Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zDtJjedNWxuLK6MRDCpFq4XzNcQ.roa
File: zDtJjedNWxuLK6MRDCpFq4XzNcQ.roa (raw, json)
Hash identifier: JNf41Pi8C5og83uNlfTAY/hgQCyt8RTgYVo26H5+hfg=
Subject key identifier: CC:3B:49:8D:E7:4D:5B:1B:8B:2B:A3:11:0C:2A:45:AB:85:F3:35:C4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4176
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zDtJjedNWxuLK6MRDCpFq4XzNcQ.roa
Signing time: Mon 15 Apr 2024 20:52:56 +0000
ROA not before: Mon 15 Apr 2024 20:52:56 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16758 (0x4176)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 20:52:56 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CC3B498DE74D5B1B8B2BA3110C2A45AB85F335C4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:cd:e6:43:68:b8:24:e6:f1:0b:23:ac:e0:55:
43:af:15:da:de:0c:24:6b:50:12:3a:20:a8:20:f4:
9d:de:98:d6:7d:ee:81:c8:6a:9b:6c:87:f5:d6:7b:
66:25:b1:ff:15:69:52:bc:4b:d9:76:34:3a:92:f3:
fe:07:07:e0:92:3c:40:16:55:9b:22:72:d2:57:8c:
1a:69:79:2a:5a:bf:f8:52:ff:a2:e4:7f:1b:f7:fe:
ea:d6:d9:d9:a1:1e:86:a7:9f:66:4d:45:ad:3d:2e:
95:32:5e:76:5a:b9:8b:1b:70:5d:2f:fb:d2:df:c1:
98:6d:1e:41:5b:cb:70:50:f3:56:9e:97:be:34:2b:
8e:78:25:16:c3:5a:99:06:1e:18:9a:c2:fe:3d:28:
e1:18:44:32:a4:92:05:91:73:e0:a6:51:ec:70:8d:
37:d3:21:63:53:af:dc:e1:8a:40:e8:aa:e1:38:a8:
c9:5c:2a:13:3a:d0:b4:73:ec:6d:6b:97:aa:17:2d:
45:94:b9:4a:66:a5:d0:92:84:1e:87:2e:89:12:26:
16:c9:66:43:3d:42:82:b0:ee:44:89:3c:e7:0e:f3:
55:fb:e0:9e:c8:f2:13:ab:19:7f:b5:b7:13:5b:ff:
43:2d:2d:d5:6a:f9:6a:40:c0:0c:b8:4a:77:87:fd:
16:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:3B:49:8D:E7:4D:5B:1B:8B:2B:A3:11:0C:2A:45:AB:85:F3:35:C4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zDtJjedNWxuLK6MRDCpFq4XzNcQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3f:e6:b4:90:b1:7a:61:37:c8:4c:cc:b7:57:ae:ca:ea:35:1b:
7b:1d:3b:ab:97:9c:27:2a:77:ce:17:85:fb:db:77:43:93:df:
ef:3e:d2:39:8e:f7:e9:6f:e9:63:af:41:d7:38:cf:f0:e1:b6:
e8:42:d6:09:cd:82:e0:1e:5a:fb:e9:b7:9d:0b:98:14:26:c8:
ce:16:0c:f4:ab:36:0d:79:18:1f:34:a7:b7:40:98:1d:a0:0a:
47:53:c5:20:1b:54:db:bf:e9:12:10:c4:d7:90:10:2f:40:90:
ad:45:bc:de:0c:5b:da:4c:97:a0:e5:a6:98:fe:60:fb:1e:65:
f9:ad:20:8f:64:4d:52:81:38:32:a4:4c:c2:03:00:71:28:c0:
9a:e3:08:b7:79:c8:5a:02:87:a8:6e:36:26:07:e4:21:4a:1c:
0e:cf:62:49:99:af:9b:4c:1b:44:a0:ab:b3:72:e8:97:3b:98:
62:08:0e:6f:6f:62:c8:c4:d9:9d:6a:d5:7f:45:60:27:fa:58:
47:dc:e7:ae:c6:6e:19:e6:3f:a9:b5:1d:be:dd:75:f5:5c:99:
b5:75:87:08:af:5e:6b:5a:8d:e2:c6:4a:6e:84:d5:ca:bd:6f:
22:74:58:2c:9e:68:2d:5c:2b:4e:8e:42:52:d9:bd:ff:07:af:
be:4d:0b:5b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQXYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUy
MDUyNTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENDM0I0OThERTc0RDVC
MUI4QjJCQTMxMTBDMkE0NUFCODVGMzM1QzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDqzeZDaLgk5vELI6zgVUOvFdreDCRrUBI6IKgg9J3emNZ97oHI
aptsh/XWe2Ylsf8VaVK8S9l2NDqS8/4HB+CSPEAWVZsictJXjBppeSpav/hS/6Lk
fxv3/urW2dmhHoann2ZNRa09LpUyXnZauYsbcF0v+9LfwZhtHkFby3BQ81ael740
K454JRbDWpkGHhiawv49KOEYRDKkkgWRc+CmUexwjTfTIWNTr9zhikDoquE4qMlc
KhM60LRz7G1rl6oXLUWUuUpmpdCShB6HLokSJhbJZkM9QoKw7kSJPOcO81X74J7I
8hOrGX+1txNb/0MtLdVq+WpAwAy4SneH/RY7AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUzDtJjedNWxuLK6MRDCpFq4XzNcQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pEdEpqZWROV3h1TEs2
TVJEQ3BGcTRYek5jUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAP+a0kLF6YTfITMy3V67K6jUbex07q5ec
Jyp3zheF+9t3Q5Pf7z7SOY736W/pY69B1zjP8OG26ELWCc2C4B5a++m3nQuYFCbI
zhYM9Ks2DXkYHzSnt0CYHaAKR1PFIBtU27/pEhDE15AQL0CQrUW83gxb2kyXoOWm
mP5g+x5l+a0gj2RNUoE4MqRMwgMAcSjAmuMIt3nIWgKHqG42JgfkIUocDs9iSZmv
m0wbRKCrs3LolzuYYggOb29iyMTZnWrVf0VgJ/pYR9znrsZuGeY/qbUdvt119VyZ
tXWHCK9ea1qN4sZKboTVyr1vInRYLJ5oLVwrTo5CUtm9/wevvk0LWw==
-----END CERTIFICATE-----
Generated at Tue Apr 16 09:59:22 2024 by rpki-client on console.sobornost.net