Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qu_8QeB-HGr_ew0RYK4rqDEx0Yk.roa
File: qu_8QeB-HGr_ew0RYK4rqDEx0Yk.roa (raw, json)
Hash identifier: ZYCubtf0QyyrOp/7s7XgWhk1CYGnP8i9bfVqSr6jbXA=
Subject key identifier: AA:EF:FC:41:E0:7E:1C:6A:FF:7B:0D:11:60:AE:2B:A8:31:31:D1:89
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E56
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qu_8QeB-HGr_ew0RYK4rqDEx0Yk.roa
Signing time: Fri 03 May 2024 00:53:41 +0000
ROA not before: Fri 03 May 2024 00:53:41 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20054 (0x4e56)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 00:53:41 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AAEFFC41E07E1C6AFF7B0D1160AE2BA83131D189
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:53:7b:bd:fb:72:f7:fa:4e:6a:9f:7e:00:9e:
57:4d:67:29:56:69:d3:59:61:b2:20:1c:f6:4a:27:
74:b2:fc:9c:22:b2:e2:07:70:df:10:39:2d:14:ff:
cf:92:94:d7:e0:cc:9b:87:c7:65:c1:32:ac:33:79:
fc:99:8a:f0:01:2d:d4:22:74:e2:45:2d:52:27:5d:
34:83:32:bc:d8:a3:f3:25:30:f3:da:8c:a3:7e:15:
bc:d6:52:2d:ae:f6:fb:ed:c6:73:8f:82:fe:23:a7:
1e:b1:58:5a:42:33:4c:2c:06:38:c1:5a:3e:15:89:
ab:d3:5d:10:e3:9d:94:a8:78:7a:07:74:66:5e:27:
db:17:6c:93:ee:0f:9a:3a:76:97:0c:09:00:6f:83:
65:f6:e8:bd:3d:ad:2f:af:b7:51:56:d9:da:1a:f3:
73:73:86:d8:60:9c:fe:7b:20:0b:b8:d7:e3:9e:3f:
2c:ff:bc:8d:29:4b:c5:30:be:e3:48:4e:f6:76:ec:
44:64:e1:dd:ad:78:2a:92:04:01:89:d8:1c:38:59:
34:14:fc:e4:83:22:63:48:99:d0:22:4e:f1:5b:7b:
37:a6:0b:b9:e1:b8:67:71:3f:9f:b5:f3:94:fb:94:
06:f4:1d:1e:98:88:27:90:c4:2d:ee:fe:20:22:67:
c4:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:EF:FC:41:E0:7E:1C:6A:FF:7B:0D:11:60:AE:2B:A8:31:31:D1:89
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qu_8QeB-HGr_ew0RYK4rqDEx0Yk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
63:41:5e:74:3d:0b:47:51:21:be:c3:27:1f:d9:13:90:3f:64:
f6:5e:c4:5e:d7:05:ba:08:d7:27:ff:02:39:5b:95:87:0c:f1:
9a:d7:45:48:bf:1b:40:69:de:24:cc:f5:91:e4:8d:57:e8:9f:
6f:f1:ad:94:c9:b6:77:fe:48:0d:e9:d9:a8:73:09:57:0f:55:
f2:c6:84:a2:7b:cd:3b:bb:fe:37:52:50:f1:29:ad:3c:16:1e:
14:33:40:ed:01:ee:aa:2d:98:0c:da:b6:77:12:9b:4b:65:10:
ac:f1:cb:50:66:3f:8b:42:60:0d:0b:a7:d6:32:c6:72:a6:ae:
a5:36:52:bb:e2:87:52:32:c7:fe:dd:5a:1e:37:1a:81:ad:36:
51:39:90:7d:a0:46:74:16:33:e0:8f:55:9a:36:42:3a:b1:74:
25:43:ea:a3:78:1c:6e:2a:22:f2:ec:ff:c0:ac:42:7b:4f:a5:
48:51:c2:9f:37:48:20:43:b7:00:a4:37:29:b1:f4:40:cf:17:
3c:1a:b4:4d:5f:1a:94:64:c8:80:f8:7d:18:52:54:8c:5a:aa:
75:61:f5:44:5b:e0:27:29:ef:83:90:2b:93:66:cd:6d:b7:a8:
ee:c2:2f:12:15:22:4a:bc:3e:57:d5:f9:c7:3e:4e:ac:65:84:
f6:0d:1a:77
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTlYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMw
MDUzNDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFBRUZGQzQxRTA3RTFD
NkFGRjdCMEQxMTYwQUUyQkE4MzEzMUQxODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD0U3u9+3L3+k5qn34AnldNZylWadNZYbIgHPZKJ3Sy/JwisuIH
cN8QOS0U/8+SlNfgzJuHx2XBMqwzefyZivABLdQidOJFLVInXTSDMrzYo/MlMPPa
jKN+FbzWUi2u9vvtxnOPgv4jpx6xWFpCM0wsBjjBWj4ViavTXRDjnZSoeHoHdGZe
J9sXbJPuD5o6dpcMCQBvg2X26L09rS+vt1FW2doa83NzhthgnP57IAu41+OePyz/
vI0pS8UwvuNITvZ27ERk4d2teCqSBAGJ2Bw4WTQU/OSDImNImdAiTvFbezemC7nh
uGdxP5+185T7lAb0HR6YiCeQxC3u/iAiZ8TxAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUqu/8QeB+HGr/ew0RYK4rqDEx0YkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3F1XzhRZUItSEdyX2V3
MFJZSzRycURFeDBZay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAY0FedD0LR1EhvsMnH9kTkD9k9l7EXtcF
ugjXJ/8COVuVhwzxmtdFSL8bQGneJMz1keSNV+ifb/GtlMm2d/5IDenZqHMJVw9V
8saEonvNO7v+N1JQ8SmtPBYeFDNA7QHuqi2YDNq2dxKbS2UQrPHLUGY/i0JgDQun
1jLGcqaupTZSu+KHUjLH/t1aHjcaga02UTmQfaBGdBYz4I9VmjZCOrF0JUPqo3gc
bioi8uz/wKxCe0+lSFHCnzdIIEO3AKQ3KbH0QM8XPBq0TV8alGTIgPh9GFJUjFqq
dWH1RFvgJynvg5Ark2bNbbeo7sIvEhUiSrw+V9X5xz5OrGWE9g0adw==
-----END CERTIFICATE-----
Generated at Fri May 3 12:22:21 2024 by rpki-client on console.sobornost.net