Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZheOi-t8GI0lFD1lNCvA0Go-zU4.roa
File: ZheOi-t8GI0lFD1lNCvA0Go-zU4.roa (raw, json)
Hash identifier: tv7H+0bx7jWZhn8aDHjsjfdu57iWYcw9stmTpzOVwn8=
Subject key identifier: 66:17:8E:8B:EB:7C:18:8D:25:14:3D:65:34:2B:C0:D0:6A:3E:CD:4E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A5A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZheOi-t8GI0lFD1lNCvA0Go-zU4.roa
Signing time: Sat 27 Apr 2024 17:23:26 +0000
ROA not before: Sat 27 Apr 2024 17:23:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19034 (0x4a5a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 17:23:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=66178E8BEB7C188D25143D65342BC0D06A3ECD4E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:13:cf:59:e4:97:8f:13:01:cf:db:ac:ba:42:
50:f0:11:93:1d:1c:d8:1d:b6:53:a9:84:8e:60:3f:
50:c3:6c:28:82:b6:88:73:ef:15:9c:6b:41:af:73:
58:9d:df:83:38:9b:89:c9:54:66:6e:d4:06:4b:b4:
5a:7d:88:92:67:7a:92:68:c2:6b:66:7d:1b:f6:07:
2c:b3:d8:47:63:e8:e7:f4:a7:1c:9c:13:a2:14:62:
d4:e1:69:ee:86:37:c7:fa:fc:2a:f0:8c:61:5c:51:
3e:db:5f:d0:57:a1:38:af:0b:66:e8:eb:33:79:54:
db:2f:4a:cb:df:8c:24:5a:19:c3:6b:3b:a8:4a:95:
90:8e:23:98:c2:71:d8:8b:07:1a:2b:a7:aa:3d:95:
74:df:87:ee:72:48:d4:d3:5c:9b:48:67:20:6f:36:
ac:ce:ec:1b:f6:b8:28:b8:1d:e1:c4:91:0d:e0:06:
16:f7:74:52:ee:58:26:cb:2c:7e:a8:dc:a9:82:10:
27:1a:97:8d:9e:64:ff:92:c2:42:f9:d3:8c:b6:4a:
9c:84:23:f8:02:86:75:dd:84:ce:3f:90:d0:f4:20:
19:8c:ef:4d:68:cb:64:77:6d:54:e8:be:1e:94:22:
58:5b:b1:95:31:97:1f:87:4c:e5:26:cc:bc:f7:84:
98:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:17:8E:8B:EB:7C:18:8D:25:14:3D:65:34:2B:C0:D0:6A:3E:CD:4E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZheOi-t8GI0lFD1lNCvA0Go-zU4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
63:91:15:04:47:a8:5f:f9:36:34:ef:32:7c:5e:2d:f3:9a:1a:
2f:05:81:7e:7c:a1:19:fc:4a:14:9a:fc:2a:15:75:f2:22:3b:
cf:d2:04:d0:15:53:15:04:2c:78:ac:ca:c1:69:8d:42:da:51:
16:df:79:56:c4:b8:e6:0c:40:25:80:6e:15:ce:c6:d6:83:22:
6d:18:e0:4c:ae:be:06:dc:48:7f:62:be:e0:3e:d3:c0:d2:b7:
f2:cc:56:2a:85:15:dc:d5:0f:96:6f:8c:aa:38:a1:5f:ff:e7:
88:43:f7:81:66:58:e4:ed:94:83:a6:96:f8:c7:d7:ef:4c:01:
15:3e:8e:20:48:bd:45:49:33:48:3c:cc:1f:8c:bf:cc:a3:63:
77:ae:a3:58:95:f2:cf:cf:6a:4c:39:6d:3b:71:57:55:2e:21:
9a:7f:1f:83:38:68:f8:fa:61:c1:8c:ee:b7:2a:e3:84:89:49:
c6:46:1b:4e:f5:e1:09:7f:c3:d9:c0:00:c4:c5:5f:80:92:5b:
7d:74:93:06:6f:fc:b2:44:a8:59:21:92:2f:ad:10:bd:50:6c:
89:04:dd:0d:c0:d7:e2:99:0f:76:e0:99:85:03:be:4f:0d:ab:
70:35:4f:69:9a:40:9c:55:f8:03:9f:58:6e:e2:64:e2:12:fc:
22:d0:1d:50
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSlowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcx
NzIzMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY2MTc4RThCRUI3QzE4
OEQyNTE0M0Q2NTM0MkJDMEQwNkEzRUNENEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDpE89Z5JePEwHP26y6QlDwEZMdHNgdtlOphI5gP1DDbCiCtohz
7xWca0Gvc1id34M4m4nJVGZu1AZLtFp9iJJnepJowmtmfRv2Byyz2Edj6Of0pxyc
E6IUYtThae6GN8f6/CrwjGFcUT7bX9BXoTivC2bo6zN5VNsvSsvfjCRaGcNrO6hK
lZCOI5jCcdiLBxorp6o9lXTfh+5ySNTTXJtIZyBvNqzO7Bv2uCi4HeHEkQ3gBhb3
dFLuWCbLLH6o3KmCECcal42eZP+SwkL504y2SpyEI/gChnXdhM4/kND0IBmM701o
y2R3bVTovh6UIlhbsZUxlx+HTOUmzLz3hJijAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUZheOi+t8GI0lFD1lNCvA0Go+zU4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1poZU9pLXQ4R0kwbEZE
MWxOQ3ZBMEdvLXpVNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAY5EVBEeoX/k2NO8yfF4t85oaLwWBfnyh
GfxKFJr8KhV18iI7z9IE0BVTFQQseKzKwWmNQtpRFt95VsS45gxAJYBuFc7G1oMi
bRjgTK6+BtxIf2K+4D7TwNK38sxWKoUV3NUPlm+MqjihX//niEP3gWZY5O2Ug6aW
+MfX70wBFT6OIEi9RUkzSDzMH4y/zKNjd66jWJXyz89qTDltO3FXVS4hmn8fgzho
+PphwYzutyrjhIlJxkYbTvXhCX/D2cAAxMVfgJJbfXSTBm/8skSoWSGSL60QvVBs
iQTdDcDX4pkPduCZhQO+Tw2rcDVPaZpAnFX4A59YbuJk4hL8ItAdUA==
-----END CERTIFICATE-----
Generated at Sat Apr 27 23:07:35 2024 by rpki-client on console.sobornost.net