Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wKe8PL9koDfI4zDaz723rj35A7A.roa
File: wKe8PL9koDfI4zDaz723rj35A7A.roa (raw, json)
Hash identifier: IzzqlUV6lZYMJGs+AX4LExotdvDQ9wzmGlhBImpbRvg=
Subject key identifier: C0:A7:BC:3C:BF:64:A0:37:C8:E3:30:DA:CF:BD:B7:AE:3D:F9:03:B0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 429A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wKe8PL9koDfI4zDaz723rj35A7A.roa
Signing time: Wed 17 Apr 2024 09:22:58 +0000
ROA not before: Wed 17 Apr 2024 09:22:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17050 (0x429a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 09:22:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C0A7BC3CBF64A037C8E330DACFBDB7AE3DF903B0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:d4:a6:88:a8:fd:58:5e:c2:05:08:5f:2f:9e:
fd:f4:b2:8c:a7:31:99:0c:3d:ba:28:66:a2:d0:63:
71:25:df:72:0d:a2:05:c6:2f:70:12:27:82:97:07:
c8:14:6b:34:be:5c:e0:6c:3e:07:fc:02:86:3a:af:
41:35:8f:3e:f5:82:16:41:22:da:3e:13:87:dc:66:
44:2d:c1:75:59:1d:62:c5:f5:51:9e:40:cd:b0:b7:
0f:88:d7:c9:0b:55:c2:42:e5:fc:ec:ce:28:b1:58:
b8:b9:87:ef:8d:c4:07:f8:d5:1b:fa:92:b8:ce:73:
99:a3:55:43:1b:22:cf:b8:45:d6:10:1f:2d:d8:e1:
73:6e:f6:15:47:5e:54:de:8a:26:e5:12:b3:8f:d0:
8e:6c:ff:a5:12:85:2a:6d:5d:37:c6:87:35:25:8a:
28:d2:0c:1e:0f:a8:56:74:c5:c1:f6:b1:f9:1a:87:
3c:f8:37:8a:f3:36:a7:4f:17:02:39:e8:f7:01:2a:
4a:75:be:ae:4a:35:cc:73:cb:65:05:60:e5:bf:5d:
84:b1:b2:4b:79:f4:f1:05:c5:61:ac:0f:62:29:7c:
14:c7:3e:08:78:70:58:9d:af:50:f7:d1:54:6f:99:
de:d2:ae:74:7f:10:12:d3:77:4b:f0:d5:53:07:ec:
08:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:A7:BC:3C:BF:64:A0:37:C8:E3:30:DA:CF:BD:B7:AE:3D:F9:03:B0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wKe8PL9koDfI4zDaz723rj35A7A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4c:70:b9:16:73:a1:60:4f:6f:bb:bb:51:59:3c:76:ac:ec:83:
34:64:1e:9f:41:6f:89:ab:36:45:2b:c2:f1:30:79:b5:96:e1:
25:11:ac:89:cb:d5:bd:4d:70:b6:ec:f5:cb:5e:69:fd:70:d9:
88:bf:11:c1:57:6d:4f:18:ac:ca:5d:2d:57:51:b1:ef:81:6c:
d9:36:25:74:2a:f7:87:31:1c:63:b2:24:a3:a6:f6:9e:97:4a:
e0:4e:c1:09:67:57:b7:f5:81:2a:1f:0a:bc:8c:a0:77:f3:75:
c8:9a:2e:7e:3b:09:98:42:3a:67:5f:2d:21:7d:45:9e:3b:a5:
fc:64:3e:32:7f:5b:cd:5d:fd:0d:3a:8b:c8:1d:f4:d7:79:7a:
3e:5e:f7:c8:ca:6d:05:bc:81:85:19:2e:ea:37:6b:31:54:16:
6d:ed:fe:65:f4:54:8d:f4:6e:76:79:e6:f6:3f:e5:c8:7f:51:
8f:09:fa:6b:e7:e5:6d:c0:84:fa:3f:2a:61:58:b4:59:db:c9:
4a:da:9a:bc:47:9f:01:3c:f6:11:88:44:ab:6c:90:89:48:02:
28:0e:be:fa:ea:97:dd:4b:30:70:f1:6b:68:fa:be:84:ef:62:
ab:49:de:4b:7c:a0:39:8a:3c:59:48:8a:5c:06:40:37:f4:a6:
3d:2e:73:b5
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQpowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcw
OTIyNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEMwQTdCQzNDQkY2NEEw
MzdDOEUzMzBEQUNGQkRCN0FFM0RGOTAzQjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDc1KaIqP1YXsIFCF8vnv30soynMZkMPbooZqLQY3El33INogXG
L3ASJ4KXB8gUazS+XOBsPgf8AoY6r0E1jz71ghZBIto+E4fcZkQtwXVZHWLF9VGe
QM2wtw+I18kLVcJC5fzsziixWLi5h++NxAf41Rv6krjOc5mjVUMbIs+4RdYQHy3Y
4XNu9hVHXlTeiiblErOP0I5s/6UShSptXTfGhzUliijSDB4PqFZ0xcH2sfkahzz4
N4rzNqdPFwI56PcBKkp1vq5KNcxzy2UFYOW/XYSxskt59PEFxWGsD2IpfBTHPgh4
cFidr1D30VRvmd7SrnR/EBLTd0vw1VMH7AjJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUwKe8PL9koDfI4zDaz723rj35A7AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dLZThQTDlrb0RmSTR6
RGF6NzIzcmozNUE3QS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEATHC5FnOhYE9vu7tRWTx2rOyDNGQen0Fv
ias2RSvC8TB5tZbhJRGsicvVvU1wtuz1y15p/XDZiL8RwVdtTxisyl0tV1Gx74Fs
2TYldCr3hzEcY7Iko6b2npdK4E7BCWdXt/WBKh8KvIygd/N1yJoufjsJmEI6Z18t
IX1Fnjul/GQ+Mn9bzV39DTqLyB3013l6Pl73yMptBbyBhRku6jdrMVQWbe3+ZfRU
jfRudnnm9j/lyH9Rjwn6a+flbcCE+j8qYVi0WdvJStqavEefATz2EYhEq2yQiUgC
KA6++uqX3UswcPFraPq+hO9iq0neS3ygOYo8WUiKXAZAN/SmPS5ztQ==
-----END CERTIFICATE-----
Generated at Wed Apr 17 14:46:04 2024 by rpki-client on console.sobornost.net