Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dkBMuW-MdXQ5FXAc71bno6BR6U0.roa
File: dkBMuW-MdXQ5FXAc71bno6BR6U0.roa (raw, json)
Hash identifier: ViFrOYSxioGB3UR+grVk/bynCkkSvO9jJiFWUodEgKQ=
Subject key identifier: 76:40:4C:B9:6F:8C:75:74:39:15:70:1C:EF:56:E7:A3:A0:51:E9:4D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3EC2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dkBMuW-MdXQ5FXAc71bno6BR6U0.roa
Signing time: Fri 12 Apr 2024 06:22:47 +0000
ROA not before: Fri 12 Apr 2024 06:22:47 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16066 (0x3ec2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 06:22:47 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=76404CB96F8C75743915701CEF56E7A3A051E94D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:66:39:91:78:5f:3c:87:b0:30:fd:97:34:da:
ef:8b:d0:d8:db:b8:d5:1f:e4:32:59:c6:ee:b6:d6:
5b:f3:b0:ef:43:d1:63:ab:1a:0d:30:da:f5:45:a9:
63:17:19:fc:54:61:ad:55:0d:58:2f:d7:64:83:81:
67:5f:47:67:5a:a9:bd:7f:fc:1b:0c:61:db:ff:ed:
9f:67:7c:e3:2d:c1:4f:d5:fc:9a:3b:53:12:3c:ad:
b5:8e:06:04:7b:2b:e7:71:3b:1f:0f:d6:7f:41:f1:
40:7c:8f:6f:e5:02:20:6a:da:d3:6f:42:9a:54:24:
e2:b6:f8:f3:fa:c6:1a:85:82:e5:2c:61:49:d2:13:
f1:7b:8a:1d:b2:ec:71:d0:87:dc:2e:f4:c8:df:1c:
47:df:3f:fa:1c:8e:64:83:c5:5c:f8:47:b0:21:ad:
ed:5e:ab:f6:ec:e6:e0:4a:30:6d:d2:ba:17:c8:00:
d0:89:b4:74:ba:96:eb:af:1f:19:21:d3:f1:13:51:
23:cc:bb:55:39:73:61:ff:5b:ac:79:44:2b:53:06:
d4:3a:d3:a2:6e:85:01:f8:9c:fa:59:4e:77:2b:74:
bd:8e:bf:5a:d8:1d:22:55:f2:6b:20:49:b1:aa:4a:
72:0b:f7:a7:18:27:cc:ed:9b:be:2d:ff:da:2f:5a:
43:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:40:4C:B9:6F:8C:75:74:39:15:70:1C:EF:56:E7:A3:A0:51:E9:4D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dkBMuW-MdXQ5FXAc71bno6BR6U0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3e:22:cd:12:74:d2:dc:5e:fd:9e:73:f6:f9:4c:bc:b3:94:e4:
2a:4d:59:7a:fa:94:ec:7d:9a:5d:58:de:95:f0:82:59:9b:8b:
3b:01:ef:70:29:e2:53:2a:fe:bc:e7:ae:3c:6b:be:6c:25:ea:
e1:d6:6c:a6:07:10:92:f2:e9:c1:f3:75:f3:1f:25:6d:92:d6:
88:bc:e7:d8:46:fe:82:e2:94:72:7f:b3:f6:33:81:4e:c1:de:
61:ba:fc:9b:1c:60:e1:a5:47:2e:cd:42:ff:1a:42:e8:f8:28:
42:fd:77:aa:e7:53:1a:be:7d:3e:57:7f:af:88:02:de:75:17:
28:a3:48:14:f7:a1:ee:4b:15:09:7a:91:7b:d6:09:3f:1e:ab:
be:c7:43:d1:b4:5b:84:24:d8:28:bc:db:b8:ed:04:5d:03:e6:
b2:1b:35:80:06:e9:f5:09:d8:b9:5d:3a:0f:47:81:b7:f3:07:
5d:ce:ba:b2:59:65:d8:3e:36:ec:23:c9:fe:e6:ac:54:3d:16:
e1:a4:55:c0:d2:55:d4:35:a4:e0:b2:c3:00:7c:dc:0d:bd:eb:
fc:50:5c:e0:d9:af:6e:09:40:be:8d:73:37:d3:12:70:50:aa:
46:e5:c7:e8:65:3b:24:69:c2:9f:4c:1e:a7:01:af:b8:9a:a8:
ef:6b:bd:5d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPsIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIw
NjIyNDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc2NDA0Q0I5NkY4Qzc1
NzQzOTE1NzAxQ0VGNTZFN0EzQTA1MUU5NEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/ZjmReF88h7Aw/Zc02u+L0NjbuNUf5DJZxu621lvzsO9D0WOr
Gg0w2vVFqWMXGfxUYa1VDVgv12SDgWdfR2daqb1//BsMYdv/7Z9nfOMtwU/V/Jo7
UxI8rbWOBgR7K+dxOx8P1n9B8UB8j2/lAiBq2tNvQppUJOK2+PP6xhqFguUsYUnS
E/F7ih2y7HHQh9wu9MjfHEffP/ocjmSDxVz4R7Ahre1eq/bs5uBKMG3SuhfIANCJ
tHS6luuvHxkh0/ETUSPMu1U5c2H/W6x5RCtTBtQ606JuhQH4nPpZTncrdL2Ov1rY
HSJV8msgSbGqSnIL96cYJ8ztm74t/9ovWkOBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUdkBMuW+MdXQ5FXAc71bno6BR6U0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RrQk11Vy1NZFhRNUZY
QWM3MWJubzZCUjZVMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAPiLNEnTS3F79nnP2+Uy8s5TkKk1ZevqU
7H2aXVjelfCCWZuLOwHvcCniUyr+vOeuPGu+bCXq4dZspgcQkvLpwfN18x8lbZLW
iLzn2Eb+guKUcn+z9jOBTsHeYbr8mxxg4aVHLs1C/xpC6PgoQv13qudTGr59Pld/
r4gC3nUXKKNIFPeh7ksVCXqRe9YJPx6rvsdD0bRbhCTYKLzbuO0EXQPmshs1gAbp
9QnYuV06D0eBt/MHXc66slll2D427CPJ/uasVD0W4aRVwNJV1DWk4LLDAHzcDb3r
/FBc4NmvbglAvo1zN9MScFCqRuXH6GU7JGnCn0wepwGvuJqo72u9XQ==
-----END CERTIFICATE-----
Generated at Fri Apr 12 12:41:58 2024 by rpki-client on console.sobornost.net