Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tu97QeeA3a-bCHXMd6rsVBgHp5w.roa
File: tu97QeeA3a-bCHXMd6rsVBgHp5w.roa (raw, json)
Hash identifier: +SAPVnzJnHbxNDLvoMn4scdStmSwthDBSKo47k/zq/U=
Subject key identifier: B6:EF:7B:41:E7:80:DD:AF:9B:08:75:CC:77:AA:EC:54:18:07:A7:9C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3766
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tu97QeeA3a-bCHXMd6rsVBgHp5w.roa
Signing time: Tue 02 Apr 2024 10:52:17 +0000
ROA not before: Tue 02 Apr 2024 10:52:17 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14182 (0x3766)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 2 10:52:17 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B6EF7B41E780DDAF9B0875CC77AAEC541807A79C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:14:3a:7c:44:da:80:ba:82:0f:b6:a2:c1:68:
f0:9f:4e:e3:fb:6f:74:1b:59:d7:8b:56:47:6a:73:
33:b0:f2:89:eb:d1:09:b3:f6:02:a4:11:97:56:8f:
bb:81:a6:1a:16:dd:c5:8c:1c:dc:27:f2:1f:35:c7:
90:cb:5f:ae:eb:94:48:48:aa:7a:49:15:bb:b6:3f:
9e:2e:7f:20:54:c3:a5:b9:62:3d:9b:b8:fd:35:52:
46:12:82:fc:13:bb:82:19:5b:79:f9:2e:6f:4a:98:
fa:b7:0d:c8:27:66:db:e9:41:8b:26:e7:1b:78:25:
e2:ed:f5:5b:f2:96:29:99:fc:15:67:7b:d0:6e:04:
d2:d9:81:53:c1:b7:b0:57:90:8c:3f:00:1a:b2:0b:
93:c5:15:80:7a:bf:fb:79:1e:06:37:8e:e2:c3:f2:
c0:d0:fb:0f:b5:be:b2:44:7d:75:8b:3b:22:9c:74:
40:73:ac:7c:6d:85:e4:0d:f0:9f:82:88:ad:6f:f2:
8f:08:81:ea:b3:85:c4:3d:d3:76:00:6f:55:db:03:
1a:a0:44:13:d9:b8:f3:8c:b0:f9:99:ff:e9:82:a0:
46:81:c0:dc:95:3e:ff:18:22:86:3e:2a:94:1f:ce:
9a:e1:d3:78:93:66:20:e5:8c:08:0d:1f:0c:ec:85:
5c:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:EF:7B:41:E7:80:DD:AF:9B:08:75:CC:77:AA:EC:54:18:07:A7:9C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tu97QeeA3a-bCHXMd6rsVBgHp5w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3f:4a:b2:d5:65:e9:8c:f9:72:70:5c:71:ad:b1:63:7a:c5:b4:
57:2a:e3:cb:3e:ad:e7:f5:d4:bc:f5:25:a3:49:c7:d1:f0:9a:
b6:25:27:e8:96:eb:25:87:d8:cc:bf:30:55:96:f1:22:93:3a:
b6:ee:43:1e:95:0e:c1:b9:90:e7:4e:9b:a6:ae:e1:cf:b6:47:
8c:ec:40:b5:12:11:1c:29:a2:e7:58:92:ee:16:ea:41:f6:cf:
4d:0c:f6:c1:9a:7b:88:87:e2:ff:ec:fa:e6:c3:d5:0d:04:27:
03:73:11:6f:f9:ac:17:97:18:3e:67:a8:b3:f6:f9:76:bc:d2:
89:53:d1:1e:0f:85:38:ed:14:4e:ae:32:70:40:eb:e0:40:16:
61:00:5e:b9:92:13:e0:a4:e4:93:73:68:53:87:4a:7d:02:fd:
6f:44:32:b3:cf:7a:1f:8b:5b:65:5c:07:b6:fb:4d:66:5b:22:
21:83:00:f4:d6:47:07:e5:1c:76:dc:cd:94:29:02:17:58:f0:
a8:6b:c1:7f:c5:bf:fc:34:be:b2:bc:aa:ab:8e:a8:b9:7b:05:
82:3b:43:0e:29:e4:1d:61:c9:17:fa:0a:f9:fd:3c:b2:71:ab:
f0:1c:d8:fd:8d:6b:9e:96:c5:19:cf:73:cf:29:2e:56:ac:b0:
64:51:50:53
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICN2YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDIx
MDUyMTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI2RUY3QjQxRTc4MERE
QUY5QjA4NzVDQzc3QUFFQzU0MTgwN0E3OUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhFDp8RNqAuoIPtqLBaPCfTuP7b3QbWdeLVkdqczOw8onr0Qmz
9gKkEZdWj7uBphoW3cWMHNwn8h81x5DLX67rlEhIqnpJFbu2P54ufyBUw6W5Yj2b
uP01UkYSgvwTu4IZW3n5Lm9KmPq3DcgnZtvpQYsm5xt4JeLt9VvylimZ/BVne9Bu
BNLZgVPBt7BXkIw/ABqyC5PFFYB6v/t5HgY3juLD8sDQ+w+1vrJEfXWLOyKcdEBz
rHxtheQN8J+CiK1v8o8IgeqzhcQ903YAb1XbAxqgRBPZuPOMsPmZ/+mCoEaBwNyV
Pv8YIoY+KpQfzprh03iTZiDljAgNHwzshVypAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUtu97QeeA3a+bCHXMd6rsVBgHp5wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3R1OTdRZWVBM2EtYkNI
WE1kNnJzVkJnSHA1dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAP0qy1WXpjPlycFxxrbFjesW0Vyrjyz6t
5/XUvPUlo0nH0fCatiUn6JbrJYfYzL8wVZbxIpM6tu5DHpUOwbmQ506bpq7hz7ZH
jOxAtRIRHCmi51iS7hbqQfbPTQz2wZp7iIfi/+z65sPVDQQnA3MRb/msF5cYPmeo
s/b5drzSiVPRHg+FOO0UTq4ycEDr4EAWYQBeuZIT4KTkk3NoU4dKfQL9b0Qys896
H4tbZVwHtvtNZlsiIYMA9NZHB+UcdtzNlCkCF1jwqGvBf8W//DS+sryqq46ouXsF
gjtDDinkHWHJF/oK+f08snGr8BzY/Y1rnpbFGc9zzykuVqywZFFQUw==
-----END CERTIFICATE-----
Generated at Tue Apr 2 17:48:33 2024 by rpki-client on console.sobornost.net