Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gJC-0eS9JTp3oQWTD9bhT9Fzad0.roa
File: gJC-0eS9JTp3oQWTD9bhT9Fzad0.roa (raw, json)
Hash identifier: 3kuTjImon9tmH6tDwaOcm8X8pYatB5lYYYprqZnyRWY=
Subject key identifier: 80:90:BE:D1:E4:BD:25:3A:77:A1:05:93:0F:D6:E1:4F:D1:73:69:DD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42EA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gJC-0eS9JTp3oQWTD9bhT9Fzad0.roa
Signing time: Wed 17 Apr 2024 19:23:00 +0000
ROA not before: Wed 17 Apr 2024 19:23:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17130 (0x42ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 19:23:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8090BED1E4BD253A77A105930FD6E14FD17369DD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:9c:bb:8d:dc:8a:1d:3b:2b:fc:56:4e:f6:e0:
22:ef:0a:92:d7:3f:5e:f4:64:14:3f:5b:57:90:dc:
e3:57:d1:80:5c:4f:1b:f7:e4:ea:52:e8:d3:09:2c:
52:33:fe:b8:e6:10:41:f7:4b:89:49:c7:53:3d:ef:
0a:1a:d4:16:b2:f6:da:fb:bd:12:86:aa:dd:39:1c:
05:c4:01:c1:bf:d3:9d:81:5e:28:8d:8f:7f:fe:cc:
be:97:1c:00:fe:29:cb:a3:dc:43:0c:f8:2f:61:a7:
ce:18:2f:93:0d:8e:57:90:da:df:e7:f4:53:ec:2e:
22:79:3f:8e:87:ec:c7:ef:d8:16:a2:a4:50:23:20:
78:8d:db:1d:66:00:a4:21:7f:3e:66:2c:3a:bb:34:
e9:96:0b:c6:d2:84:7d:28:4f:36:4a:73:81:98:ef:
7b:e3:3c:3a:36:6c:8d:29:53:5f:6e:03:33:57:33:
30:64:7e:33:98:71:fa:e7:6d:9c:4d:f9:4e:ae:df:
dc:91:6f:82:56:92:09:38:22:2f:89:25:c0:60:47:
0c:c9:24:e9:1d:df:9c:4b:43:62:04:6c:2f:b5:46:
f6:9a:ad:1b:66:48:2d:c4:f4:e6:07:e9:b4:ed:e8:
84:45:f2:9b:c5:f5:44:5c:17:6a:fc:9e:41:12:1e:
69:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:90:BE:D1:E4:BD:25:3A:77:A1:05:93:0F:D6:E1:4F:D1:73:69:DD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gJC-0eS9JTp3oQWTD9bhT9Fzad0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
69:83:a6:8d:4c:62:74:7f:ad:5f:23:38:43:a4:15:81:b3:88:
a6:af:33:b5:d1:ce:aa:1d:27:76:c0:33:e8:4c:89:ce:10:1b:
0a:b3:01:09:2d:25:19:0e:3e:45:51:76:ee:0a:92:95:63:ef:
6d:96:12:4e:1c:96:cf:26:4a:3a:72:ad:67:1f:33:8f:40:e0:
de:49:69:3f:cb:79:06:32:5e:b4:83:41:84:c6:50:08:c3:28:
1f:19:0a:8c:7a:11:54:fb:65:5d:3b:f1:58:28:25:8b:86:88:
a4:1d:04:f4:8e:de:23:a4:8f:bf:30:e8:f9:35:a0:e8:87:be:
98:75:fb:d2:6f:6f:bd:80:b0:64:e2:8f:4e:53:19:69:a5:a3:
a0:4d:df:45:4d:a4:85:0d:4e:11:7e:58:96:ca:65:4f:38:d1:
eb:41:c5:1b:15:2d:85:77:cc:56:27:d1:85:1d:6e:01:34:3c:
6a:06:14:eb:b7:df:bc:fe:75:7d:7d:40:7f:c2:84:02:51:fc:
fe:98:ca:62:c6:87:4e:88:dc:93:69:dd:ea:32:d3:c6:59:20:
0a:9d:f4:ad:e0:4f:0d:03:51:56:e0:c6:03:5a:d4:63:ef:a6:
27:3a:8e:b2:73:1c:8c:f7:2e:05:55:61:32:b5:96:54:63:2c:
5b:f0:95:16
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQuowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcx
OTIzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgwOTBCRUQxRTRCRDI1
M0E3N0ExMDU5MzBGRDZFMTRGRDE3MzY5REQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJnLuN3IodOyv8Vk724CLvCpLXP170ZBQ/W1eQ3ONX0YBcTxv3
5OpS6NMJLFIz/rjmEEH3S4lJx1M97woa1Bay9tr7vRKGqt05HAXEAcG/052BXiiN
j3/+zL6XHAD+Kcuj3EMM+C9hp84YL5MNjleQ2t/n9FPsLiJ5P46H7Mfv2BaipFAj
IHiN2x1mAKQhfz5mLDq7NOmWC8bShH0oTzZKc4GY73vjPDo2bI0pU19uAzNXMzBk
fjOYcfrnbZxN+U6u39yRb4JWkgk4Ii+JJcBgRwzJJOkd35xLQ2IEbC+1RvaarRtm
SC3E9OYH6bTt6IRF8pvF9URcF2r8nkESHmnPAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUgJC+0eS9JTp3oQWTD9bhT9Fzad0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2dKQy0wZVM5SlRwM29R
V1REOWJoVDlGemFkMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAaYOmjUxidH+tXyM4Q6QVgbOIpq8ztdHO
qh0ndsAz6EyJzhAbCrMBCS0lGQ4+RVF27gqSlWPvbZYSThyWzyZKOnKtZx8zj0Dg
3klpP8t5BjJetINBhMZQCMMoHxkKjHoRVPtlXTvxWCgli4aIpB0E9I7eI6SPvzDo
+TWg6Ie+mHX70m9vvYCwZOKPTlMZaaWjoE3fRU2khQ1OEX5YlsplTzjR60HFGxUt
hXfMVifRhR1uATQ8agYU67ffvP51fX1Af8KEAlH8/pjKYsaHTojck2nd6jLTxlkg
Cp30reBPDQNRVuDGA1rUY++mJzqOsnMcjPcuBVVhMrWWVGMsW/CVFg==
-----END CERTIFICATE-----
Generated at Thu Apr 18 09:19:26 2024 by rpki-client on console.sobornost.net