Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2OeEV0sCFOITTGOC3VgjCxgnxkk.roa
File: 2OeEV0sCFOITTGOC3VgjCxgnxkk.roa (raw, json)
Hash identifier: NjecWVQthHWqeOBcvi4u3KsKWl/M5+3Z9dVyysCg/uU=
Subject key identifier: D8:E7:84:57:4B:02:14:E2:13:4C:63:82:DD:58:23:0B:18:27:C6:49
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 38F6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2OeEV0sCFOITTGOC3VgjCxgnxkk.roa
Signing time: Thu 04 Apr 2024 12:52:20 +0000
ROA not before: Thu 04 Apr 2024 12:52:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14582 (0x38f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 4 12:52:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D8E784574B0214E2134C6382DD58230B1827C649
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:87:a8:9f:1e:95:f2:6f:9e:48:13:d9:54:0d:
83:70:7f:12:e0:7e:db:25:2c:32:25:cb:4c:64:8c:
db:0a:e1:66:74:2a:07:cd:ea:38:d1:24:a1:12:c9:
64:07:51:5f:42:22:10:b3:a4:f1:c2:e4:81:1c:52:
73:8d:79:16:3c:c2:4c:49:b3:26:eb:24:3c:8e:b5:
b4:d7:a4:ee:60:69:92:11:90:9d:7e:be:5f:40:5c:
80:57:c3:fb:e6:9b:47:05:9d:87:f5:2e:2b:3d:cc:
ea:f1:62:1f:24:7d:79:f2:32:fe:d0:f6:b1:28:b5:
e7:02:4b:f4:96:ab:9b:3e:9f:8d:ad:85:c4:d9:a6:
51:81:3e:b6:84:3b:93:00:4f:36:38:2c:49:9d:60:
12:bf:a3:84:f2:16:32:43:6f:f6:c3:7d:35:bc:a3:
5d:f0:7e:4c:bb:ff:90:3f:59:47:45:4f:75:3f:da:
96:57:cf:05:1b:4b:1e:ba:3f:34:20:fa:b6:b9:b6:
d0:5c:33:75:d0:e9:27:d9:6d:f2:e0:7c:13:7b:cb:
2f:88:83:8e:76:d5:b1:1d:16:20:2b:82:c2:cf:4d:
5d:ac:85:d7:05:ba:72:d2:e5:a4:d3:0f:13:cc:7e:
da:89:bf:d7:84:2e:79:e9:b7:92:4f:84:e3:35:43:
90:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:E7:84:57:4B:02:14:E2:13:4C:63:82:DD:58:23:0B:18:27:C6:49
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2OeEV0sCFOITTGOC3VgjCxgnxkk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
10:ef:45:2c:4a:d9:03:08:3a:6b:73:68:54:78:40:db:5a:03:
22:8b:b5:09:6a:fc:a0:f4:61:a5:0a:75:55:10:70:e0:08:a0:
27:88:dd:64:c0:31:96:81:3c:32:b2:c5:fc:20:d8:0c:de:9b:
21:6c:35:93:6e:06:af:bd:32:f8:6c:2f:8c:45:b9:f8:7a:e7:
4e:c8:80:63:e6:01:11:ae:bf:c3:8a:07:c2:cf:2a:95:83:5c:
87:c8:46:21:18:3d:d3:3d:be:c6:39:df:36:e6:07:28:e0:2a:
28:0a:8f:d7:63:98:b2:3e:f8:af:42:21:b7:5f:35:3d:e3:e6:
35:5c:70:4e:4b:46:ef:a5:71:d8:55:44:af:23:f6:e5:dc:dd:
8e:a9:97:da:0a:12:26:5d:db:0b:05:bb:96:75:30:e4:eb:34:
31:80:1c:7d:18:60:b0:86:81:89:e0:aa:9e:ca:c8:b8:7d:48:
97:7a:c7:a6:04:1d:cd:0b:42:29:ae:85:8d:3f:f0:31:61:f1:
1c:ab:b8:fc:21:1b:87:ba:68:66:0a:58:e0:f8:46:cf:86:06:
ac:a8:07:39:c6:d5:9e:e7:74:3c:8a:a9:56:c5:f8:56:2a:df:
49:e2:e8:c6:b4:44:5e:87:f4:64:21:b1:20:9b:1c:d9:39:80:
19:f4:e8:77
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOPYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDQx
MjUyMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ4RTc4NDU3NEIwMjE0
RTIxMzRDNjM4MkRENTgyMzBCMTgyN0M2NDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7h6ifHpXyb55IE9lUDYNwfxLgftslLDIly0xkjNsK4WZ0KgfN
6jjRJKESyWQHUV9CIhCzpPHC5IEcUnONeRY8wkxJsybrJDyOtbTXpO5gaZIRkJ1+
vl9AXIBXw/vmm0cFnYf1Lis9zOrxYh8kfXnyMv7Q9rEotecCS/SWq5s+n42thcTZ
plGBPraEO5MATzY4LEmdYBK/o4TyFjJDb/bDfTW8o13wfky7/5A/WUdFT3U/2pZX
zwUbSx66PzQg+ra5ttBcM3XQ6SfZbfLgfBN7yy+Ig4521bEdFiArgsLPTV2shdcF
unLS5aTTDxPMftqJv9eELnnpt5JPhOM1Q5ArAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU2OeEV0sCFOITTGOC3VgjCxgnxkkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJPZUVWMHNDRk9JVFRH
T0MzVmdqQ3hnbnhray5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAEO9FLErZAwg6a3NoVHhA21oDIou1CWr8
oPRhpQp1VRBw4AigJ4jdZMAxloE8MrLF/CDYDN6bIWw1k24Gr70y+GwvjEW5+Hrn
TsiAY+YBEa6/w4oHws8qlYNch8hGIRg90z2+xjnfNuYHKOAqKAqP12OYsj74r0Ih
t181PePmNVxwTktG76Vx2FVEryP25dzdjqmX2goSJl3bCwW7lnUw5Os0MYAcfRhg
sIaBieCqnsrIuH1Il3rHpgQdzQtCKa6FjT/wMWHxHKu4/CEbh7poZgpY4PhGz4YG
rKgHOcbVnud0PIqpVsX4VirfSeLoxrREXof0ZCGxIJsc2TmAGfTodw==
-----END CERTIFICATE-----
Generated at Thu Apr 4 19:57:51 2024 by rpki-client on console.sobornost.net