Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Xi7i1W2GKszNqLlSgAZnVeT-raU.roa
File: Xi7i1W2GKszNqLlSgAZnVeT-raU.roa (raw, json)
Hash identifier: NV2kMeKsC6VxCC9GPTj+8AflgemWI/MWLS4S+rjijR8=
Subject key identifier: 5E:2E:E2:D5:6D:86:2A:CC:CD:A8:B9:52:80:06:67:55:E4:FE:AD:A5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E32
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Xi7i1W2GKszNqLlSgAZnVeT-raU.roa
Signing time: Thu 02 May 2024 20:23:40 +0000
ROA not before: Thu 02 May 2024 20:23:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20018 (0x4e32)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 20:23:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5E2EE2D56D862ACCCDA8B95280066755E4FEADA5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:b4:0e:f5:9d:88:b9:72:25:66:bf:5f:19:2d:
76:d1:0f:1e:0e:15:7e:3f:3a:9a:e2:88:7f:9f:07:
7c:ea:92:80:2c:f6:5c:53:0c:b1:75:04:76:a3:56:
8d:88:c2:ab:99:89:3e:3f:89:7f:0e:93:49:b6:43:
80:3d:89:0e:9c:0e:9a:f8:0e:4c:39:db:f9:1c:65:
86:ac:26:42:e9:af:c6:98:b4:a2:47:96:4a:0d:d1:
24:e6:c9:b7:3d:5b:3c:cb:98:85:4b:e3:de:99:34:
b4:ce:5d:d9:94:2e:a0:f4:47:80:fd:67:6d:03:14:
e5:a8:6a:be:37:3a:29:69:e7:38:8e:3e:e8:8d:18:
cc:bf:3b:9f:76:b4:4f:c2:8b:ae:fe:2c:f7:be:0d:
e4:98:8e:05:1b:b4:e7:e7:86:e8:65:d8:06:b3:ad:
01:f8:9a:81:2a:70:e4:f2:0f:45:ba:46:06:b7:4b:
b4:28:70:ae:37:48:b6:ec:14:2c:0a:31:5b:a3:86:
34:51:13:9a:7b:c1:cb:dd:bc:3a:fc:20:8c:f9:d0:
dd:57:e1:05:7e:bc:de:4e:4d:92:8c:fe:7a:a7:70:
f8:b5:1d:e1:85:24:13:96:99:a7:7c:1e:31:4c:10:
ba:0b:7a:93:f5:63:0a:76:f2:5f:0c:07:4f:5e:0e:
65:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:2E:E2:D5:6D:86:2A:CC:CD:A8:B9:52:80:06:67:55:E4:FE:AD:A5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Xi7i1W2GKszNqLlSgAZnVeT-raU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a3:9f:1f:c8:af:58:af:96:08:d2:9b:94:57:2b:8e:3a:ee:93:
03:ce:60:62:a4:e4:b2:70:8a:c2:1a:25:6a:38:3f:56:43:cd:
58:0f:86:05:1a:ec:48:ff:85:e6:0a:27:eb:da:c0:dd:57:90:
01:5c:47:8c:de:e5:65:9b:83:5a:4a:6e:cd:d9:60:19:8b:62:
3a:61:7d:8b:31:e0:cd:85:24:29:7b:77:76:8b:07:fb:e0:10:
6f:a6:53:75:2c:cb:ee:26:1e:66:0a:29:82:1d:95:36:28:e7:
14:33:cd:2d:d6:5f:ad:4c:61:e3:a0:ac:d7:ea:cf:db:b2:a0:
af:0d:3e:8b:5e:c6:37:a6:bd:e2:c1:79:9c:2e:bd:9f:89:8b:
48:9c:ce:7b:f0:eb:32:ed:a1:86:2a:51:0a:71:0c:90:f1:4c:
07:ca:48:74:b6:a2:22:7d:27:f8:93:f4:81:1b:d2:32:36:d0:
0b:b9:20:59:b8:92:fa:e9:5f:e2:7f:4c:e6:51:8c:60:b3:32:
56:a4:51:88:80:98:b1:79:95:60:51:6b:c8:a1:64:36:41:2a:
b0:18:fc:aa:e1:0a:d4:92:29:0c:a9:76:b0:dc:18:ee:fc:1d:
fb:d2:d6:b7:f5:97:03:1a:47:1d:20:38:ae:71:ab:76:06:ff:
c3:45:51:39
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTjIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIy
MDIzNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVFMkVFMkQ1NkQ4NjJB
Q0NDREE4Qjk1MjgwMDY2NzU1RTRGRUFEQTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD0tA71nYi5ciVmv18ZLXbRDx4OFX4/OpriiH+fB3zqkoAs9lxT
DLF1BHajVo2IwquZiT4/iX8Ok0m2Q4A9iQ6cDpr4Dkw52/kcZYasJkLpr8aYtKJH
lkoN0STmybc9WzzLmIVL496ZNLTOXdmULqD0R4D9Z20DFOWoar43Oilp5ziOPuiN
GMy/O592tE/Ci67+LPe+DeSYjgUbtOfnhuhl2AazrQH4moEqcOTyD0W6Rga3S7Qo
cK43SLbsFCwKMVujhjRRE5p7wcvdvDr8IIz50N1X4QV+vN5OTZKM/nqncPi1HeGF
JBOWmad8HjFMELoLepP1Ywp28l8MB09eDmXbAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUXi7i1W2GKszNqLlSgAZnVeT+raUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hpN2kxVzJHS3N6TnFM
bFNnQVpuVmVULXJhVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAo58fyK9Yr5YI0puUVyuOOu6TA85gYqTk
snCKwholajg/VkPNWA+GBRrsSP+F5gon69rA3VeQAVxHjN7lZZuDWkpuzdlgGYti
OmF9izHgzYUkKXt3dosH++AQb6ZTdSzL7iYeZgopgh2VNijnFDPNLdZfrUxh46Cs
1+rP27Kgrw0+i17GN6a94sF5nC69n4mLSJzOe/DrMu2hhipRCnEMkPFMB8pIdLai
In0n+JP0gRvSMjbQC7kgWbiS+ulf4n9M5lGMYLMyVqRRiICYsXmVYFFryKFkNkEq
sBj8quEK1JIpDKl2sNwY7vwd+9LWt/WXAxpHHSA4rnGrdgb/w0VROQ==
-----END CERTIFICATE-----
Generated at Fri May 3 04:07:18 2024 by rpki-client on console.sobornost.net