Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/17gh7V--QhncNGqmtPPidIvrMGE.roa
File: 17gh7V--QhncNGqmtPPidIvrMGE.roa (raw, json)
Hash identifier: yVcXT4Lr6Jh4cJnZjQUzUeek+Nkqi5q+2dE2b+u4ii4=
Subject key identifier: D7:B8:21:ED:5F:BE:42:19:DC:34:6A:A6:B4:F3:E2:74:8B:EB:30:61
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 37A2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/17gh7V--QhncNGqmtPPidIvrMGE.roa
Signing time: Tue 02 Apr 2024 18:22:15 +0000
ROA not before: Tue 02 Apr 2024 18:22:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14242 (0x37a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 2 18:22:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D7B821ED5FBE4219DC346AA6B4F3E2748BEB3061
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:9a:1a:79:52:81:af:ad:d1:55:9f:ca:3e:7b:
92:da:4f:0a:bd:b0:26:7f:cc:63:b0:ec:d1:e1:a1:
79:a9:47:53:06:52:e4:b1:ad:fa:35:68:4e:61:b7:
f2:89:48:81:a6:73:aa:cd:9d:cd:d3:57:79:01:89:
92:5d:c0:11:3e:46:da:bf:e2:fe:f9:2f:a0:e5:76:
9c:0e:fd:25:4c:36:95:26:f6:ce:61:2c:0c:fa:fd:
3e:90:33:f4:97:fc:0e:01:e7:13:f1:dc:02:a5:e9:
d0:a4:fc:c9:16:3d:71:3c:65:ca:97:f5:f8:0e:02:
05:c7:2b:18:91:40:a4:80:32:0f:9c:07:8f:c6:13:
5e:08:9c:26:17:c7:1b:60:a6:a4:87:bc:ae:c2:c4:
ba:e0:9c:f6:84:2e:ad:72:f8:4c:2d:99:5a:4a:18:
ba:2b:a8:a9:86:6a:27:94:d7:68:c4:c5:90:f3:b9:
17:66:65:52:7a:30:ee:12:1c:36:6e:bc:6c:9b:09:
3b:1a:a5:da:55:45:af:0e:2d:19:b1:f7:94:04:9d:
45:33:0e:43:28:95:55:3b:a1:a2:4a:6a:0d:fb:65:
b4:dd:7d:45:b7:92:2a:36:73:e0:59:44:a5:33:07:
82:19:aa:1e:f8:81:48:c5:61:3c:2a:c9:bf:83:51:
5f:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:B8:21:ED:5F:BE:42:19:DC:34:6A:A6:B4:F3:E2:74:8B:EB:30:61
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/17gh7V--QhncNGqmtPPidIvrMGE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b1:4c:0b:2f:0f:3e:c8:38:df:00:6b:6b:04:07:c5:11:1d:97:
ae:98:69:f3:27:78:21:d1:c2:f3:05:e7:0a:ea:51:47:f8:5b:
5b:e8:ef:a4:6a:48:45:08:b2:ac:bb:81:d5:33:10:d8:60:f5:
37:a0:a0:ef:2e:42:94:95:de:bc:82:4a:ef:9e:c0:09:73:27:
fb:2c:95:a0:4c:18:23:af:ae:9e:a2:a8:15:09:f9:64:d2:31:
bd:8c:45:12:a9:e3:1e:ac:ae:1a:dc:70:71:4e:0c:43:94:8c:
7c:37:db:45:8e:b0:21:19:c6:cc:f0:b8:d1:80:bf:06:fa:07:
a1:46:a4:be:64:e0:a6:7c:9f:21:72:f2:bd:67:66:eb:14:16:
97:52:ee:4f:8b:ba:84:43:9c:f9:dc:bb:cf:8c:d0:0e:9c:4d:
93:f8:de:e0:9a:ca:3e:11:ee:9c:56:7f:0e:c2:e8:db:ee:bf:
5d:94:6b:44:04:54:d0:9d:9a:19:82:18:e3:0b:25:14:f6:f2:
f4:52:d6:8e:2e:9a:12:17:6f:04:5c:28:ea:e8:39:6b:11:ff:
94:95:3d:58:e0:a1:3d:62:18:91:8c:38:e9:b6:b0:cc:e1:62:
ee:82:68:15:61:5f:84:29:01:4f:da:32:0d:f4:5b:a4:63:99:
7e:ca:18:9b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICN6IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDIx
ODIyMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ3QjgyMUVENUZCRTQy
MTlEQzM0NkFBNkI0RjNFMjc0OEJFQjMwNjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMmhp5UoGvrdFVn8o+e5LaTwq9sCZ/zGOw7NHhoXmpR1MGUuSx
rfo1aE5ht/KJSIGmc6rNnc3TV3kBiZJdwBE+Rtq/4v75L6DldpwO/SVMNpUm9s5h
LAz6/T6QM/SX/A4B5xPx3AKl6dCk/MkWPXE8ZcqX9fgOAgXHKxiRQKSAMg+cB4/G
E14InCYXxxtgpqSHvK7CxLrgnPaELq1y+EwtmVpKGLorqKmGaieU12jExZDzuRdm
ZVJ6MO4SHDZuvGybCTsapdpVRa8OLRmx95QEnUUzDkMolVU7oaJKag37ZbTdfUW3
kio2c+BZRKUzB4IZqh74gUjFYTwqyb+DUV/fAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU17gh7V++QhncNGqmtPPidIvrMGEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzE3Z2g3Vi0tUWhuY05H
cW10UFBpZEl2ck1HRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAsUwLLw8+yDjfAGtrBAfFER2Xrphp8yd4
IdHC8wXnCupRR/hbW+jvpGpIRQiyrLuB1TMQ2GD1N6Cg7y5ClJXevIJK757ACXMn
+yyVoEwYI6+unqKoFQn5ZNIxvYxFEqnjHqyuGtxwcU4MQ5SMfDfbRY6wIRnGzPC4
0YC/BvoHoUakvmTgpnyfIXLyvWdm6xQWl1LuT4u6hEOc+dy7z4zQDpxNk/je4JrK
PhHunFZ/DsLo2+6/XZRrRARU0J2aGYIY4wslFPby9FLWji6aEhdvBFwo6ug5axH/
lJU9WOChPWIYkYw46bawzOFi7oJoFWFfhCkBT9oyDfRbpGOZfsoYmw==
-----END CERTIFICATE-----
Generated at Wed Apr 3 01:44:26 2024 by rpki-client on console.sobornost.net