Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qxyrOdPb3roSrdbmYVbWdQgz9Ss.roa
File: qxyrOdPb3roSrdbmYVbWdQgz9Ss.roa (raw, json)
Hash identifier: lu+16boYU7Qvd9CR/YgBEtdM3CVmlYf+fdYgZN5N9X4=
Subject key identifier: AB:1C:AB:39:D3:DB:DE:BA:12:AD:D6:E6:61:56:D6:75:08:33:F5:2B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3856
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qxyrOdPb3roSrdbmYVbWdQgz9Ss.roa
Signing time: Wed 03 Apr 2024 16:52:20 +0000
ROA not before: Wed 03 Apr 2024 16:52:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14422 (0x3856)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 3 16:52:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AB1CAB39D3DBDEBA12ADD6E66156D6750833F52B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:4b:80:b1:04:c3:25:e0:62:65:4d:7b:ae:d3:
9d:8e:0b:9f:5c:5f:ca:ed:f3:35:6c:ca:03:cf:eb:
bc:0f:a2:c7:8e:f2:26:81:8c:b1:c3:14:55:2d:3b:
12:71:e7:a3:12:fc:47:16:0e:c2:ba:d8:2c:5c:ec:
b6:3f:f7:d0:34:34:d4:e3:f4:3e:8b:83:a4:62:0b:
c2:02:b1:d5:3b:27:86:c3:f5:70:ae:0c:18:c2:66:
26:4a:5d:79:32:ea:71:03:aa:58:75:5b:52:67:b3:
f1:0b:60:7a:66:e8:eb:4e:ed:06:3d:62:5d:3c:83:
f4:b9:ba:b3:0b:b6:e0:29:a9:dc:ec:8f:93:e2:ff:
a6:09:3a:74:0b:81:25:61:c0:39:ff:78:5e:c3:08:
f9:03:5b:a8:f0:df:9c:bf:dd:c1:a4:09:b3:1a:d6:
45:b7:aa:16:19:94:1e:3c:d8:67:8d:99:32:fa:66:
c9:37:c0:ae:ad:2d:b3:b9:d3:5b:cc:d1:df:b2:6e:
55:4b:fb:71:06:c7:7c:83:86:37:d0:df:94:c5:17:
43:50:ad:e9:ed:4f:df:a4:e2:3a:1b:1b:49:65:7e:
e7:ad:62:48:29:dc:87:4e:0b:0f:6c:5a:67:a3:92:
06:e2:9e:13:9c:42:0c:ad:cb:31:2f:8b:f1:a2:7f:
d8:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:1C:AB:39:D3:DB:DE:BA:12:AD:D6:E6:61:56:D6:75:08:33:F5:2B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qxyrOdPb3roSrdbmYVbWdQgz9Ss.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
89:9c:27:49:55:51:e8:5c:f6:7d:ac:40:cb:54:73:65:a9:20:
c9:ac:75:77:ad:f7:8f:65:aa:29:f9:4e:66:7a:0e:70:79:5e:
46:44:49:66:b9:63:52:f5:5e:f6:3b:86:d8:3f:f2:86:d8:86:
0a:5e:15:1a:dc:2d:4b:bf:2f:e6:57:3f:f3:1e:f2:c5:82:01:
14:9c:34:03:e1:55:7f:4d:b1:b3:11:c8:87:30:97:56:81:c7:
c2:5a:de:cc:17:e8:56:62:29:5b:25:e8:33:cd:dd:81:9a:df:
2d:9b:84:82:ca:65:96:94:93:7f:a6:bc:2f:0a:ae:5a:dd:36:
62:a3:37:6b:2a:c6:8c:00:64:1f:3e:cf:a7:07:42:db:a8:ba:
8a:f3:3b:ed:b6:cc:75:96:70:56:88:0f:52:66:0f:ac:b0:02:
0e:85:6a:88:d3:e3:56:92:34:df:47:5b:2b:50:5d:4d:86:25:
05:64:a9:e8:a7:5d:03:6e:36:6e:b3:7e:d8:14:34:3d:57:6d:
3f:94:29:68:e5:5e:bc:1d:be:b3:e6:4e:73:3e:3a:92:76:e6:
d7:82:b6:33:43:69:21:39:23:96:18:79:35:a2:dc:5a:6c:84:
7c:50:e6:8c:e0:1e:d7:18:74:9e:a8:47:98:10:07:94:2d:e3:
e4:b1:b7:a5
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOFYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDMx
NjUyMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFCMUNBQjM5RDNEQkRF
QkExMkFERDZFNjYxNTZENjc1MDgzM0Y1MkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHS4CxBMMl4GJlTXuu052OC59cX8rt8zVsygPP67wPoseO8iaB
jLHDFFUtOxJx56MS/EcWDsK62Cxc7LY/99A0NNTj9D6Lg6RiC8ICsdU7J4bD9XCu
DBjCZiZKXXky6nEDqlh1W1Jns/ELYHpm6OtO7QY9Yl08g/S5urMLtuApqdzsj5Pi
/6YJOnQLgSVhwDn/eF7DCPkDW6jw35y/3cGkCbMa1kW3qhYZlB482GeNmTL6Zsk3
wK6tLbO501vM0d+yblVL+3EGx3yDhjfQ35TFF0NQrentT9+k4jobG0llfuetYkgp
3IdOCw9sWmejkgbinhOcQgytyzEvi/Gif9gVAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUqxyrOdPb3roSrdbmYVbWdQgz9SswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3F4eXJPZFBiM3JvU3Jk
Ym1ZVmJXZFFnejlTcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAiZwnSVVR6Fz2faxAy1RzZakgyax1d633
j2WqKflOZnoOcHleRkRJZrljUvVe9juG2D/yhtiGCl4VGtwtS78v5lc/8x7yxYIB
FJw0A+FVf02xsxHIhzCXVoHHwlrezBfoVmIpWyXoM83dgZrfLZuEgspllpSTf6a8
LwquWt02YqM3ayrGjABkHz7PpwdC26i6ivM77bbMdZZwVogPUmYPrLACDoVqiNPj
VpI030dbK1BdTYYlBWSp6KddA242brN+2BQ0PVdtP5QpaOVevB2+s+ZOcz46knbm
14K2M0NpITkjlhh5NaLcWmyEfFDmjOAe1xh0nqhHmBAHlC3j5LG3pQ==
-----END CERTIFICATE-----
Generated at Wed Apr 3 23:51:51 2024 by rpki-client on console.sobornost.net