Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Wi5DzXUG7D9KgXBX4gNGuHN9ut4.roa
File: Wi5DzXUG7D9KgXBX4gNGuHN9ut4.roa (raw, json)
Hash identifier: 0HxGfRRFadPJy+Y23vEizOhR/UNEBhwNZyC93vTZ8uM=
Subject key identifier: 5A:2E:43:CD:75:06:EC:3F:4A:81:70:57:E2:03:46:B8:73:7D:BA:DE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5516
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Wi5DzXUG7D9KgXBX4gNGuHN9ut4.roa
Signing time: Sun 12 May 2024 00:54:02 +0000
ROA not before: Sun 12 May 2024 00:54:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21782 (0x5516)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 00:54:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5A2E43CD7506EC3F4A817057E20346B8737DBADE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:e7:a3:34:02:2e:9e:07:53:e0:02:2a:a9:f0:
e3:ea:d3:ce:7a:1c:f8:5d:47:2d:c2:ce:63:24:3a:
7f:10:8c:35:c5:e4:a3:17:92:5f:56:08:46:a7:5b:
94:98:3e:b8:a9:3b:2d:98:f0:b4:d1:b6:51:9c:78:
b0:c0:70:68:38:fb:4b:05:16:14:00:97:8d:59:28:
6d:83:c7:95:99:9e:86:9c:9d:cc:cb:64:62:54:1c:
f6:0b:a5:d6:19:8c:66:da:57:00:d3:5e:a9:9d:3b:
62:4c:9a:d8:44:d5:e6:8f:87:60:b0:34:bc:c3:c6:
12:d9:15:63:fa:e7:ec:ac:4d:29:d7:f4:58:28:1d:
d1:3b:8d:24:89:a8:ae:24:df:d6:7c:ad:35:97:cf:
2a:3a:fb:81:5d:db:d8:7b:64:b5:9d:12:91:f3:55:
bd:44:f0:6f:55:04:dd:80:8c:7a:c4:e8:58:52:b4:
86:de:77:bc:f2:f2:03:17:1c:01:0c:64:17:43:fa:
da:d9:d4:72:b3:90:e3:82:6a:81:40:4d:89:b4:55:
43:9b:1d:3b:fc:d9:be:77:87:b7:39:b8:85:c2:64:
b7:cf:fc:a6:d3:4c:13:3e:7f:c6:e1:62:3f:c7:cb:
3b:e5:aa:c7:7c:f5:8f:9c:c0:a1:a1:1e:59:44:23:
55:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:2E:43:CD:75:06:EC:3F:4A:81:70:57:E2:03:46:B8:73:7D:BA:DE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Wi5DzXUG7D9KgXBX4gNGuHN9ut4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
38:7b:ff:53:25:1a:3c:b5:62:3a:03:c3:52:88:08:c3:df:be:
d8:62:8d:1a:f4:1a:a3:81:0d:a8:af:d1:2c:ae:7f:88:2c:92:
00:37:69:4b:5a:82:1e:b2:9d:5e:7b:d1:ee:4f:3c:f3:28:9e:
36:16:a6:f6:1a:79:95:ea:b8:de:43:13:a2:67:dc:e2:f6:cf:
6d:22:32:36:1a:59:e5:47:65:0c:69:0e:a7:59:f2:7e:30:fe:
a8:81:a1:c3:f7:61:6b:af:66:32:03:d4:64:96:c1:16:b2:0d:
9e:65:86:05:d4:57:df:46:8e:ce:0b:98:d6:16:b7:02:97:f0:
40:e4:8d:ec:26:e6:12:71:55:7d:ba:93:b2:1f:2e:b9:e4:c3:
35:a0:e4:2c:29:70:8c:c5:8f:74:53:f8:bc:e9:7e:1a:84:25:
bf:07:10:7d:e4:d0:c8:90:60:7d:4d:49:39:8c:88:67:ee:8a:
bb:02:47:19:48:af:92:58:13:2f:9e:44:e5:3f:9d:a0:44:91:
ef:90:36:9b:d5:4c:19:0f:bf:8a:4d:a5:23:6e:a1:0f:e7:e5:
af:54:64:92:28:75:46:00:ba:67:a5:cc:38:f1:7e:c6:e6:69:
3a:6a:86:93:1d:07:17:e9:60:10:5d:57:6f:e0:69:a8:df:7d:
25:73:75:3e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVRYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIw
MDU0MDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVBMkU0M0NENzUwNkVD
M0Y0QTgxNzA1N0UyMDM0NkI4NzM3REJBREUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCg56M0Ai6eB1PgAiqp8OPq0856HPhdRy3CzmMkOn8QjDXF5KMX
kl9WCEanW5SYPripOy2Y8LTRtlGceLDAcGg4+0sFFhQAl41ZKG2Dx5WZnoacnczL
ZGJUHPYLpdYZjGbaVwDTXqmdO2JMmthE1eaPh2CwNLzDxhLZFWP65+ysTSnX9Fgo
HdE7jSSJqK4k39Z8rTWXzyo6+4Fd29h7ZLWdEpHzVb1E8G9VBN2AjHrE6FhStIbe
d7zy8gMXHAEMZBdD+trZ1HKzkOOCaoFATYm0VUObHTv82b53h7c5uIXCZLfP/KbT
TBM+f8bhYj/Hyzvlqsd89Y+cwKGhHllEI1VrAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUWi5DzXUG7D9KgXBX4gNGuHN9ut4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dpNUR6WFVHN0Q5S2dY
Qlg0Z05HdUhOOXV0NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAOHv/UyUaPLViOgPDUogIw9++2GKNGvQa
o4ENqK/RLK5/iCySADdpS1qCHrKdXnvR7k888yieNham9hp5leq43kMTomfc4vbP
bSIyNhpZ5UdlDGkOp1nyfjD+qIGhw/dha69mMgPUZJbBFrINnmWGBdRX30aOzguY
1ha3ApfwQOSN7CbmEnFVfbqTsh8uueTDNaDkLClwjMWPdFP4vOl+GoQlvwcQfeTQ
yJBgfU1JOYyIZ+6KuwJHGUivklgTL55E5T+doESR75A2m9VMGQ+/ik2lI26hD+fl
r1Rkkih1RgC6Z6XMOPF+xuZpOmqGkx0HF+lgEF1Xb+BpqN99JXN1Pg==
-----END CERTIFICATE-----
Generated at Sun May 12 05:26:37 2024 by rpki-client on console.sobornost.net