Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/riNWd8q2E6O-bQzPQI7kbhdpkSg.roa
File: riNWd8q2E6O-bQzPQI7kbhdpkSg.roa (raw, json)
Hash identifier: 81d7whuT5I0kYUoF0QCKMlVBPNUozKa4W5Zdkpp+TH8=
Subject key identifier: AE:23:56:77:CA:B6:13:A3:BE:6D:0C:CF:40:8E:E4:6E:17:69:91:28
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3FBE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/riNWd8q2E6O-bQzPQI7kbhdpkSg.roa
Signing time: Sat 13 Apr 2024 13:52:53 +0000
ROA not before: Sat 13 Apr 2024 13:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16318 (0x3fbe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 13:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AE235677CAB613A3BE6D0CCF408EE46E17699128
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:8d:49:d6:9f:79:3c:49:de:38:4b:8e:3d:30:
11:71:5d:59:63:69:69:3f:df:6d:da:1d:38:0e:be:
b5:d5:7c:b4:e4:26:16:14:d4:9b:55:59:ee:88:ee:
87:78:5c:21:d7:ef:6b:ac:bf:07:2e:4c:7d:7d:ba:
29:77:ab:54:cc:d4:68:b0:b3:a9:4f:4b:23:c8:43:
38:d9:da:c8:00:eb:10:a5:81:b0:f7:e0:c7:8e:ff:
6f:5b:46:9a:f5:b7:69:ec:de:f8:55:b1:cf:fa:3d:
0c:37:eb:d2:bb:76:5d:ba:c8:d3:d4:88:82:6d:aa:
ad:bc:f8:21:d8:6f:15:82:93:6e:65:cd:88:45:2f:
a3:22:f1:3b:3f:38:b3:4e:28:b3:57:0c:a4:d1:a6:
ce:66:d7:89:2c:2e:8d:d0:31:83:c7:9d:a4:08:06:
34:b7:49:44:9a:7e:fb:b1:58:37:41:d6:96:3f:4f:
f9:01:06:ef:36:5f:ee:a8:bf:61:1b:a8:62:c6:b0:
b9:9c:42:6a:88:06:8f:d5:0a:64:dd:e9:07:2f:60:
92:52:05:e4:da:62:b4:38:5c:7f:fd:32:8e:44:0d:
7a:95:63:95:cc:2b:73:d3:24:d6:11:4c:c2:a4:ab:
70:bc:8e:40:1c:fd:32:67:77:e2:b9:54:08:75:41:
e2:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:23:56:77:CA:B6:13:A3:BE:6D:0C:CF:40:8E:E4:6E:17:69:91:28
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/riNWd8q2E6O-bQzPQI7kbhdpkSg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
31:66:2c:d8:d6:34:34:69:53:9d:db:14:8a:0f:e6:4d:7c:a6:
1a:d3:9b:a1:d7:82:d8:3e:62:7d:f2:c8:4c:0e:31:c3:94:52:
ad:e8:66:56:2a:f2:e5:a5:d0:bc:97:33:82:72:ce:3d:c5:af:
1a:23:db:c3:50:b2:f7:4c:e9:0e:1e:91:77:7e:88:69:f0:6f:
07:0c:e3:a1:d0:68:20:6d:9d:d7:02:ca:16:bd:fa:59:5e:f2:
00:f2:37:af:37:84:77:55:86:c1:8e:e9:c2:18:13:43:0c:74:
a3:83:ae:d4:77:db:36:39:f0:88:4b:60:c5:7f:5f:30:7c:4e:
c4:ad:1c:d5:1b:b1:8f:c9:db:13:f7:1d:d3:44:50:7a:01:cb:
5d:4d:b4:a6:ab:c4:88:cc:79:35:53:3c:6b:63:33:5b:9b:c5:
ff:52:5d:9d:cf:c4:34:08:8f:b4:eb:1b:46:79:f2:1c:10:d9:
93:19:18:96:ed:a4:f9:9e:b5:8b:ce:27:24:88:7b:05:01:53:
bc:85:c5:74:65:a2:38:ca:c1:81:3f:84:1f:7d:61:b5:db:5d:
9f:cd:6e:34:c6:8d:07:59:b8:48:d7:05:ad:b8:e8:48:15:41:
b3:de:a2:2f:df:8f:ed:79:a5:25:cd:a3:f8:1e:eb:53:9f:71:
5f:08:32:6a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICP74wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMx
MzUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFFMjM1Njc3Q0FCNjEz
QTNCRTZEMENDRjQwOEVFNDZFMTc2OTkxMjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCejUnWn3k8Sd44S449MBFxXVljaWk/323aHTgOvrXVfLTkJhYU
1JtVWe6I7od4XCHX72usvwcuTH19uil3q1TM1Giws6lPSyPIQzjZ2sgA6xClgbD3
4MeO/29bRpr1t2ns3vhVsc/6PQw369K7dl26yNPUiIJtqq28+CHYbxWCk25lzYhF
L6Mi8Ts/OLNOKLNXDKTRps5m14ksLo3QMYPHnaQIBjS3SUSafvuxWDdB1pY/T/kB
Bu82X+6ov2EbqGLGsLmcQmqIBo/VCmTd6QcvYJJSBeTaYrQ4XH/9Mo5EDXqVY5XM
K3PTJNYRTMKkq3C8jkAc/TJnd+K5VAh1QeKjAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUriNWd8q2E6O+bQzPQI7kbhdpkSgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JpTldkOHEyRTZPLWJR
elBRSTdrYmhkcGtTZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAMWYs2NY0NGlTndsUig/mTXymGtObodeC
2D5iffLITA4xw5RSrehmViry5aXQvJczgnLOPcWvGiPbw1Cy90zpDh6Rd36IafBv
BwzjodBoIG2d1wLKFr36WV7yAPI3rzeEd1WGwY7pwhgTQwx0o4Ou1HfbNjnwiEtg
xX9fMHxOxK0c1Ruxj8nbE/cd00RQegHLXU20pqvEiMx5NVM8a2MzW5vF/1Jdnc/E
NAiPtOsbRnnyHBDZkxkYlu2k+Z61i84nJIh7BQFTvIXFdGWiOMrBgT+EH31htdtd
n81uNMaNB1m4SNcFrbjoSBVBs96iL9+P7XmlJc2j+B7rU59xXwgyag==
-----END CERTIFICATE-----
Generated at Sat Apr 13 19:10:14 2024 by rpki-client on console.sobornost.net