Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zIEhG7AzQW2A774PFKsWrUQIIUU.roa
File: zIEhG7AzQW2A774PFKsWrUQIIUU.roa (raw, json)
Hash identifier: aHfZ8JuMdIvjvwg7BmYYrR7VTeVR/gBm+C6U3EM3qX8=
Subject key identifier: CC:81:21:1B:B0:33:41:6D:80:EF:BE:0F:14:AB:16:AD:44:08:21:45
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DDE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zIEhG7AzQW2A774PFKsWrUQIIUU.roa
Signing time: Thu 02 May 2024 09:53:40 +0000
ROA not before: Thu 02 May 2024 09:53:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19934 (0x4dde)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 09:53:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CC81211BB033416D80EFBE0F14AB16AD44082145
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:70:e0:a8:4e:c7:6e:8d:80:c0:39:f6:c8:8d:
9a:6f:13:5d:7c:7e:55:a8:e9:99:8f:91:04:46:19:
07:7b:ec:18:91:63:bc:66:8f:cd:43:76:4d:2c:5f:
de:03:be:14:5b:a2:13:fa:e0:da:3a:8d:af:71:c1:
04:3b:d0:9d:66:77:69:00:43:3d:74:d5:49:5c:cf:
5f:01:e8:ad:b3:88:ca:11:ca:25:7e:f1:9f:39:e6:
6c:a3:33:d4:91:45:57:4a:7a:79:a6:71:43:64:4d:
71:33:50:31:51:b8:e8:64:e1:0b:14:55:3e:bf:c1:
e5:cd:b0:14:2a:0d:f1:f5:e0:a4:45:f2:30:c8:43:
c6:6f:94:d3:90:4c:c6:b4:7e:f5:c5:6f:17:2b:e4:
62:43:65:27:cc:eb:5a:a0:2e:8c:f0:03:41:3f:e4:
06:be:d8:9c:5f:6e:79:43:09:28:4a:c1:66:7c:b5:
dc:5f:48:11:6b:1d:a7:22:2b:b4:d5:1f:9c:af:1b:
9f:bd:cf:f1:95:c5:1f:4a:b5:05:08:b7:26:dd:2a:
21:6b:fd:25:59:92:9f:77:27:21:60:8b:73:21:8c:
39:53:51:28:11:49:76:cf:40:26:c4:98:71:42:5f:
0d:5b:e2:6f:5a:ac:f8:30:2f:4c:95:1b:dc:5f:d1:
b0:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:81:21:1B:B0:33:41:6D:80:EF:BE:0F:14:AB:16:AD:44:08:21:45
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zIEhG7AzQW2A774PFKsWrUQIIUU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
41:c9:76:02:a9:38:2d:4b:89:16:db:0e:35:2d:a4:d7:cd:2d:
eb:49:f7:bd:f4:bd:0c:f7:2a:86:3d:0a:a9:ba:96:26:a9:dc:
ab:50:cc:36:0d:cc:74:4d:3d:05:09:9f:4d:73:2a:1f:c1:a8:
5c:d4:3b:f6:46:bb:f3:47:40:1a:5d:bb:7b:41:fd:32:a8:83:
b9:21:61:9d:2b:cc:27:81:23:f5:a0:77:35:35:8d:74:05:47:
d2:c2:52:6b:99:e5:34:a7:d9:d9:97:b0:b0:5f:85:f9:1c:9f:
0b:7a:94:8b:f0:e0:73:c6:42:17:04:85:61:37:3c:ce:98:27:
b8:02:67:9d:58:8d:b7:1f:bf:38:dc:7c:0e:f4:d9:6c:24:6c:
b2:94:03:84:a9:ed:b5:be:ec:13:45:c9:ab:cd:9f:61:d4:a3:
69:4b:e0:f5:bc:21:89:e9:b6:5c:84:dc:d9:24:a6:2b:0c:06:
2a:6f:42:28:e0:ac:05:38:2f:92:ed:b0:0a:7a:03:f7:bd:66:
ee:fa:2b:9d:22:8c:05:f9:50:44:bc:48:ca:3d:fd:79:70:36:
8c:0d:55:81:bd:9d:9f:a3:d8:3a:20:c7:e8:f5:a6:d6:66:95:
00:67:cd:2a:63:95:68:e2:8f:45:2f:a4:fd:e1:03:1b:bc:8b:
df:a2:e5:27
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTd4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
OTUzNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENDODEyMTFCQjAzMzQx
NkQ4MEVGQkUwRjE0QUIxNkFENDQwODIxNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBcOCoTsdujYDAOfbIjZpvE118flWo6ZmPkQRGGQd77BiRY7xm
j81Ddk0sX94DvhRbohP64No6ja9xwQQ70J1md2kAQz101Ulcz18B6K2ziMoRyiV+
8Z855myjM9SRRVdKenmmcUNkTXEzUDFRuOhk4QsUVT6/weXNsBQqDfH14KRF8jDI
Q8ZvlNOQTMa0fvXFbxcr5GJDZSfM61qgLozwA0E/5Aa+2JxfbnlDCShKwWZ8tdxf
SBFrHaciK7TVH5yvG5+9z/GVxR9KtQUItybdKiFr/SVZkp93JyFgi3MhjDlTUSgR
SXbPQCbEmHFCXw1b4m9arPgwL0yVG9xf0bBhAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUzIEhG7AzQW2A774PFKsWrUQIIUUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pJRWhHN0F6UVcyQTc3
NFBGS3NXclVRSUlVVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAQcl2Aqk4LUuJFtsONS2k180t60n3vfS9
DPcqhj0KqbqWJqncq1DMNg3MdE09BQmfTXMqH8GoXNQ79ka780dAGl27e0H9MqiD
uSFhnSvMJ4Ej9aB3NTWNdAVH0sJSa5nlNKfZ2ZewsF+F+RyfC3qUi/Dgc8ZCFwSF
YTc8zpgnuAJnnViNtx+/ONx8DvTZbCRsspQDhKnttb7sE0XJq82fYdSjaUvg9bwh
iem2XITc2SSmKwwGKm9CKOCsBTgvku2wCnoD971m7vornSKMBflQRLxIyj39eXA2
jA1Vgb2dn6PYOiDH6PWm1maVAGfNKmOVaOKPRS+k/eEDG7yL36LlJw==
-----END CERTIFICATE-----
Generated at Thu May 2 13:57:27 2024 by rpki-client on console.sobornost.net