Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/mkMmjhBHLTn36GyhI3pkF5WFDck.roa
File: mkMmjhBHLTn36GyhI3pkF5WFDck.roa (raw, json)
Hash identifier: 1dw8JOLQsl5SZ9pJdIGan2vkWiZ05GGFwsCRmRXVsnA=
Subject key identifier: 9A:43:26:8E:10:47:2D:39:F7:E8:6C:A1:23:7A:64:17:95:85:0D:C9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4132
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mkMmjhBHLTn36GyhI3pkF5WFDck.roa
Signing time: Mon 15 Apr 2024 12:22:54 +0000
ROA not before: Mon 15 Apr 2024 12:22:54 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16690 (0x4132)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 12:22:54 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9A43268E10472D39F7E86CA1237A641795850DC9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:d7:e3:59:0c:17:a4:1f:b4:a9:f3:a2:ea:ac:
63:63:62:57:48:20:26:51:d4:37:66:2e:5f:62:9d:
bb:12:e8:e8:80:d4:8c:16:4e:2e:34:66:52:93:77:
ad:f8:ea:b5:3a:61:ab:05:61:83:c1:24:0f:d1:94:
28:0a:f9:06:82:69:bf:a1:ff:82:1c:f2:63:f2:53:
70:0b:8d:2b:74:7d:c2:a7:0d:42:38:ef:30:54:0a:
d2:d4:78:93:61:4d:d2:51:fc:61:fd:c6:d8:33:c6:
00:cf:cc:d4:42:ad:76:8f:a9:72:1a:91:f7:3a:ad:
56:b1:97:e5:51:8c:1b:23:50:02:a2:a0:10:ba:05:
11:a6:bf:b7:c2:56:3a:68:72:87:98:6d:8b:49:41:
0a:5e:49:a1:e0:e2:95:16:fa:ed:83:c5:64:95:e2:
8b:68:ac:4c:4c:c0:64:b5:c4:be:3e:0c:57:42:d0:
cc:34:01:51:6c:59:e3:3f:f2:ea:7b:4d:a8:90:a0:
06:2b:57:29:c2:59:d7:57:d3:c2:ca:02:a6:3d:19:
31:18:17:fb:69:79:12:17:63:be:27:64:ca:c7:64:
63:52:e2:97:c5:d5:09:2d:5e:7b:b6:6c:70:8c:74:
63:48:43:ef:3b:ac:8c:58:2b:eb:38:25:4c:84:60:
6c:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:43:26:8E:10:47:2D:39:F7:E8:6C:A1:23:7A:64:17:95:85:0D:C9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mkMmjhBHLTn36GyhI3pkF5WFDck.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
52:88:db:85:24:14:d7:a6:df:fe:23:79:2d:72:ed:06:45:59:
3b:9e:91:1f:22:b5:b0:41:2a:82:cd:a9:a7:07:7b:33:38:0c:
3c:c9:12:02:54:c4:a7:74:2b:7a:08:54:56:85:a6:bf:ba:c5:
af:eb:9f:64:63:b5:a3:94:8d:e2:56:a0:af:6e:ee:d3:ad:9e:
8e:50:8f:c8:07:ea:e6:c0:30:da:9b:92:11:eb:9f:1a:a6:d3:
35:f9:3f:ea:48:17:30:a5:e0:f3:d4:39:f0:42:d5:84:32:73:
10:50:69:45:b5:82:a6:5d:1a:65:5b:a3:8e:07:64:09:f9:d0:
7f:98:8c:1c:70:ae:df:cf:86:06:ff:75:21:97:d3:5e:ba:e9:
20:bf:85:93:b6:d0:2a:00:04:16:1d:2a:55:93:c5:39:46:af:
d3:32:a3:62:d8:09:25:50:84:a9:ee:2b:e0:50:fa:3e:f7:fd:
65:93:6b:9d:fe:76:20:1f:82:0a:b6:ac:a2:dc:ce:3b:1f:b8:
5f:84:7f:4a:fd:1e:18:09:79:ad:f3:3b:a2:65:dc:b6:29:ff:
3c:71:62:d0:7b:18:04:aa:61:e7:2c:5f:dc:2d:73:85:72:9f:
73:c6:80:48:d7:3f:bb:7b:91:35:93:b3:7f:52:85:c2:c7:50:
a5:40:b1:fc
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQTIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
MjIyNTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlBNDMyNjhFMTA0NzJE
MzlGN0U4NkNBMTIzN0E2NDE3OTU4NTBEQzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCZ1+NZDBekH7Sp86LqrGNjYldIICZR1DdmLl9inbsS6OiA1IwW
Ti40ZlKTd6346rU6YasFYYPBJA/RlCgK+QaCab+h/4Ic8mPyU3ALjSt0fcKnDUI4
7zBUCtLUeJNhTdJR/GH9xtgzxgDPzNRCrXaPqXIakfc6rVaxl+VRjBsjUAKioBC6
BRGmv7fCVjpocoeYbYtJQQpeSaHg4pUW+u2DxWSV4otorExMwGS1xL4+DFdC0Mw0
AVFsWeM/8up7TaiQoAYrVynCWddX08LKAqY9GTEYF/tpeRIXY74nZMrHZGNS4pfF
1QktXnu2bHCMdGNIQ+87rIxYK+s4JUyEYGyFAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUmkMmjhBHLTn36GyhI3pkF5WFDckwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L21rTW1qaEJITFRuMzZH
eWhJM3BrRjVXRkRjay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAUojbhSQU16bf/iN5LXLtBkVZO56RHyK1
sEEqgs2ppwd7MzgMPMkSAlTEp3QreghUVoWmv7rFr+ufZGO1o5SN4lagr27u062e
jlCPyAfq5sAw2puSEeufGqbTNfk/6kgXMKXg89Q58ELVhDJzEFBpRbWCpl0aZVuj
jgdkCfnQf5iMHHCu38+GBv91IZfTXrrpIL+Fk7bQKgAEFh0qVZPFOUav0zKjYtgJ
JVCEqe4r4FD6Pvf9ZZNrnf52IB+CCrasotzOOx+4X4R/Sv0eGAl5rfM7omXctin/
PHFi0HsYBKph5yxf3C1zhXKfc8aASNc/u3uRNZOzf1KFwsdQpUCx/A==
-----END CERTIFICATE-----
Generated at Mon Apr 15 19:41:48 2024 by rpki-client on console.sobornost.net