Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tME8dB4rh3s-XhqEwpuiNZDbi8w.roa
File: tME8dB4rh3s-XhqEwpuiNZDbi8w.roa (raw, json)
Hash identifier: fy+NahtneZZkZeWa328yh9OEu8fVOebbgBuCj+/csys=
Subject key identifier: B4:C1:3C:74:1E:2B:87:7B:3E:5E:1A:84:C2:9B:A2:35:90:DB:8B:CC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E26
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tME8dB4rh3s-XhqEwpuiNZDbi8w.roa
Signing time: Thu 11 Apr 2024 10:52:46 +0000
ROA not before: Thu 11 Apr 2024 10:52:46 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15910 (0x3e26)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 10:52:46 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B4C13C741E2B877B3E5E1A84C29BA23590DB8BCC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:8e:63:2d:d9:1a:8f:b0:99:ff:97:23:1f:90:
9f:d1:78:05:f4:22:48:4e:ac:f2:85:9c:05:f8:41:
10:75:16:3e:8e:0b:99:68:7b:86:f9:c2:cf:af:f0:
53:03:7d:c7:66:33:1b:17:20:5f:73:1a:73:af:d5:
e7:95:6a:24:95:65:18:af:80:0c:61:de:2a:69:ac:
3f:da:79:7a:eb:bc:8d:93:e9:b8:d0:08:32:ac:66:
8a:07:b6:49:1b:89:89:55:91:16:65:d4:11:a1:bb:
e0:d0:1d:5e:db:19:df:04:43:cc:fd:4c:27:70:0e:
c8:6c:04:99:2f:e8:3f:00:c0:5e:e8:a0:1c:ea:65:
c0:3f:48:10:34:b1:dd:6f:0e:98:ae:76:39:cb:26:
62:57:ab:1d:f0:1b:b2:91:57:0f:a7:88:d6:3f:48:
f3:4d:35:27:a1:84:3e:68:61:e1:cc:52:8f:1c:38:
c4:5d:7a:d3:84:58:89:0a:0e:e9:78:71:f1:79:2e:
59:dc:ee:85:f9:41:95:c7:b5:30:a8:18:82:53:28:
75:88:5e:1a:aa:a2:e5:b5:da:30:8e:e9:7d:2f:66:
b1:c7:9a:e1:7c:92:e7:60:a1:aa:37:27:04:c0:bd:
74:6c:2d:ab:78:fa:f9:99:2a:ef:be:bf:8a:e6:4d:
b7:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:C1:3C:74:1E:2B:87:7B:3E:5E:1A:84:C2:9B:A2:35:90:DB:8B:CC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tME8dB4rh3s-XhqEwpuiNZDbi8w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
24:1d:14:18:f5:ee:f1:a7:ed:d9:be:3d:8e:59:28:24:41:31:
69:d5:ab:16:e3:a1:f7:61:f8:92:35:47:8f:08:fc:d8:32:d2:
74:19:05:13:6a:bf:87:e5:49:6f:3d:a0:cb:60:bf:82:7e:b2:
61:a7:86:2f:6e:ca:a8:91:d4:08:c7:88:a0:a2:10:eb:f2:d5:
ed:27:d8:d4:59:9d:b4:b2:18:b8:a4:e7:ca:06:19:bc:c8:0a:
f7:ad:47:df:f1:f4:a1:89:c7:64:45:f4:1e:38:8a:25:53:9f:
72:07:0e:4b:13:16:73:1f:b8:2c:a0:d3:f0:8c:f6:25:95:32:
46:e9:36:64:a5:b0:4d:78:69:e4:5a:b8:c0:04:db:95:78:d4:
cf:7e:3e:2e:5e:8d:74:54:64:e1:1d:e7:ed:2d:d4:d9:fc:57:
7b:be:1d:25:8a:96:2e:01:ff:64:65:f2:01:f2:a6:11:7b:c6:
be:80:81:31:e3:fb:09:96:ff:1e:bf:30:1a:1f:18:ce:79:0d:
0b:c7:99:2c:43:9a:ed:09:28:fd:13:22:7d:38:14:a3:75:4f:
23:fb:ce:7c:a5:7b:45:7e:3c:bd:77:2f:1c:e7:fa:de:ba:02:
69:1c:5e:25:ba:07:56:58:97:3c:88:fc:e8:bd:06:13:ab:c8:
84:0b:21:d2
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPiYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEx
MDUyNDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI0QzEzQzc0MUUyQjg3
N0IzRTVFMUE4NEMyOUJBMjM1OTBEQjhCQ0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDwjmMt2RqPsJn/lyMfkJ/ReAX0IkhOrPKFnAX4QRB1Fj6OC5lo
e4b5ws+v8FMDfcdmMxsXIF9zGnOv1eeVaiSVZRivgAxh3ipprD/aeXrrvI2T6bjQ
CDKsZooHtkkbiYlVkRZl1BGhu+DQHV7bGd8EQ8z9TCdwDshsBJkv6D8AwF7ooBzq
ZcA/SBA0sd1vDpiudjnLJmJXqx3wG7KRVw+niNY/SPNNNSehhD5oYeHMUo8cOMRd
etOEWIkKDul4cfF5Llnc7oX5QZXHtTCoGIJTKHWIXhqqouW12jCO6X0vZrHHmuF8
kudgoao3JwTAvXRsLat4+vmZKu++v4rmTbcTAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUtME8dB4rh3s+XhqEwpuiNZDbi8wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RNRThkQjRyaDNzLVho
cUV3cHVpTlpEYmk4dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAJB0UGPXu8aft2b49jlkoJEExadWrFuOh
92H4kjVHjwj82DLSdBkFE2q/h+VJbz2gy2C/gn6yYaeGL27KqJHUCMeIoKIQ6/LV
7SfY1FmdtLIYuKTnygYZvMgK961H3/H0oYnHZEX0HjiKJVOfcgcOSxMWcx+4LKDT
8Iz2JZUyRuk2ZKWwTXhp5Fq4wATblXjUz34+Ll6NdFRk4R3n7S3U2fxXe74dJYqW
LgH/ZGXyAfKmEXvGvoCBMeP7CZb/Hr8wGh8YznkNC8eZLEOa7Qko/RMifTgUo3VP
I/vOfKV7RX48vXcvHOf63roCaRxeJboHVliXPIj86L0GE6vIhAsh0g==
-----END CERTIFICATE-----
Generated at Thu Apr 11 17:36:05 2024 by rpki-client on console.sobornost.net