Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/bmYOajwd19-folromQbcy59xKqo.roa
File: bmYOajwd19-folromQbcy59xKqo.roa (raw, json)
Hash identifier: pJH6sOWik5Npo6aLxcHzo4vi/2ksZa/V4ZZSRlYg/wc=
Subject key identifier: 6E:66:0E:6A:3C:1D:D7:DF:9F:A2:5A:E8:99:06:DC:CB:9F:71:2A:AA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4362
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bmYOajwd19-folromQbcy59xKqo.roa
Signing time: Thu 18 Apr 2024 10:23:01 +0000
ROA not before: Thu 18 Apr 2024 10:23:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17250 (0x4362)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 10:23:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6E660E6A3C1DD7DF9FA25AE89906DCCB9F712AAA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:a7:fd:2a:0d:66:5d:1a:fa:b6:e7:57:b6:13:
ba:79:cc:fa:3c:4e:39:47:f1:f4:53:14:67:6f:4c:
50:48:ed:fb:74:7f:71:83:c5:2e:f1:3e:08:61:d1:
4e:c2:2c:a3:e7:8f:1e:5d:e2:58:6a:fc:5c:a8:60:
9f:b2:4f:ef:d4:a3:25:a8:af:b6:b8:4b:f4:14:58:
ac:9f:53:b7:15:af:6b:f3:a4:f5:4f:56:4d:76:a2:
69:0a:39:44:8e:b1:16:d0:04:ba:15:d3:04:eb:ca:
64:91:ed:5f:69:65:10:6e:87:18:5b:fd:7e:9b:4a:
8f:54:ea:bc:d6:be:5f:cd:26:bd:1f:85:f4:d3:94:
d7:46:9d:53:b8:88:5f:1c:99:d6:57:1d:29:51:5a:
a1:9e:f8:07:ee:c9:d7:43:45:8b:01:b7:2f:5c:46:
41:e3:eb:57:f9:e8:80:c1:2f:f9:db:9b:11:d1:d6:
6a:41:72:62:c4:4f:5c:e8:5a:10:c3:86:3d:5e:72:
5d:d1:8e:46:37:21:49:cf:75:5e:ee:eb:0e:a1:4c:
eb:3c:8f:1a:e8:81:5f:eb:09:66:63:88:b5:bd:49:
1c:f3:4d:24:68:ea:9b:d4:06:8c:c4:49:ec:c7:94:
0c:37:d7:7e:b9:0e:64:53:fd:69:c1:3d:d4:a0:0b:
ea:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:66:0E:6A:3C:1D:D7:DF:9F:A2:5A:E8:99:06:DC:CB:9F:71:2A:AA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bmYOajwd19-folromQbcy59xKqo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
94:01:92:0b:ac:0d:fb:93:05:aa:87:9d:f1:96:c5:5c:30:fb:
0c:dc:25:03:8d:61:3d:8d:2b:8d:7d:c0:53:73:9a:f8:26:70:
3a:9a:a7:f9:dc:6d:0d:98:c1:cd:4f:08:e9:9f:a5:3b:05:d2:
1c:c6:51:ec:7e:1c:90:be:0f:5e:fa:ea:0d:be:c8:ff:5a:ed:
89:7e:5d:b8:3c:3f:2b:85:bc:0e:d1:40:f9:63:a4:a8:59:38:
20:c9:a5:79:4e:2d:9b:c9:74:38:de:2a:a3:61:2e:9d:e1:d7:
43:41:eb:c9:96:bb:7f:f3:7d:8d:70:3c:82:88:58:80:95:f5:
d8:3c:2e:51:03:c2:7f:e1:0d:fd:1e:c1:d0:b0:ba:ff:4a:e3:
c5:34:24:95:bd:c2:5e:60:2a:d2:c6:6c:7c:81:3b:ed:01:0d:
5d:60:52:bf:63:e4:84:63:55:af:fa:aa:54:18:70:a7:38:78:
33:37:93:4c:a7:fb:ee:2b:57:60:a8:0b:61:2c:3c:b1:54:85:
6d:e8:fc:d1:03:1d:92:4e:0f:a8:27:fd:ae:88:3f:36:18:05:
36:cf:36:79:35:ca:76:59:05:f8:21:fb:2f:99:65:cb:e1:6b:
a7:3c:47:e0:91:99:66:a8:18:26:3d:57:ec:d6:0e:a5:5a:1d:
f1:44:8d:0d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQ2IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgx
MDIzMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZFNjYwRTZBM0MxREQ3
REY5RkEyNUFFODk5MDZEQ0NCOUY3MTJBQUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLp/0qDWZdGvq251e2E7p5zPo8TjlH8fRTFGdvTFBI7ft0f3GD
xS7xPghh0U7CLKPnjx5d4lhq/FyoYJ+yT+/UoyWor7a4S/QUWKyfU7cVr2vzpPVP
Vk12omkKOUSOsRbQBLoV0wTrymSR7V9pZRBuhxhb/X6bSo9U6rzWvl/NJr0fhfTT
lNdGnVO4iF8cmdZXHSlRWqGe+AfuyddDRYsBty9cRkHj61f56IDBL/nbmxHR1mpB
cmLET1zoWhDDhj1ecl3RjkY3IUnPdV7u6w6hTOs8jxrogV/rCWZjiLW9SRzzTSRo
6pvUBozESezHlAw31365DmRT/WnBPdSgC+qBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUbmYOajwd19+folromQbcy59xKqowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2JtWU9handkMTktZm9s
cm9tUWJjeTU5eEtxby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAlAGSC6wN+5MFqoed8ZbFXDD7DNwlA41h
PY0rjX3AU3Oa+CZwOpqn+dxtDZjBzU8I6Z+lOwXSHMZR7H4ckL4PXvrqDb7I/1rt
iX5duDw/K4W8DtFA+WOkqFk4IMmleU4tm8l0ON4qo2EuneHXQ0HryZa7f/N9jXA8
gohYgJX12DwuUQPCf+EN/R7B0LC6/0rjxTQklb3CXmAq0sZsfIE77QENXWBSv2Pk
hGNVr/qqVBhwpzh4MzeTTKf77itXYKgLYSw8sVSFbej80QMdkk4PqCf9rog/NhgF
Ns82eTXKdlkF+CH7L5lly+FrpzxH4JGZZqgYJj1X7NYOpVod8USNDQ==
-----END CERTIFICATE-----
Generated at Thu Apr 18 18:13:35 2024 by rpki-client on console.sobornost.net