Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zQ6rqu4IFciQfy_mQQmhOkSSMVM.roa
File: zQ6rqu4IFciQfy_mQQmhOkSSMVM.roa (raw, json)
Hash identifier: 1o08kEjRI9nPCbVJ7CeruCZSyxk4TMdPOgBjNfc2Y6k=
Subject key identifier: CD:0E:AB:AA:EE:08:15:C8:90:7F:2F:E6:41:09:A1:3A:44:92:31:53
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 399E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zQ6rqu4IFciQfy_mQQmhOkSSMVM.roa
Signing time: Fri 05 Apr 2024 09:52:24 +0000
ROA not before: Fri 05 Apr 2024 09:52:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14750 (0x399e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 5 09:52:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CD0EABAAEE0815C8907F2FE64109A13A44923153
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:3a:38:23:56:eb:fc:43:28:42:5c:5a:d3:6d:
fc:49:73:49:fe:98:85:06:63:83:56:9e:e6:22:18:
3f:e2:a1:2d:66:91:1e:86:fa:42:4e:74:08:96:e2:
ad:fb:ff:3f:2c:57:0a:66:62:66:d6:95:96:f0:31:
0e:9f:72:14:0f:2e:8b:20:da:aa:6d:4a:bd:ef:25:
fd:dd:f7:6e:11:1a:26:6a:e1:69:c8:f5:d1:5d:23:
de:11:28:b2:48:7b:21:56:05:23:84:9e:9f:4d:fc:
e4:dc:c6:13:f2:08:f5:5d:ff:7d:f4:e6:ab:4e:96:
ca:e0:f1:20:d6:92:3c:d6:3d:71:49:30:2d:f0:a8:
ce:f3:1b:96:ae:af:df:99:26:76:16:9a:f7:cb:3a:
a3:d8:7a:6b:72:be:1f:02:eb:46:8f:15:d9:99:c5:
27:93:48:d9:9e:6c:e5:90:f4:34:76:8b:90:b7:51:
73:8c:55:56:5f:e3:cb:07:44:a7:e0:e8:18:19:ba:
1a:98:16:2b:b0:2f:39:9d:a1:3d:45:cf:ec:67:9e:
d4:b8:f8:1a:c4:23:1c:c2:25:9a:34:c9:60:62:ec:
74:66:d5:0e:83:7d:3b:34:f7:28:a4:2d:b4:bf:21:
1f:e9:e9:de:c8:ff:d5:36:61:23:8d:f3:25:31:06:
b9:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:0E:AB:AA:EE:08:15:C8:90:7F:2F:E6:41:09:A1:3A:44:92:31:53
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zQ6rqu4IFciQfy_mQQmhOkSSMVM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
41:d9:02:3a:95:6b:29:26:14:c4:7e:eb:3f:08:bb:cb:bf:85:
28:9a:51:53:3c:86:76:bf:a7:90:a4:0f:77:4e:ff:00:bd:6c:
f5:99:ba:c0:c6:39:4c:9e:07:45:d3:21:d2:84:03:7a:e1:db:
b6:87:41:65:f7:7f:a7:c4:a5:4a:b5:cf:b0:1c:f2:c2:66:d9:
4e:fa:88:df:a6:df:9e:be:83:3f:6c:bc:69:1d:75:81:43:24:
1e:00:22:4c:f5:57:c0:8b:f8:ed:fb:14:46:65:f5:14:29:e9:
e0:66:b7:fc:be:01:3e:8e:6a:76:f1:a2:90:56:ac:f7:46:08:
60:4d:63:6d:30:2a:75:15:74:ff:e9:07:19:7a:8e:f6:05:9f:
10:a5:b6:f0:f0:e6:f8:b7:00:2e:44:54:d9:03:81:4b:bb:ce:
a6:60:a6:46:da:71:e1:e0:56:7a:e9:25:70:c3:c8:68:08:c9:
a8:15:b5:77:37:d1:68:f9:07:1e:f6:b0:ea:e4:a4:c9:07:bd:
f6:59:05:fd:ff:22:5c:40:91:ff:46:e4:2a:87:42:78:08:f9:
ed:69:00:38:fc:58:de:b2:b6:38:02:ef:fe:cb:f0:d7:3c:77:
28:e4:6d:b2:dd:2d:6e:6a:fa:ab:8a:04:ee:cb:b9:dd:3f:45:
06:71:f4:48
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOZ4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDUw
OTUyMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENEMEVBQkFBRUUwODE1
Qzg5MDdGMkZFNjQxMDlBMTNBNDQ5MjMxNTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzOjgjVuv8QyhCXFrTbfxJc0n+mIUGY4NWnuYiGD/ioS1mkR6G
+kJOdAiW4q37/z8sVwpmYmbWlZbwMQ6fchQPLosg2qptSr3vJf3d924RGiZq4WnI
9dFdI94RKLJIeyFWBSOEnp9N/OTcxhPyCPVd/3305qtOlsrg8SDWkjzWPXFJMC3w
qM7zG5aur9+ZJnYWmvfLOqPYemtyvh8C60aPFdmZxSeTSNmebOWQ9DR2i5C3UXOM
VVZf48sHRKfg6BgZuhqYFiuwLzmdoT1Fz+xnntS4+BrEIxzCJZo0yWBi7HRm1Q6D
fTs09yikLbS/IR/p6d7I/9U2YSON8yUxBrn7AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUzQ6rqu4IFciQfy/mQQmhOkSSMVMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pRNnJxdTRJRmNpUWZ5
X21RUW1oT2tTU01WTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAQdkCOpVrKSYUxH7rPwi7y7+FKJpRUzyG
dr+nkKQPd07/AL1s9Zm6wMY5TJ4HRdMh0oQDeuHbtodBZfd/p8SlSrXPsBzywmbZ
TvqI36bfnr6DP2y8aR11gUMkHgAiTPVXwIv47fsURmX1FCnp4Ga3/L4BPo5qdvGi
kFas90YIYE1jbTAqdRV0/+kHGXqO9gWfEKW28PDm+LcALkRU2QOBS7vOpmCmRtpx
4eBWeuklcMPIaAjJqBW1dzfRaPkHHvaw6uSkyQe99lkF/f8iXECR/0bkKodCeAj5
7WkAOPxY3rK2OALv/svw1zx3KORtst0tbmr6q4oE7su53T9FBnH0SA==
-----END CERTIFICATE-----
Generated at Fri Apr 5 10:25:33 2024 by rpki-client on console-fra.rpki-client.org