Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1VzhN5T6fA-p-eAhsWFeDVLB8fI.roa
File: 1VzhN5T6fA-p-eAhsWFeDVLB8fI.roa (raw, json)
Hash identifier: UP/u5o/z9tSmeBoEo33rnuMfgQH4sP0g7ZKzXBs6UuU=
Subject key identifier: D5:5C:E1:37:94:FA:7C:0F:A9:F9:E0:21:B1:61:5E:0D:52:C1:F1:F2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 40FA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1VzhN5T6fA-p-eAhsWFeDVLB8fI.roa
Signing time: Mon 15 Apr 2024 05:22:53 +0000
ROA not before: Mon 15 Apr 2024 05:22:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16634 (0x40fa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 05:22:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D55CE13794FA7C0FA9F9E021B1615E0D52C1F1F2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:ad:61:1e:89:a2:b2:bf:44:71:08:80:50:3a:
90:12:07:9a:02:08:7f:b0:ef:2b:f4:ed:f9:6a:28:
c1:df:41:e2:d5:de:02:53:b7:e9:44:33:16:92:22:
d4:b9:3b:3f:9a:1a:8e:2a:3c:5d:29:73:83:75:0c:
78:d9:a6:2c:83:78:a9:84:98:63:87:5b:81:75:55:
e0:7b:2e:f7:45:92:01:89:ba:3f:52:7c:15:8c:ee:
ca:ef:85:2e:05:ba:27:ed:3c:d6:6e:d6:8b:6b:e1:
ae:94:05:22:c6:1e:12:6c:2d:4e:dc:f0:9a:83:e2:
74:55:41:03:6f:c3:d5:bf:ec:cf:78:e9:a0:3a:81:
d1:3c:ff:ef:a0:12:ed:02:ab:ea:93:4f:30:f0:02:
b3:fb:ba:eb:b9:fb:7f:0d:67:49:d2:1b:e7:ad:e3:
e3:3c:c3:1f:3a:8c:39:54:ed:f9:72:70:3a:12:03:
fb:f6:6d:5b:fb:b5:9a:dd:ea:66:de:09:9b:42:ca:
b3:c2:f5:e1:ae:a0:b4:8b:8b:74:68:e8:1d:f8:50:
46:97:bc:78:ff:8a:6e:a8:1a:8f:27:41:57:56:41:
10:84:5b:a5:d2:7b:94:bc:d3:89:bf:23:8e:2f:e5:
6b:80:1f:1e:db:e9:2e:10:99:b2:28:4a:7e:7d:37:
f7:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:5C:E1:37:94:FA:7C:0F:A9:F9:E0:21:B1:61:5E:0D:52:C1:F1:F2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1VzhN5T6fA-p-eAhsWFeDVLB8fI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
96:af:db:f2:4b:c8:f5:6c:bd:5d:3f:9e:56:c1:fd:fa:d4:10:
3e:4f:87:88:d9:37:6d:55:f1:a1:20:f9:de:6f:8d:ff:e5:df:
01:4c:28:a3:15:58:ce:1f:9a:2a:21:94:cd:92:dd:75:46:45:
7a:2d:0d:e4:72:53:a3:3e:c0:08:d6:35:ae:4c:66:dd:fc:63:
c4:9f:a5:a7:65:31:4c:a4:1d:1c:e3:fc:a4:2f:f1:f9:5d:7d:
e1:f0:b9:d5:0a:f3:e1:f4:90:4f:2a:e3:ad:c2:d5:7f:b1:2b:
54:f2:0a:bf:ae:cc:b4:02:85:b5:d8:b1:41:e4:79:a6:49:cc:
70:a2:b2:1d:61:f9:75:27:f7:e7:48:74:b1:2e:0e:7b:36:fb:
6e:51:f0:37:bc:14:fc:16:f3:ef:35:a0:70:26:62:fa:20:13:
8c:c4:2e:18:ac:61:b6:db:64:e8:f8:88:39:db:2d:65:25:16:
b4:bb:57:e6:63:c7:98:3f:46:b2:7b:40:4b:6e:e0:91:60:3f:
98:b7:19:8a:6b:ba:3f:3b:f4:44:87:a2:fc:6c:eb:94:37:b8:
ab:66:ff:32:2b:09:c5:6c:7e:71:97:48:4f:28:88:bd:b6:b5:
9b:9b:9d:a3:17:ac:08:4b:a2:84:43:09:87:02:98:47:17:00:
0f:e8:8e:cb
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQPowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUw
NTIyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ1NUNFMTM3OTRGQTdD
MEZBOUY5RTAyMUIxNjE1RTBENTJDMUYxRjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8rWEeiaKyv0RxCIBQOpASB5oCCH+w7yv07flqKMHfQeLV3gJT
t+lEMxaSItS5Oz+aGo4qPF0pc4N1DHjZpiyDeKmEmGOHW4F1VeB7LvdFkgGJuj9S
fBWM7srvhS4FuiftPNZu1otr4a6UBSLGHhJsLU7c8JqD4nRVQQNvw9W/7M946aA6
gdE8/++gEu0Cq+qTTzDwArP7uuu5+38NZ0nSG+et4+M8wx86jDlU7flycDoSA/v2
bVv7tZrd6mbeCZtCyrPC9eGuoLSLi3Ro6B34UEaXvHj/im6oGo8nQVdWQRCEW6XS
e5S804m/I44v5WuAHx7b6S4QmbIoSn59N/evAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU1VzhN5T6fA+p+eAhsWFeDVLB8fIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFWemhONVQ2ZkEtcC1l
QWhzV0ZlRFZMQjhmSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAlq/b8kvI9Wy9XT+eVsH9+tQQPk+HiNk3
bVXxoSD53m+N/+XfAUwooxVYzh+aKiGUzZLddUZFei0N5HJToz7ACNY1rkxm3fxj
xJ+lp2UxTKQdHOP8pC/x+V194fC51Qrz4fSQTyrjrcLVf7ErVPIKv67MtAKFtdix
QeR5pknMcKKyHWH5dSf350h0sS4Oezb7blHwN7wU/Bbz7zWgcCZi+iATjMQuGKxh
tttk6PiIOdstZSUWtLtX5mPHmD9GsntAS27gkWA/mLcZimu6Pzv0RIei/GzrlDe4
q2b/MisJxWx+cZdITyiIvba1m5udoxesCEuihEMJhwKYRxcAD+iOyw==
-----END CERTIFICATE-----
Generated at Mon Apr 15 11:57:30 2024 by rpki-client on console.sobornost.net