Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/q5qzJiinVHpb3WdEIgxP8gbFh3Y.roa
File: q5qzJiinVHpb3WdEIgxP8gbFh3Y.roa (raw, json)
Hash identifier: jwxPnjn+o+LyWvyq6LtQcQUfVNhXQltaj88PF3CLoYk=
Subject key identifier: AB:9A:B3:26:28:A7:54:7A:5B:DD:67:44:22:0C:4F:F2:06:C5:87:76
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 45F6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/q5qzJiinVHpb3WdEIgxP8gbFh3Y.roa
Signing time: Sun 21 Apr 2024 20:53:07 +0000
ROA not before: Sun 21 Apr 2024 20:53:07 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17910 (0x45f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 21 20:53:07 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AB9AB32628A7547A5BDD6744220C4FF206C58776
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:b2:29:e9:dd:c9:b1:a0:9e:a1:1b:3a:98:84:
b4:6a:2e:1b:4b:32:16:f0:f1:e2:b1:08:e6:85:ff:
e3:35:c0:46:db:67:5a:c3:df:05:2b:9c:e3:c7:78:
16:ca:d1:85:e6:1d:3a:18:01:cc:c5:e9:25:e5:75:
0e:02:26:66:af:d9:3e:70:17:f5:5d:c2:32:04:b4:
d7:7e:46:16:f4:d8:bf:c5:3d:4b:f0:f1:9e:8b:7a:
4e:ed:64:5f:f7:38:ce:f5:76:1a:49:ea:bd:3f:69:
c5:3e:dd:e0:7b:b0:b1:73:a6:ab:67:28:27:7c:8c:
e7:51:97:eb:f3:e9:d4:cc:fa:d8:06:96:9f:c8:40:
25:64:23:b9:56:d0:27:d7:45:33:90:94:6e:f8:34:
91:13:a4:ab:86:3d:41:0e:ea:3d:25:f6:ef:3c:76:
20:24:dc:c1:3e:3d:5e:8f:0a:5e:4b:2a:72:9f:69:
07:da:01:9f:d4:14:51:bf:6d:c7:c0:95:b8:7a:32:
d0:46:d4:64:45:1c:34:b3:41:18:7f:b7:53:9f:f6:
5c:e6:ff:65:b1:2d:96:f3:1d:cb:25:fb:af:ed:40:
c1:4b:05:1a:db:fb:03:7a:2f:4f:8d:88:bb:da:d0:
14:7a:a0:aa:27:e0:29:b3:88:69:9d:5f:1f:a5:c4:
29:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:9A:B3:26:28:A7:54:7A:5B:DD:67:44:22:0C:4F:F2:06:C5:87:76
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/q5qzJiinVHpb3WdEIgxP8gbFh3Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9b:bc:e0:11:94:74:74:09:22:ab:2f:45:9f:98:90:6a:80:7b:
07:ef:48:7a:28:5f:02:c0:e3:d9:c2:74:a9:e2:0d:d8:32:eb:
f7:9b:a0:56:cb:90:a2:50:2d:f5:97:9a:c7:b1:a0:95:f8:e7:
38:cd:dc:c3:8a:10:a6:80:88:e2:5f:c5:33:ea:a5:d6:60:98:
6c:8f:58:b0:5b:c3:53:02:ae:30:61:f8:22:9e:7e:a0:bd:32:
fd:c2:1e:35:ef:35:38:d1:ed:f6:cf:2e:75:e1:81:e5:49:4c:
f4:3e:b4:f0:61:ee:44:45:70:bb:4d:21:04:10:69:4c:bd:1d:
ba:70:d9:ab:a0:17:20:4f:3b:ba:ef:c2:e1:96:84:be:e8:47:
e2:63:e6:08:c6:f2:50:0f:9b:2e:41:49:7b:89:3e:9d:e6:e0:
bd:a2:4b:1b:6b:25:5e:3f:ae:46:4e:41:82:30:a3:4e:98:9f:
0e:89:b2:5c:30:92:bb:95:e2:b2:11:3b:d6:84:b8:59:25:bc:
7e:61:92:be:fc:55:19:ce:3f:a0:31:18:5c:f4:f8:3e:b1:24:
b3:d8:52:7f:3b:6b:c5:c1:af:39:b4:0f:9d:1b:de:60:cf:8f:
9b:90:26:74:f2:03:a7:fc:af:d0:2a:22:0f:9c:c3:bf:d1:ad:
06:3a:f7:a0
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRfYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjEy
MDUzMDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFCOUFCMzI2MjhBNzU0
N0E1QkRENjc0NDIyMEM0RkYyMDZDNTg3NzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYsinp3cmxoJ6hGzqYhLRqLhtLMhbw8eKxCOaF/+M1wEbbZ1rD
3wUrnOPHeBbK0YXmHToYAczF6SXldQ4CJmav2T5wF/VdwjIEtNd+Rhb02L/FPUvw
8Z6Lek7tZF/3OM71dhpJ6r0/acU+3eB7sLFzpqtnKCd8jOdRl+vz6dTM+tgGlp/I
QCVkI7lW0CfXRTOQlG74NJETpKuGPUEO6j0l9u88diAk3ME+PV6PCl5LKnKfaQfa
AZ/UFFG/bcfAlbh6MtBG1GRFHDSzQRh/t1Of9lzm/2WxLZbzHcsl+6/tQMFLBRrb
+wN6L0+NiLva0BR6oKon4CmziGmdXx+lxClRAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUq5qzJiinVHpb3WdEIgxP8gbFh3YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3E1cXpKaWluVkhwYjNX
ZEVJZ3hQOGdiRmgzWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAm7zgEZR0dAkiqy9Fn5iQaoB7B+9Ieihf
AsDj2cJ0qeIN2DLr95ugVsuQolAt9Zeax7GglfjnOM3cw4oQpoCI4l/FM+ql1mCY
bI9YsFvDUwKuMGH4Ip5+oL0y/cIeNe81ONHt9s8udeGB5UlM9D608GHuREVwu00h
BBBpTL0dunDZq6AXIE87uu/C4ZaEvuhH4mPmCMbyUA+bLkFJe4k+nebgvaJLG2sl
Xj+uRk5BgjCjTpifDomyXDCSu5XishE71oS4WSW8fmGSvvxVGc4/oDEYXPT4PrEk
s9hSfztrxcGvObQPnRveYM+Pm5AmdPIDp/yv0CoiD5zDv9GtBjr3oA==
-----END CERTIFICATE-----
Generated at Mon Apr 22 01:44:00 2024 by rpki-client on console.sobornost.net