Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yegjTe6-oarY-VAxlImh2usWfgw.roa
File: yegjTe6-oarY-VAxlImh2usWfgw.roa (raw, json)
Hash identifier: +SXcyQ7mrd+hXrqbXyhn5uKmndpIo0+XDH4iX3dZ67o=
Subject key identifier: C9:E8:23:4D:EE:BE:A1:AA:D8:F9:50:31:94:89:A1:DA:EB:16:7E:0C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 443E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yegjTe6-oarY-VAxlImh2usWfgw.roa
Signing time: Fri 19 Apr 2024 13:53:23 +0000
ROA not before: Fri 19 Apr 2024 13:53:23 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17470 (0x443e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 13:53:23 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C9E8234DEEBEA1AAD8F950319489A1DAEB167E0C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:a3:23:db:bd:cf:b4:04:a6:8a:c2:a1:f6:88:
88:80:af:39:11:c7:35:3b:bc:8b:80:64:33:de:9a:
09:f6:fa:d2:24:0c:0c:92:af:c7:24:db:9a:2e:e4:
a7:80:91:3f:bc:35:fe:58:2d:e1:3a:3d:a1:0e:38:
eb:e4:47:11:4d:bb:89:5b:2d:ca:69:28:ee:ca:46:
f5:c9:91:64:a4:4e:e6:4a:51:a6:4d:a2:bc:53:d4:
f3:da:ef:fd:b2:c2:e9:a4:12:bc:2e:b8:7e:31:9a:
7f:02:df:72:f3:c3:c0:c3:44:2b:e5:8f:0b:e0:29:
83:31:72:0c:5a:d1:bb:a7:1a:72:08:a6:32:dd:b1:
d1:59:9c:ff:de:5c:82:40:f7:9a:88:a1:25:0d:e7:
cb:6c:4a:c5:f4:fa:7e:fb:96:56:d4:c6:6f:5a:a0:
e2:e6:f0:b6:0f:b7:d2:73:35:1a:87:b5:66:78:b8:
59:a9:01:e8:ba:a1:e2:fe:0c:01:56:a8:ab:c9:77:
34:07:99:3e:60:f2:3d:de:91:92:5a:4c:37:8e:78:
b4:e1:cf:9d:60:db:a7:f3:4a:d1:2a:b7:5f:f2:11:
30:8f:7e:e9:f5:60:88:00:d0:bc:17:33:4b:b2:4c:
3b:23:4c:ff:cc:2c:bc:98:d2:10:ba:4b:17:3c:a5:
bb:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:E8:23:4D:EE:BE:A1:AA:D8:F9:50:31:94:89:A1:DA:EB:16:7E:0C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yegjTe6-oarY-VAxlImh2usWfgw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
74:82:f1:69:be:a4:78:9f:0c:44:aa:6d:43:6a:91:55:95:71:
97:46:ce:60:a8:fe:8c:77:61:28:ac:63:34:a1:a2:06:2d:0c:
91:03:ae:7f:18:fe:bb:45:cd:35:26:b5:46:79:96:0c:e5:56:
85:29:a9:3d:eb:34:b6:02:46:84:5a:49:f7:17:b0:a3:54:65:
80:b5:36:ce:08:8d:bb:ab:28:a1:24:44:95:82:d5:3f:47:b3:
ef:ca:fa:b0:3a:73:9b:b3:59:88:69:15:bc:b5:bb:f6:3c:9c:
73:65:d9:d4:5b:4e:26:cd:39:d2:8f:6f:b7:18:e8:97:70:df:
0f:56:72:71:90:12:3f:05:ac:e7:d0:79:14:d6:aa:4b:60:94:
35:b0:ba:61:8e:6e:fe:0f:48:76:00:26:e1:e2:e2:9a:f7:ba:
e0:36:bb:51:65:cd:06:c5:97:f1:a2:1b:9a:d8:52:75:92:27:
8b:79:8b:fc:2f:f3:85:11:ea:cd:07:f7:ea:3c:2d:8a:5c:89:
26:5d:fa:a5:d8:81:63:5a:59:97:f9:00:eb:84:e9:3f:c1:50:
39:ae:12:eb:00:5e:2f:39:61:70:95:d7:cb:27:59:20:be:2d:
10:89:47:be:ae:8e:6e:a5:22:bb:8d:10:0e:b4:b6:e8:77:44:
9e:a8:97:af
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRD4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkx
MzUzMjNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM5RTgyMzRERUVCRUEx
QUFEOEY5NTAzMTk0ODlBMURBRUIxNjdFMEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChoyPbvc+0BKaKwqH2iIiArzkRxzU7vIuAZDPemgn2+tIkDAyS
r8ck25ou5KeAkT+8Nf5YLeE6PaEOOOvkRxFNu4lbLcppKO7KRvXJkWSkTuZKUaZN
orxT1PPa7/2ywumkErwuuH4xmn8C33Lzw8DDRCvljwvgKYMxcgxa0bunGnIIpjLd
sdFZnP/eXIJA95qIoSUN58tsSsX0+n77llbUxm9aoOLm8LYPt9JzNRqHtWZ4uFmp
Aei6oeL+DAFWqKvJdzQHmT5g8j3ekZJaTDeOeLThz51g26fzStEqt1/yETCPfun1
YIgA0LwXM0uyTDsjTP/MLLyY0hC6Sxc8pbvxAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUyegjTe6+oarY+VAxlImh2usWfgwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3llZ2pUZTYtb2FyWS1W
QXhsSW1oMnVzV2Zndy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAdILxab6keJ8MRKptQ2qRVZVxl0bOYKj+
jHdhKKxjNKGiBi0MkQOufxj+u0XNNSa1RnmWDOVWhSmpPes0tgJGhFpJ9xewo1Rl
gLU2zgiNu6sooSRElYLVP0ez78r6sDpzm7NZiGkVvLW79jycc2XZ1FtOJs050o9v
txjol3DfD1ZycZASPwWs59B5FNaqS2CUNbC6YY5u/g9IdgAm4eLimve64Da7UWXN
BsWX8aIbmthSdZIni3mL/C/zhRHqzQf36jwtilyJJl36pdiBY1pZl/kA64TpP8FQ
Oa4S6wBeLzlhcJXXyydZIL4tEIlHvq6ObqUiu40QDrS26HdEnqiXrw==
-----END CERTIFICATE-----
Generated at Fri Apr 19 19:03:59 2024 by rpki-client on console.sobornost.net