Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/pO17QeZ20mtgLbXcDB2l3Vp0Hgs.roa
File: pO17QeZ20mtgLbXcDB2l3Vp0Hgs.roa (raw, json)
Hash identifier: 87ARf7HNhGc0JKFJD1wNSpY7Jvzx2zv81OiJ/hXfjms=
Subject key identifier: A4:ED:7B:41:E6:76:D2:6B:60:2D:B5:DC:0C:1D:A5:DD:5A:74:1E:0B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 496A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pO17QeZ20mtgLbXcDB2l3Vp0Hgs.roa
Signing time: Fri 26 Apr 2024 11:23:22 +0000
ROA not before: Fri 26 Apr 2024 11:23:22 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18794 (0x496a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 26 11:23:22 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A4ED7B41E676D26B602DB5DC0C1DA5DD5A741E0B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:6e:17:05:cb:72:08:e5:9c:1f:de:f4:26:8e:
b3:0f:04:45:81:c7:81:14:1f:90:0e:b8:b2:21:17:
26:de:87:e8:f9:fa:33:75:7a:d8:3a:0a:0b:b2:d7:
fe:43:3d:51:6e:f1:42:89:42:e0:e3:f6:5f:2e:75:
48:4c:6e:42:84:2c:cd:de:87:25:3f:77:38:96:41:
f2:9b:34:30:66:1e:43:34:64:12:43:66:e2:9d:42:
31:1f:7d:d5:a6:c9:1e:ec:ad:53:a5:a2:77:51:80:
b8:75:cc:de:7c:1c:d2:ae:9c:ad:82:4b:7c:cd:49:
fa:f8:77:aa:15:65:51:77:19:61:d4:28:0e:1f:52:
9b:10:28:c8:95:75:da:be:ca:55:9f:fc:33:18:9d:
4c:f7:dd:ae:38:50:d3:8a:7d:b3:3f:3f:3a:31:ad:
7c:bf:0e:17:f6:fa:9d:f7:ed:0a:54:64:77:ec:c5:
32:6b:2f:fa:a3:99:6a:17:63:ff:f5:e8:d3:46:fb:
55:15:2b:71:ae:7c:26:90:3e:fb:43:26:4a:ad:29:
7b:2b:c2:a7:14:7b:41:64:ca:01:28:b3:69:8d:48:
43:42:55:7a:b2:f9:b1:44:3f:0c:66:ca:9a:fc:0d:
e8:11:72:0e:48:3d:99:b1:3f:0b:13:84:96:41:5f:
9d:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:ED:7B:41:E6:76:D2:6B:60:2D:B5:DC:0C:1D:A5:DD:5A:74:1E:0B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pO17QeZ20mtgLbXcDB2l3Vp0Hgs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6d:b8:6a:c8:f1:85:46:41:87:f3:fa:da:66:7e:45:f3:f4:b7:
8e:93:8e:85:99:09:b7:1d:3d:eb:66:cc:01:0c:9f:5f:ac:df:
27:0f:13:e5:d2:f3:bc:5e:03:3b:f1:ef:36:5e:37:da:83:d0:
54:12:bb:42:89:54:9b:1b:7a:2e:c8:01:6b:93:0b:60:7d:cf:
a6:d5:83:51:84:9d:c9:8b:3d:df:62:da:e0:28:b5:dc:81:77:
25:6e:13:ac:db:01:7f:02:e3:ab:cf:20:4f:8c:1d:30:e5:66:
df:af:2b:f1:95:8a:29:e6:d3:64:93:62:4b:18:f1:9f:62:e3:
ce:bc:3b:6b:b0:1e:6c:df:f2:31:4a:e9:58:24:9d:6c:f0:2e:
ad:b4:fb:d7:b7:32:ce:f4:9f:47:3d:34:98:3c:4e:48:96:d7:
c3:d3:0d:79:cb:4f:fe:e9:ef:64:0f:08:54:54:74:4b:ef:42:
b1:c6:b4:95:95:d6:46:43:c3:46:28:13:5d:9c:6d:ae:44:15:
4d:8b:d0:73:65:ad:47:23:21:24:b4:87:0f:0c:90:b7:3b:60:
0c:5a:1b:14:a6:67:05:bd:c2:ee:df:49:1b:01:b2:8f:22:8e:
18:23:73:a0:bd:42:70:e2:c6:51:af:55:b7:bb:17:a7:b9:63:
ba:12:e0:63
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSWowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjYx
MTIzMjJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE0RUQ3QjQxRTY3NkQy
NkI2MDJEQjVEQzBDMURBNURENUE3NDFFMEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVbhcFy3II5Zwf3vQmjrMPBEWBx4EUH5AOuLIhFybeh+j5+jN1
etg6Cguy1/5DPVFu8UKJQuDj9l8udUhMbkKELM3ehyU/dziWQfKbNDBmHkM0ZBJD
ZuKdQjEffdWmyR7srVOlondRgLh1zN58HNKunK2CS3zNSfr4d6oVZVF3GWHUKA4f
UpsQKMiVddq+ylWf/DMYnUz33a44UNOKfbM/PzoxrXy/Dhf2+p337QpUZHfsxTJr
L/qjmWoXY//16NNG+1UVK3GufCaQPvtDJkqtKXsrwqcUe0FkygEos2mNSENCVXqy
+bFEPwxmypr8DegRcg5IPZmxPwsThJZBX50ZAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUpO17QeZ20mtgLbXcDB2l3Vp0HgswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BPMTdRZVoyMG10Z0xi
WGNEQjJsM1ZwMEhncy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAbbhqyPGFRkGH8/raZn5F8/S3jpOOhZkJ
tx0962bMAQyfX6zfJw8T5dLzvF4DO/HvNl432oPQVBK7QolUmxt6LsgBa5MLYH3P
ptWDUYSdyYs932La4Ci13IF3JW4TrNsBfwLjq88gT4wdMOVm368r8ZWKKebTZJNi
Sxjxn2Ljzrw7a7AebN/yMUrpWCSdbPAurbT717cyzvSfRz00mDxOSJbXw9MNectP
/unvZA8IVFR0S+9Csca0lZXWRkPDRigTXZxtrkQVTYvQc2WtRyMhJLSHDwyQtztg
DFobFKZnBb3C7t9JGwGyjyKOGCNzoL1CcOLGUa9Vt7sXp7ljuhLgYw==
-----END CERTIFICATE-----
Generated at Fri Apr 26 18:27:24 2024 by rpki-client on console.sobornost.net