Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Zu1h5DAFILYL3CrskZA-qcY2r5w.roa
File: Zu1h5DAFILYL3CrskZA-qcY2r5w.roa (raw, json)
Hash identifier: 3RikuggCuvA3bNORcWDvS8yNV3Ks2HOqUww+cID6yH8=
Subject key identifier: 66:ED:61:E4:30:05:20:B6:0B:DC:2A:EC:91:90:3E:A9:C6:36:AF:9C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 414E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Zu1h5DAFILYL3CrskZA-qcY2r5w.roa
Signing time: Mon 15 Apr 2024 15:52:53 +0000
ROA not before: Mon 15 Apr 2024 15:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16718 (0x414e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 15:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=66ED61E4300520B60BDC2AEC91903EA9C636AF9C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:36:66:a0:e9:1b:02:56:67:6f:b6:f5:13:1b:
68:21:fc:8e:9f:17:80:ee:25:e6:79:99:24:e4:73:
cd:e9:81:13:2a:a9:92:03:b6:73:73:3d:2d:62:6a:
a5:53:c1:b8:74:3c:ea:f9:0b:c1:bb:42:7a:8d:ad:
29:49:4d:18:78:08:d9:f6:6c:ff:b7:20:ca:d7:04:
dd:44:d1:ce:11:b8:87:44:13:5e:64:bb:bf:90:15:
d8:ec:f8:a2:3d:1e:b8:4d:22:b0:1f:33:36:ee:8d:
bf:0e:ab:74:4c:03:2e:88:7a:c8:9e:85:8e:d0:61:
dc:a4:a2:96:64:b2:c3:a9:b2:5b:ce:92:10:ae:d2:
88:03:05:09:a8:88:9b:db:31:83:4c:b8:30:24:f7:
8e:2b:ad:12:ec:7c:23:2a:a1:a6:54:78:ad:8f:f3:
a9:1a:63:22:11:e2:b9:92:48:59:91:32:73:e7:78:
30:04:7f:9d:e5:30:13:76:fb:e4:12:21:f0:c7:3e:
52:e8:02:0b:5d:cd:9d:ef:02:d0:0d:b3:01:7b:37:
d6:a3:c0:21:aa:9a:03:ce:9d:9d:a5:7b:3d:fd:0c:
ca:d9:5f:a9:8d:91:7c:38:97:c7:6a:5d:a0:44:27:
2e:5f:6f:98:89:1c:ac:a1:bb:3a:ed:aa:7f:d4:5f:
f9:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:ED:61:E4:30:05:20:B6:0B:DC:2A:EC:91:90:3E:A9:C6:36:AF:9C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Zu1h5DAFILYL3CrskZA-qcY2r5w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
bc:8d:d1:0a:99:86:84:49:82:52:ef:d0:f4:2a:85:39:c8:51:
13:f8:5b:74:23:3f:89:b7:68:c4:81:68:d2:78:1a:5e:50:d6:
6e:48:3e:68:9f:0a:e1:60:c4:ee:30:d4:57:a4:ed:05:16:ef:
cf:e6:31:91:59:77:cc:21:07:15:c4:fa:55:a9:d5:74:bb:cb:
02:91:04:ce:8c:3f:03:2e:02:87:55:3c:a0:e0:07:3a:57:3b:
91:03:dc:1f:ce:f3:39:8c:01:d8:2d:a5:f4:de:6b:b3:d7:bc:
67:7a:e4:db:01:1e:4c:af:27:ca:04:f8:05:f2:f6:7c:f2:6d:
35:97:cc:b1:bc:93:87:60:55:33:3d:4a:0c:f2:af:41:e8:84:
e7:94:05:1e:1c:17:19:1c:9b:fa:fb:22:4d:a6:4d:89:16:9b:
7b:48:c1:8c:6d:3f:7f:dc:45:41:24:22:09:e0:be:4b:95:02:
ce:21:ec:d5:b3:84:09:0a:a2:ab:67:0f:2e:09:13:dd:e3:08:
83:17:14:99:7d:d5:1a:30:b7:c8:86:fd:9c:46:71:21:4b:57:
d6:9d:11:8a:e8:a0:c4:ac:d3:b5:78:3f:2b:ec:7e:ed:f2:16:
86:dd:e0:1b:59:01:bf:f8:32:5e:30:da:66:e7:d3:e5:87:58:
fe:1d:e5:a3
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQU4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
NTUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY2RUQ2MUU0MzAwNTIw
QjYwQkRDMkFFQzkxOTAzRUE5QzYzNkFGOUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9Nmag6RsCVmdvtvUTG2gh/I6fF4DuJeZ5mSTkc83pgRMqqZID
tnNzPS1iaqVTwbh0POr5C8G7QnqNrSlJTRh4CNn2bP+3IMrXBN1E0c4RuIdEE15k
u7+QFdjs+KI9HrhNIrAfMzbujb8Oq3RMAy6IesiehY7QYdykopZkssOpslvOkhCu
0ogDBQmoiJvbMYNMuDAk944rrRLsfCMqoaZUeK2P86kaYyIR4rmSSFmRMnPneDAE
f53lMBN2++QSIfDHPlLoAgtdzZ3vAtANswF7N9ajwCGqmgPOnZ2lez39DMrZX6mN
kXw4l8dqXaBEJy5fb5iJHKyhuzrtqn/UX/nVAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUZu1h5DAFILYL3CrskZA+qcY2r5wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1p1MWg1REFGSUxZTDND
cnNrWkEtcWNZMnI1dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAvI3RCpmGhEmCUu/Q9CqFOchRE/hbdCM/
ibdoxIFo0ngaXlDWbkg+aJ8K4WDE7jDUV6TtBRbvz+YxkVl3zCEHFcT6VanVdLvL
ApEEzow/Ay4Ch1U8oOAHOlc7kQPcH87zOYwB2C2l9N5rs9e8Z3rk2wEeTK8nygT4
BfL2fPJtNZfMsbyTh2BVMz1KDPKvQeiE55QFHhwXGRyb+vsiTaZNiRabe0jBjG0/
f9xFQSQiCeC+S5UCziHs1bOECQqiq2cPLgkT3eMIgxcUmX3VGjC3yIb9nEZxIUtX
1p0RiuigxKzTtXg/K+x+7fIWht3gG1kBv/gyXjDaZufT5YdY/h3low==
-----END CERTIFICATE-----
Generated at Tue Apr 16 00:10:50 2024 by rpki-client on console.sobornost.net