Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kzJGP0zsoYeDSVYobLZ5g04x9zc.roa
File: kzJGP0zsoYeDSVYobLZ5g04x9zc.roa (raw, json)
Hash identifier: TDOuxO2TTZ4/NvaoYd+JybVnPzJusLlO3kzSyJSwOWI=
Subject key identifier: 93:32:46:3F:4C:EC:A1:87:83:49:56:28:6C:B6:79:83:4E:31:F7:37
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 397A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kzJGP0zsoYeDSVYobLZ5g04x9zc.roa
Signing time: Fri 05 Apr 2024 05:22:26 +0000
ROA not before: Fri 05 Apr 2024 05:22:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14714 (0x397a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 5 05:22:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9332463F4CECA187834956286CB679834E31F737
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:17:ab:e3:c2:9e:e7:70:df:b3:89:18:23:82:
03:dd:e9:28:10:c8:f4:a6:6d:a0:e7:52:cd:d0:f4:
81:7d:f7:35:67:83:66:b4:87:34:ec:6b:3a:f3:d0:
dd:09:ab:20:28:7c:d2:62:6b:be:d2:0e:ff:47:3a:
30:7f:21:73:96:ad:cb:0b:60:0e:6d:9a:5e:ac:73:
d4:75:cd:b1:32:78:23:49:d7:df:86:88:aa:7a:d4:
63:d3:37:85:32:04:4a:17:49:13:0a:9e:22:a3:c6:
9b:f9:4d:ec:52:fb:af:9d:ca:62:b4:9b:d3:ab:5d:
a3:e1:cb:90:cb:9b:41:83:2a:93:a7:17:d5:07:c3:
fd:d9:90:42:ae:b4:e1:9d:f7:08:74:df:2d:60:4b:
65:c8:9e:88:8d:f7:9b:af:bb:7d:04:b7:e4:5e:a6:
6f:9a:4c:7b:8c:57:15:81:86:30:77:d1:83:31:6a:
f6:86:a9:28:2a:81:4b:99:ed:d2:87:d9:00:30:bd:
2b:2d:d7:f6:80:44:19:e2:e4:95:c9:5a:72:14:de:
92:26:f3:26:09:3f:db:a1:b4:b4:ae:e7:09:8d:63:
23:bd:d5:a4:63:41:cc:74:9d:70:25:d1:f4:0b:75:
b9:d9:c5:d6:73:9c:ac:7c:9f:8b:fa:80:8f:c2:4e:
6a:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:32:46:3F:4C:EC:A1:87:83:49:56:28:6C:B6:79:83:4E:31:F7:37
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kzJGP0zsoYeDSVYobLZ5g04x9zc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b9:f2:7f:a9:9f:a8:b7:15:c7:82:cf:cd:e9:94:d5:74:7f:01:
f5:c6:94:c5:10:bd:25:6c:cf:63:ff:49:db:d6:f3:7c:c3:a4:
35:87:45:88:61:18:07:95:d0:59:d7:01:76:02:0c:6a:f7:a9:
09:1b:31:ec:89:a9:42:f5:6a:b2:1a:5d:cc:da:42:31:44:31:
9d:43:86:7a:aa:81:aa:b7:fe:a7:46:01:48:24:ff:ef:b4:9f:
00:54:bd:cc:3f:9b:42:44:58:30:25:fa:07:0b:a3:e0:d9:47:
a4:7e:ba:9e:97:5f:f1:b6:bf:c3:73:9f:a3:a0:37:79:66:0e:
4e:3f:01:4c:29:91:30:6c:f4:17:71:6e:bf:2e:1e:66:29:64:
bb:7b:6d:50:d0:2a:99:f1:70:9b:96:4d:d8:b7:6a:97:d9:80:
a6:6a:50:9b:1e:f6:bb:39:76:03:d6:72:03:7e:7f:99:4b:2e:
2a:80:e7:0d:c8:01:f1:0c:9f:c0:db:14:3b:cd:4e:1d:ce:87:
00:a1:76:12:19:71:1f:6d:d6:05:94:be:e3:2a:fa:71:b5:5f:
0c:ff:ca:fd:58:81:66:12:0b:b5:c8:63:07:5d:66:93:a7:fc:
e8:a7:4d:b4:62:b8:db:56:15:2b:09:ea:77:c6:f5:11:81:ef:
48:7a:fb:e3
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOXowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDUw
NTIyMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDkzMzI0NjNGNENFQ0Ex
ODc4MzQ5NTYyODZDQjY3OTgzNEUzMUY3MzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDsF6vjwp7ncN+ziRgjggPd6SgQyPSmbaDnUs3Q9IF99zVng2a0
hzTsazrz0N0JqyAofNJia77SDv9HOjB/IXOWrcsLYA5tml6sc9R1zbEyeCNJ19+G
iKp61GPTN4UyBEoXSRMKniKjxpv5TexS+6+dymK0m9OrXaPhy5DLm0GDKpOnF9UH
w/3ZkEKutOGd9wh03y1gS2XInoiN95uvu30Et+Repm+aTHuMVxWBhjB30YMxavaG
qSgqgUuZ7dKH2QAwvSst1/aARBni5JXJWnIU3pIm8yYJP9uhtLSu5wmNYyO91aRj
Qcx0nXAl0fQLdbnZxdZznKx8n4v6gI/CTmq5AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUkzJGP0zsoYeDSVYobLZ5g04x9zcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2t6SkdQMHpzb1llRFNW
WW9iTFo1ZzA0eDl6Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAufJ/qZ+otxXHgs/N6ZTVdH8B9caUxRC9
JWzPY/9J29bzfMOkNYdFiGEYB5XQWdcBdgIMavepCRsx7ImpQvVqshpdzNpCMUQx
nUOGeqqBqrf+p0YBSCT/77SfAFS9zD+bQkRYMCX6Bwuj4NlHpH66npdf8ba/w3Of
o6A3eWYOTj8BTCmRMGz0F3Fuvy4eZilku3ttUNAqmfFwm5ZN2Ldql9mApmpQmx72
uzl2A9ZyA35/mUsuKoDnDcgB8QyfwNsUO81OHc6HAKF2EhlxH23WBZS+4yr6cbVf
DP/K/ViBZhILtchjB11mk6f86KdNtGK421YVKwnqd8b1EYHvSHr74w==
-----END CERTIFICATE-----
Generated at Fri Apr 5 12:25:50 2024 by rpki-client on console.sobornost.net