Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Wwy1CoJ7-NKYDPxRCmVdw4X-3nU.roa
File: Wwy1CoJ7-NKYDPxRCmVdw4X-3nU.roa (raw, json)
Hash identifier: g8JIDRCcP0M0TFWNTKPk+lszgNIundKti9rdLZiikpM=
Subject key identifier: 5B:0C:B5:0A:82:7B:F8:D2:98:0C:FC:51:0A:65:5D:C3:85:FE:DE:75
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E7A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Wwy1CoJ7-NKYDPxRCmVdw4X-3nU.roa
Signing time: Thu 11 Apr 2024 21:22:47 +0000
ROA not before: Thu 11 Apr 2024 21:22:47 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15994 (0x3e7a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 21:22:47 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5B0CB50A827BF8D2980CFC510A655DC385FEDE75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:dd:48:65:8a:1a:ca:48:68:40:05:b1:34:35:
b8:54:29:d6:54:3c:e7:ad:70:61:0a:cb:26:2f:fb:
0c:7d:c2:91:8e:a6:c4:9b:15:30:ad:45:7d:15:ee:
12:b2:a3:59:b2:f3:a3:18:5f:8c:64:fa:9a:2c:e7:
57:c6:b0:08:a8:5f:3d:dd:ae:eb:54:c9:12:9c:9f:
06:2f:59:be:da:1e:f5:fa:92:95:a7:7e:09:6b:b8:
5d:7b:2b:71:13:0d:d4:f3:98:4a:28:d5:4c:7d:4e:
7c:e5:52:67:da:39:d0:53:01:ed:f1:52:37:22:13:
d4:eb:32:6e:e3:42:ba:94:0b:6f:a8:1c:3a:50:71:
05:92:b5:f5:20:04:55:88:d6:06:7e:d5:50:88:18:
2b:12:e2:59:05:31:2d:d9:fb:26:97:5e:df:d4:63:
23:79:52:da:6e:b9:95:85:cf:d6:8b:1b:6e:f4:31:
5b:82:b5:2a:5c:7d:a5:cc:22:ea:e5:b6:b6:24:4e:
3f:40:66:1d:e2:27:ba:99:3e:29:63:d4:f5:15:1b:
b0:43:94:45:91:6c:e1:04:21:2d:ce:3a:d3:b6:29:
10:5c:06:74:6a:d0:e5:fd:62:cd:a7:05:26:88:f9:
e0:b7:aa:5e:10:fb:9d:31:43:b7:7c:33:7c:f6:12:
e6:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:0C:B5:0A:82:7B:F8:D2:98:0C:FC:51:0A:65:5D:C3:85:FE:DE:75
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Wwy1CoJ7-NKYDPxRCmVdw4X-3nU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
85:be:c9:f7:8e:9c:23:5e:54:59:0e:41:13:5d:c5:28:86:0b:
6d:12:5f:14:ea:f0:e5:3b:7f:c1:27:8e:5f:46:2f:ca:e8:d7:
77:3d:e3:ea:eb:5b:87:66:f1:8c:6c:6a:e5:a6:08:b6:cd:bf:
e7:5d:3b:ae:8a:50:c8:59:66:c0:60:01:4b:d2:bd:4c:7b:c0:
c7:3f:89:bc:e5:6a:2e:5a:3f:1f:22:9a:2a:2c:b4:37:4a:64:
9b:df:90:06:4a:7f:90:d0:e2:11:4c:3e:35:43:ac:ae:c7:86:
96:7b:0a:5c:94:51:a5:33:36:56:9e:c1:5d:65:9b:a5:7e:e1:
ef:9d:ff:36:13:3d:2e:26:f4:e2:17:44:ec:b2:3d:5b:45:e3:
22:fe:62:01:19:2f:09:3c:da:a8:50:eb:1b:99:54:1b:0b:8a:
ad:3b:0a:3c:6b:6b:2c:3c:b9:f9:e2:0a:12:9d:93:be:40:f3:
be:b4:90:77:36:8e:95:0d:cb:13:3c:1f:5a:64:a8:1d:d3:86:
ea:c2:5a:48:4e:f1:df:81:d9:6d:d5:e2:7e:f7:4f:e3:fa:14:
8f:e1:61:0a:b6:49:4a:fa:59:51:d5:d9:ab:6a:69:24:1b:2f:
88:23:bb:47:c6:c0:08:80:d6:dd:14:42:d7:f8:35:14:07:87:
b3:a6:ab:f3
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPnowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEy
MTIyNDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVCMENCNTBBODI3QkY4
RDI5ODBDRkM1MTBBNjU1REMzODVGRURFNzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCg3UhlihrKSGhABbE0NbhUKdZUPOetcGEKyyYv+wx9wpGOpsSb
FTCtRX0V7hKyo1my86MYX4xk+pos51fGsAioXz3drutUyRKcnwYvWb7aHvX6kpWn
fglruF17K3ETDdTzmEoo1Ux9TnzlUmfaOdBTAe3xUjciE9TrMm7jQrqUC2+oHDpQ
cQWStfUgBFWI1gZ+1VCIGCsS4lkFMS3Z+yaXXt/UYyN5UtpuuZWFz9aLG270MVuC
tSpcfaXMIurltrYkTj9AZh3iJ7qZPilj1PUVG7BDlEWRbOEEIS3OOtO2KRBcBnRq
0OX9Ys2nBSaI+eC3ql4Q+50xQ7d8M3z2EuafAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUWwy1CoJ7+NKYDPxRCmVdw4X+3nUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1d3eTFDb0o3LU5LWURQ
eFJDbVZkdzRYLTNuVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAhb7J946cI15UWQ5BE13FKIYLbRJfFOrw
5Tt/wSeOX0YvyujXdz3j6utbh2bxjGxq5aYIts2/5107ropQyFlmwGABS9K9THvA
xz+JvOVqLlo/HyKaKiy0N0pkm9+QBkp/kNDiEUw+NUOsrseGlnsKXJRRpTM2Vp7B
XWWbpX7h753/NhM9Lib04hdE7LI9W0XjIv5iARkvCTzaqFDrG5lUGwuKrTsKPGtr
LDy5+eIKEp2TvkDzvrSQdzaOlQ3LEzwfWmSoHdOG6sJaSE7x34HZbdXifvdP4/oU
j+FhCrZJSvpZUdXZq2ppJBsviCO7R8bACIDW3RRC1/g1FAeHs6ar8w==
-----END CERTIFICATE-----
Generated at Fri Apr 12 04:03:54 2024 by rpki-client on console.sobornost.net