Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/eQz8jboqpBl9QMcDUGpTOUpemfI.roa
File: eQz8jboqpBl9QMcDUGpTOUpemfI.roa (raw, json)
Hash identifier: u/3RzabVYhFFBtFbQhB7mTDi0D7fHZzx2adia1AhMDw=
Subject key identifier: 79:0C:FC:8D:BA:2A:A4:19:7D:40:C7:03:50:6A:53:39:4A:5E:99:F2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3CBE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/eQz8jboqpBl9QMcDUGpTOUpemfI.roa
Signing time: Tue 09 Apr 2024 13:52:40 +0000
ROA not before: Tue 09 Apr 2024 13:52:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15550 (0x3cbe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 13:52:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=790CFC8DBA2AA4197D40C703506A53394A5E99F2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:96:9e:38:0b:9c:e7:38:f6:dd:8f:e5:98:e5:
bf:34:39:d0:48:67:dc:f6:7e:fd:0d:9c:eb:ab:f2:
13:04:1a:b0:51:e1:39:3c:22:90:c7:92:0f:28:b8:
fe:ab:60:bc:b0:91:86:54:79:29:b7:e0:b5:40:39:
7a:4c:79:3c:e1:67:d3:65:13:d8:4f:3c:d4:2b:90:
12:9b:89:0f:03:c7:28:8a:21:cf:d7:08:47:56:32:
85:0a:18:10:ff:c7:a2:64:04:14:ac:16:ae:20:22:
aa:42:d8:c7:77:dc:2a:22:0f:19:c3:c8:de:b4:01:
ca:ad:c6:2d:1b:0a:90:33:85:fe:91:00:a8:13:bb:
08:d1:29:31:0a:57:cb:57:d6:8a:18:fc:2d:43:3e:
79:77:65:d2:a9:96:1d:8e:45:59:42:db:a3:2b:b9:
93:4d:56:14:ec:83:a5:27:57:64:70:de:7d:24:2f:
63:ec:d3:99:b4:06:a5:87:1e:aa:fa:bc:64:e0:b2:
72:7b:c2:e3:3a:26:b9:91:90:2b:43:53:9d:e6:c2:
86:e3:bb:b3:34:93:af:86:5b:28:1c:4d:07:99:1d:
5f:b8:ed:91:ec:cc:39:e6:95:96:ab:e7:6d:eb:2d:
0d:bc:b9:65:1f:15:ad:b6:e9:49:b2:6d:14:02:6f:
8d:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:0C:FC:8D:BA:2A:A4:19:7D:40:C7:03:50:6A:53:39:4A:5E:99:F2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/eQz8jboqpBl9QMcDUGpTOUpemfI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b1:d0:85:e2:3f:45:cd:71:0d:c4:f9:f8:c8:f8:df:ce:3d:37:
90:a8:33:7a:51:2b:ee:e0:dd:85:a3:9d:06:c6:5f:a2:fe:1c:
9b:12:ff:c4:75:47:2d:e9:5f:13:a0:56:f4:f8:ae:08:75:ad:
8d:a8:99:f9:cc:a3:86:41:59:0b:64:11:50:3d:96:82:a4:68:
8d:32:b6:70:a8:d0:df:8e:31:e5:bf:e2:59:68:96:ae:e6:45:
20:67:c2:d6:9f:e6:71:cf:ad:ba:ea:70:7d:47:4b:0a:44:9d:
38:b5:06:f4:58:ac:fd:d7:dc:c4:f4:c8:66:07:75:06:9e:d2:
40:ed:0e:ce:c9:8d:00:37:49:a5:1b:61:10:42:d8:be:57:8c:
cd:89:d3:5d:55:9c:f2:3a:55:1a:77:5e:7d:db:66:31:54:c0:
54:6a:1f:2c:0a:78:f8:36:bc:92:45:8f:c6:f5:4b:f6:4c:6e:
16:d4:46:f2:45:93:29:33:5d:3e:c1:26:64:86:fd:55:b2:18:
d7:87:2a:5f:c3:3e:ee:7e:8e:3b:82:3e:75:b3:f6:fd:43:fe:
30:73:2a:1a:e9:dc:de:13:cd:e5:53:e0:44:94:91:7a:51:09:
ab:0e:c3:bc:06:0c:cc:a1:ec:48:28:ad:ea:cc:bd:31:c2:57:
2f:a5:26:ea
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPL4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkx
MzUyNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc5MENGQzhEQkEyQUE0
MTk3RDQwQzcwMzUwNkE1MzM5NEE1RTk5RjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXlp44C5znOPbdj+WY5b80OdBIZ9z2fv0NnOur8hMEGrBR4Tk8
IpDHkg8ouP6rYLywkYZUeSm34LVAOXpMeTzhZ9NlE9hPPNQrkBKbiQ8DxyiKIc/X
CEdWMoUKGBD/x6JkBBSsFq4gIqpC2Md33CoiDxnDyN60Acqtxi0bCpAzhf6RAKgT
uwjRKTEKV8tX1ooY/C1DPnl3ZdKplh2ORVlC26MruZNNVhTsg6UnV2Rw3n0kL2Ps
05m0BqWHHqr6vGTgsnJ7wuM6JrmRkCtDU53mwobju7M0k6+GWygcTQeZHV+47ZHs
zDnmlZar523rLQ28uWUfFa226UmybRQCb43RAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUeQz8jboqpBl9QMcDUGpTOUpemfIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2VRejhqYm9xcEJsOVFN
Y0RVR3BUT1VwZW1mSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAsdCF4j9FzXENxPn4yPjfzj03kKgzelEr
7uDdhaOdBsZfov4cmxL/xHVHLelfE6BW9PiuCHWtjaiZ+cyjhkFZC2QRUD2WgqRo
jTK2cKjQ344x5b/iWWiWruZFIGfC1p/mcc+tuupwfUdLCkSdOLUG9Fis/dfcxPTI
Zgd1Bp7SQO0OzsmNADdJpRthEELYvleMzYnTXVWc8jpVGndefdtmMVTAVGofLAp4
+Da8kkWPxvVL9kxuFtRG8kWTKTNdPsEmZIb9VbIY14cqX8M+7n6OO4I+dbP2/UP+
MHMqGunc3hPN5VPgRJSRelEJqw7DvAYMzKHsSCit6sy9McJXL6Um6g==
-----END CERTIFICATE-----
Generated at Tue Apr 9 20:29:13 2024 by rpki-client on console.sobornost.net