Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0dxtrmJGkGGsiSdCA8p5lNpSKn8.roa
File: 0dxtrmJGkGGsiSdCA8p5lNpSKn8.roa (raw, json)
Hash identifier: 7uqG7nxNjjnI+mKVWHCVrSIWWl6U6dMT4TTF6lLKHvw=
Subject key identifier: D1:DC:6D:AE:62:46:90:61:AC:89:27:42:03:CA:79:94:DA:52:2A:7F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F36
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0dxtrmJGkGGsiSdCA8p5lNpSKn8.roa
Signing time: Fri 12 Apr 2024 20:52:48 +0000
ROA not before: Fri 12 Apr 2024 20:52:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16182 (0x3f36)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 20:52:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D1DC6DAE62469061AC89274203CA7994DA522A7F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:23:40:bd:be:e6:ea:e0:cf:2b:86:40:8e:9b:
c0:29:f4:89:4e:fb:91:5b:08:a1:1a:20:be:f3:64:
d2:fc:73:be:bf:99:ed:86:4f:76:85:fa:66:2f:36:
3e:d6:e1:3f:76:a8:da:6f:32:a9:ae:87:c7:ed:5b:
69:ee:9c:a6:fc:db:74:55:95:d7:cf:ed:4d:d4:a3:
2e:ce:f0:05:58:a0:d3:c2:b8:99:59:6b:7b:39:84:
65:91:fa:16:1f:7e:31:53:b3:9b:36:05:59:f2:a1:
54:05:3d:3e:19:14:02:cc:16:be:ec:a0:1e:89:ec:
1e:a3:dc:c3:8f:73:63:5f:a4:d4:95:31:69:74:cd:
b6:21:fb:85:2b:5e:c2:94:b5:ff:87:05:bd:95:d5:
a7:9f:2d:a7:8e:a5:9a:87:d5:d8:02:36:01:60:78:
61:c3:2c:3a:9d:81:7f:53:8a:f9:16:6c:96:21:53:
b7:77:13:d7:96:55:7e:25:15:50:fa:58:df:55:2f:
b8:26:ca:2f:cf:e9:e4:a7:19:36:c3:ef:9d:5d:89:
13:1d:01:16:bd:00:54:9b:49:bf:96:67:16:15:22:
65:dc:4b:68:a5:af:a6:39:e7:a0:1b:1f:d9:ac:0f:
28:27:e5:7a:17:41:23:07:f9:0f:90:d1:c1:7b:07:
c2:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:DC:6D:AE:62:46:90:61:AC:89:27:42:03:CA:79:94:DA:52:2A:7F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0dxtrmJGkGGsiSdCA8p5lNpSKn8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
98:bd:d6:b9:64:7d:3e:be:ad:fc:c7:43:1b:a1:64:36:42:45:
89:73:3d:00:d5:15:9f:6d:cb:d8:c6:26:62:d5:e7:60:75:8f:
b8:21:81:9b:06:93:e3:1f:ea:31:2a:d5:55:a3:5c:22:b0:99:
02:a1:75:51:31:78:de:7b:cf:57:d6:58:47:50:3e:e3:73:29:
17:a9:75:c3:d8:af:13:fa:7a:a5:10:4d:8a:96:f4:b4:0c:19:
f4:e8:7e:b7:28:5e:41:a5:79:49:7f:f9:24:83:0c:31:76:0d:
a6:4e:30:51:5e:2d:bc:6d:86:5f:a4:e4:32:75:35:02:52:d6:
93:72:84:e5:81:b9:4d:83:2a:3d:aa:e1:31:8a:24:6a:e6:0b:
78:29:a6:08:d5:49:e3:cf:2a:0d:6b:1f:45:2f:72:3d:4d:73:
e9:7a:e7:ba:8b:47:3a:03:1b:00:b4:49:62:54:35:84:49:4b:
27:0c:af:44:ee:98:1f:4a:91:f3:e0:69:cd:6c:a0:35:21:51:
a8:45:e7:be:b3:6d:ab:cc:97:7c:0c:2b:de:f2:fe:f8:89:cb:
6a:15:28:b4:e3:b5:d1:7e:61:7c:ec:0b:94:70:fb:f2:e8:69:
05:de:27:dc:ad:6e:b1:51:f7:eb:d6:01:7b:05:d6:1c:d9:7f:
dd:03:c6:d9
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPzYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIy
MDUyNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQxREM2REFFNjI0Njkw
NjFBQzg5Mjc0MjAzQ0E3OTk0REE1MjJBN0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1I0C9vubq4M8rhkCOm8Ap9IlO+5FbCKEaIL7zZNL8c76/me2G
T3aF+mYvNj7W4T92qNpvMqmuh8ftW2nunKb823RVldfP7U3Uoy7O8AVYoNPCuJlZ
a3s5hGWR+hYffjFTs5s2BVnyoVQFPT4ZFALMFr7soB6J7B6j3MOPc2NfpNSVMWl0
zbYh+4UrXsKUtf+HBb2V1aefLaeOpZqH1dgCNgFgeGHDLDqdgX9TivkWbJYhU7d3
E9eWVX4lFVD6WN9VL7gmyi/P6eSnGTbD751diRMdARa9AFSbSb+WZxYVImXcS2il
r6Y556AbH9msDygn5XoXQSMH+Q+Q0cF7B8KnAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU0dxtrmJGkGGsiSdCA8p5lNpSKn8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBkeHRybUpHa0dHc2lT
ZENBOHA1bE5wU0tuOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAmL3WuWR9Pr6t/MdDG6FkNkJFiXM9ANUV
n23L2MYmYtXnYHWPuCGBmwaT4x/qMSrVVaNcIrCZAqF1UTF43nvPV9ZYR1A+43Mp
F6l1w9ivE/p6pRBNipb0tAwZ9Oh+tyheQaV5SX/5JIMMMXYNpk4wUV4tvG2GX6Tk
MnU1AlLWk3KE5YG5TYMqParhMYokauYLeCmmCNVJ488qDWsfRS9yPU1z6XrnuotH
OgMbALRJYlQ1hElLJwyvRO6YH0qR8+BpzWygNSFRqEXnvrNtq8yXfAwr3vL++InL
ahUotOO10X5hfOwLlHD78uhpBd4n3K1usVH369YBewXWHNl/3QPG2Q==
-----END CERTIFICATE-----
Generated at Sat Apr 13 02:37:20 2024 by rpki-client on console.sobornost.net