Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/20ru1HetCuPXO8NvwHaWfTJHHIU.roa
File: 20ru1HetCuPXO8NvwHaWfTJHHIU.roa (raw, json)
Hash identifier: 2owAUUe5uLiqi6KpXLDtDsfSDKBrUoV01ytXxTFQJA8=
Subject key identifier: DB:4A:EE:D4:77:AD:0A:E3:D7:3B:C3:6F:C0:76:96:7D:32:47:1C:85
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 383A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/20ru1HetCuPXO8NvwHaWfTJHHIU.roa
Signing time: Wed 03 Apr 2024 13:22:18 +0000
ROA not before: Wed 03 Apr 2024 13:22:18 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14394 (0x383a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 3 13:22:18 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DB4AEED477AD0AE3D73BC36FC076967D32471C85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:15:e3:33:39:9c:5f:12:54:41:08:7f:6d:92:
c6:ff:cc:59:aa:2c:33:17:98:a1:21:d5:09:b3:eb:
9d:b3:95:a3:43:5d:9e:73:c2:60:84:68:45:e0:f4:
bc:f2:23:25:81:35:a6:04:59:79:94:eb:10:fc:06:
e7:38:6d:6c:2b:42:15:54:21:49:8f:2b:98:b4:a0:
ce:70:a3:47:fa:e1:70:06:d9:d0:e9:00:e5:f5:49:
86:28:51:1f:39:c8:05:f4:f8:41:b5:23:52:90:7a:
1a:54:c1:06:f9:6f:d8:6b:8c:3c:0e:e9:a2:de:75:
cd:79:3c:7c:79:82:1b:78:3d:3a:b5:8a:95:9f:ba:
f0:2e:61:4a:86:c7:ef:01:91:95:8b:3b:f5:50:2d:
6c:34:46:3b:d8:2e:6c:9c:cf:89:63:1f:67:82:de:
06:81:95:cb:87:fa:42:97:ee:69:c5:5f:26:aa:50:
16:2d:74:86:11:46:27:ff:18:67:30:5d:2c:5c:fa:
1d:bc:14:51:82:77:98:eb:5d:13:54:80:a2:fa:5a:
bd:7a:42:45:c0:66:18:d7:a5:98:d7:cb:85:19:06:
f4:d7:e1:63:e7:0b:1d:95:cc:25:2e:6d:d4:5f:99:
fe:93:ea:f6:da:bb:85:e3:6e:16:cb:6e:9c:9f:43:
03:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:4A:EE:D4:77:AD:0A:E3:D7:3B:C3:6F:C0:76:96:7D:32:47:1C:85
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/20ru1HetCuPXO8NvwHaWfTJHHIU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
34:3a:09:ba:e4:c0:54:c6:c0:b8:29:90:c6:75:e1:50:d1:53:
31:21:f8:77:e8:9f:da:b8:a3:5a:4a:c3:a2:dd:43:7e:b6:96:
1b:e5:4e:4e:11:70:15:f9:dd:2a:09:b5:51:36:cd:da:4f:f5:
47:30:1c:62:15:a4:2b:af:a7:cb:c6:6b:55:d2:26:c2:ce:b0:
97:e7:52:fa:52:ec:79:76:1c:6d:0a:7e:38:c5:8e:10:ee:85:
36:a3:a2:ef:88:59:8a:15:33:8b:89:95:77:43:d1:ff:c9:3d:
fc:19:f9:17:9a:8c:42:35:53:38:b5:b6:26:95:93:8f:b5:ae:
34:87:66:d7:3e:12:a7:27:f0:94:2a:82:9d:3e:13:1a:26:3d:
37:2f:25:91:cb:3f:e4:64:91:06:13:06:97:d1:dc:13:b5:ca:
84:7d:6d:4e:f1:30:b2:66:3a:6f:1d:45:92:b2:e9:7b:5b:0c:
28:18:97:21:94:d0:69:1b:49:fe:7f:d8:58:7a:31:d4:55:8d:
cc:0f:b9:d7:9f:fc:b8:ed:39:70:f5:72:9e:e3:72:6c:d5:21:
a9:ad:06:e8:99:69:58:4e:83:ab:98:bb:3b:94:85:df:30:e2:
16:1c:27:9b:49:a9:23:12:f8:3b:d2:95:79:bd:a0:13:13:9e:
a5:0e:0f:c4
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICODowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDMx
MzIyMThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERCNEFFRUQ0NzdBRDBB
RTNENzNCQzM2RkMwNzY5NjdEMzI0NzFDODUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD1FeMzOZxfElRBCH9tksb/zFmqLDMXmKEh1Qmz652zlaNDXZ5z
wmCEaEXg9LzyIyWBNaYEWXmU6xD8Buc4bWwrQhVUIUmPK5i0oM5wo0f64XAG2dDp
AOX1SYYoUR85yAX0+EG1I1KQehpUwQb5b9hrjDwO6aLedc15PHx5ght4PTq1ipWf
uvAuYUqGx+8BkZWLO/VQLWw0RjvYLmycz4ljH2eC3gaBlcuH+kKX7mnFXyaqUBYt
dIYRRif/GGcwXSxc+h28FFGCd5jrXRNUgKL6Wr16QkXAZhjXpZjXy4UZBvTX4WPn
Cx2VzCUubdRfmf6T6vbau4XjbhbLbpyfQwOPAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU20ru1HetCuPXO8NvwHaWfTJHHIUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzIwcnUxSGV0Q3VQWE84
TnZ3SGFXZlRKSEhJVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEANDoJuuTAVMbAuCmQxnXhUNFTMSH4d+if
2rijWkrDot1DfraWG+VOThFwFfndKgm1UTbN2k/1RzAcYhWkK6+ny8ZrVdImws6w
l+dS+lLseXYcbQp+OMWOEO6FNqOi74hZihUzi4mVd0PR/8k9/Bn5F5qMQjVTOLW2
JpWTj7WuNIdm1z4SpyfwlCqCnT4TGiY9Ny8lkcs/5GSRBhMGl9HcE7XKhH1tTvEw
smY6bx1FkrLpe1sMKBiXIZTQaRtJ/n/YWHox1FWNzA+515/8uO05cPVynuNybNUh
qa0G6JlpWE6Dq5i7O5SF3zDiFhwnm0mpIxL4O9KVeb2gExOepQ4PxA==
-----END CERTIFICATE-----
Generated at Wed Apr 3 20:02:37 2024 by rpki-client on console.sobornost.net