXH0g+85VqN4DqQgnZHhW18x37ejWePa/6w9BMnONTS7Yl/rmRr+
d67ABZlbmUIxwL9yrUuAIONcwZS/u+Q0oOJkOGL6FBIbpFR4p5Aaww==
-----END CERTIFICATE-----
Generated at Tue Apr 30 01:07:20 2024 by rpki-client on console.sobornost.net