Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fDgPmOD_cOWKhmbyqUeLj16PELs.roa
File: fDgPmOD_cOWKhmbyqUeLj16PELs.roa (raw, json)
Hash identifier: bSy7pA3skfGhh7TvU8ZQ9cUxsqNT7P99VBMWSjp1uqw=
Subject key identifier: 7C:38:0F:98:E0:FF:70:E5:8A:86:66:F2:A9:47:8B:8F:5E:8F:10:BB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C1E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fDgPmOD_cOWKhmbyqUeLj16PELs.roa
Signing time: Tue 30 Apr 2024 01:53:31 +0000
ROA not before: Tue 30 Apr 2024 01:53:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19486 (0x4c1e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 01:53:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7C380F98E0FF70E58A8666F2A9478B8F5E8F10BB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:c7:ca:17:0a:18:19:5b:bf:e5:88:ad:45:1b:
2e:bf:93:3c:37:cd:92:18:2f:40:3a:01:73:ad:ec:
9b:20:47:5b:e2:a2:2e:89:38:d4:f3:89:e6:a3:c2:
12:cd:39:cf:cf:e8:2a:f1:32:eb:81:68:7f:cc:8b:
8b:ac:8e:e6:f6:0d:e5:b6:93:be:ef:17:0b:36:b0:
5d:0f:b8:be:09:ce:28:6a:27:99:42:aa:13:ef:f4:
05:84:97:7c:56:92:65:42:1d:14:ae:49:4c:ac:0b:
2e:fa:80:b5:8d:ab:5c:e9:51:06:57:4b:c4:99:03:
a7:90:84:24:04:83:79:8a:fd:9c:cb:b9:b1:f2:c1:
ca:f5:61:04:43:49:ba:9f:60:aa:69:c3:f1:d0:29:
91:07:37:d1:71:3c:68:d1:b5:79:86:ff:1a:7f:29:
bf:e6:b3:77:db:13:30:b0:44:3f:8a:99:d5:3c:4e:
79:cd:dd:71:3e:6a:85:44:be:bf:b9:4e:9d:a3:bc:
6f:d2:20:d2:14:27:43:71:94:74:54:e5:09:69:8d:
41:22:b8:9f:9c:d6:a9:85:35:c7:d1:d7:17:9a:f4:
bc:f5:af:d6:d2:b5:4e:b1:62:4b:86:37:95:ef:6e:
b0:bb:7b:29:ba:ae:c7:3d:98:7d:c8:c4:20:71:03:
f3:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:38:0F:98:E0:FF:70:E5:8A:86:66:F2:A9:47:8B:8F:5E:8F:10:BB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fDgPmOD_cOWKhmbyqUeLj16PELs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9c:4e:96:cb:bc:8a:43:57:2b:e3:36:91:f9:e5:c9:91:1e:b6:
91:7d:cf:2f:d7:3b:bd:29:69:62:05:75:8b:85:84:c0:a6:1b:
10:05:60:05:f9:0c:83:bd:26:44:e7:5c:88:54:09:69:c6:09:
8b:2d:d8:57:45:1d:13:36:f5:20:78:98:ab:56:eb:ba:ed:c4:
ab:7d:d3:4e:a4:e3:76:0c:54:78:64:c5:30:9b:65:4b:3d:53:
ea:25:ae:63:2c:67:73:dc:fb:1f:c4:cb:03:91:6f:a9:0a:68:
5e:c3:d8:8e:68:8a:6f:0b:78:7a:fe:4a:bf:d6:62:b2:6e:a4:
de:89:30:a1:33:22:2d:d0:a3:e3:98:fe:40:c9:4d:c6:9b:f3:
9d:5d:a5:e2:cf:ab:fc:13:ea:d3:f0:05:9d:cc:38:88:45:52:
75:a7:e5:09:73:51:5d:f4:56:f3:e0:af:23:75:ca:b4:89:c0:
d3:53:5a:fd:10:4c:38:d6:f9:69:90:61:1d:db:35:ef:3e:f8:
82:5e:dc:a1:95:57:81:03:90:b1:1a:c6:ea:df:72:69:bd:60:
d2:eb:05:9b:bf:40:75:4d:4e:c9:56:ee:eb:23:94:7e:37:6a:
88:6a:16:d1:04:96:17:76:9c:7f:85:9c:2a:d3:dd:5a:d5:8c:
05:5b:9f:0d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTB4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAw
MTUzMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdDMzgwRjk4RTBGRjcw
RTU4QTg2NjZGMkE5NDc4QjhGNUU4RjEwQkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBx8oXChgZW7/liK1FGy6/kzw3zZIYL0A6AXOt7JsgR1vioi6J
ONTzieajwhLNOc/P6CrxMuuBaH/Mi4usjub2DeW2k77vFws2sF0PuL4JzihqJ5lC
qhPv9AWEl3xWkmVCHRSuSUysCy76gLWNq1zpUQZXS8SZA6eQhCQEg3mK/ZzLubHy
wcr1YQRDSbqfYKppw/HQKZEHN9FxPGjRtXmG/xp/Kb/ms3fbEzCwRD+KmdU8TnnN
3XE+aoVEvr+5Tp2jvG/SINIUJ0NxlHRU5QlpjUEiuJ+c1qmFNcfR1xea9Lz1r9bS
tU6xYkuGN5XvbrC7eym6rsc9mH3IxCBxA/PhAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUfDgPmOD/cOWKhmbyqUeLj16PELswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZEZ1BtT0RfY09XS2ht
YnlxVWVMajE2UEVMcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAnE6Wy7yKQ1cr4zaR+eXJkR62kX3PL9c7
vSlpYgV1i4WEwKYbEAVgBfkMg70mROdciFQJacYJiy3YV0UdEzb1IHiYq1bruu3E
q33TTqTjdgxUeGTFMJtlSz1T6iWuYyxnc9z7H8TLA5FvqQpoXsPYjmiKbwt4ev5K
v9Zism6k3okwoTMiLdCj45j+QMlNxpvznV2l4s+r/BPq0/AFncw4iEVSdaflCXNR
XfRW8+CvI3XKtInA01Na/RBMONb5aZBhHds17z74gl7coZVXgQOQsRrG6t9yab1g
0usFm79AdU1OyVbu6yOUfjdqiGoW0QSWF3acf4WcKtPdWtWMBVufDQ==
-----END CERTIFICATE-----
Generated at Tue Apr 30 14:15:40 2024 by rpki-client on console.sobornost.net