Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3VhrkWEgGIO7z7DcLhilap9iGSA.roa
File: 3VhrkWEgGIO7z7DcLhilap9iGSA.roa (raw, json)
Hash identifier: ywjzimZJuk/kKuQ++89bLMXiA3LQYkHRc5OO6/5Xbp0=
Subject key identifier: DD:58:6B:91:61:20:18:83:BB:CF:B0:DC:2E:18:A5:6A:9F:62:19:20
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3DC6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3VhrkWEgGIO7z7DcLhilap9iGSA.roa
Signing time: Wed 10 Apr 2024 22:52:43 +0000
ROA not before: Wed 10 Apr 2024 22:52:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15814 (0x3dc6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 22:52:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DD586B9161201883BBCFB0DC2E18A56A9F621920
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:b8:8b:4d:a7:11:27:a9:d1:70:33:08:a4:15:
42:a0:6d:73:18:44:e4:96:62:a4:8e:a3:37:b1:4d:
04:19:f2:2f:45:4c:76:28:11:d5:21:cc:63:d0:65:
a9:42:d8:0d:66:98:52:ad:8b:8f:6e:45:c8:39:51:
5e:09:72:e8:e5:e9:87:5f:b5:87:14:85:7f:f6:77:
cd:68:42:52:2a:5a:61:03:71:56:ea:03:6e:ee:76:
11:ff:20:1e:48:79:aa:ad:c9:6f:ea:a9:a9:98:f1:
08:00:e5:68:5e:c4:33:15:4e:e8:44:4e:92:60:65:
43:f0:e0:e5:8e:b6:69:ec:a7:ac:c5:69:3f:c4:e3:
75:a4:11:16:f4:a2:be:1e:c4:cd:49:db:fb:ae:ca:
ce:3d:92:83:26:7c:98:f5:4d:34:09:4f:79:24:98:
b4:64:78:ea:f3:a0:f1:21:17:48:a4:66:55:43:ab:
8c:41:9f:48:87:97:07:2a:09:fc:fc:1e:82:58:6e:
51:66:f5:ef:1c:70:b2:89:4b:24:3c:0d:53:45:f1:
9c:8f:67:f7:ac:4b:0a:f6:e2:bc:84:ca:7a:f7:11:
70:a0:19:e0:e5:6e:34:a1:4c:07:d1:9f:bc:b3:3e:
63:f1:c5:d7:22:0b:a5:76:f5:a9:80:c5:37:b5:7b:
b5:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:58:6B:91:61:20:18:83:BB:CF:B0:DC:2E:18:A5:6A:9F:62:19:20
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3VhrkWEgGIO7z7DcLhilap9iGSA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ba:a4:62:66:9a:c4:7c:cf:b4:1d:97:11:31:f0:35:e8:10:db:
a6:e1:23:84:a2:69:4b:d6:ef:12:7d:c5:14:a5:34:65:70:8e:
4f:7f:26:93:dd:bd:f7:3b:0f:9f:b5:71:26:db:b7:04:b9:ba:
84:ee:47:99:3e:4a:45:72:63:3a:e3:e2:76:ea:dd:2e:4f:9c:
62:ad:48:9c:c1:47:94:e0:9a:96:98:f0:03:c0:bf:cc:0c:d4:
bc:fa:f8:36:fc:94:7f:d8:b5:97:5c:9c:a7:86:31:bc:7c:f2:
8a:94:3b:13:0c:ca:50:57:85:b3:41:f5:ef:1e:56:93:65:35:
aa:54:27:43:55:e0:a2:5b:88:52:76:b6:b1:e6:b1:61:75:e8:
5a:90:7d:71:24:4c:9c:1f:49:b8:93:83:b7:3b:47:3f:89:e9:
21:96:44:97:61:7f:5b:0c:41:b3:b2:70:08:4a:2f:80:b7:8a:
84:4f:9b:47:f0:70:7c:14:b8:dd:0e:9e:92:ab:eb:31:3b:94:
b8:44:b2:8a:fc:96:d6:06:cd:14:05:b4:a9:c5:b1:fa:00:51:
b3:b7:75:a7:00:65:01:cb:03:ad:da:51:9d:b8:3d:c3:1f:fb:
85:59:0c:4d:29:eb:a5:0f:e5:3c:1f:95:8c:d0:63:1e:72:d4:
6b:6f:06:31
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPcYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAy
MjUyNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERENTg2QjkxNjEyMDE4
ODNCQkNGQjBEQzJFMThBNTZBOUY2MjE5MjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnuItNpxEnqdFwMwikFUKgbXMYROSWYqSOozexTQQZ8i9FTHYo
EdUhzGPQZalC2A1mmFKti49uRcg5UV4Jcujl6YdftYcUhX/2d81oQlIqWmEDcVbq
A27udhH/IB5IeaqtyW/qqamY8QgA5WhexDMVTuhETpJgZUPw4OWOtmnsp6zFaT/E
43WkERb0or4exM1J2/uuys49koMmfJj1TTQJT3kkmLRkeOrzoPEhF0ikZlVDq4xB
n0iHlwcqCfz8HoJYblFm9e8ccLKJSyQ8DVNF8ZyPZ/esSwr24ryEynr3EXCgGeDl
bjShTAfRn7yzPmPxxdciC6V29amAxTe1e7WNAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU3VhrkWEgGIO7z7DcLhilap9iGSAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzNWaHJrV0VnR0lPN3o3
RGNMaGlsYXA5aUdTQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAuqRiZprEfM+0HZcRMfA16BDbpuEjhKJp
S9bvEn3FFKU0ZXCOT38mk9299zsPn7VxJtu3BLm6hO5HmT5KRXJjOuPidurdLk+c
Yq1InMFHlOCalpjwA8C/zAzUvPr4NvyUf9i1l1ycp4YxvHzyipQ7EwzKUFeFs0H1
7x5Wk2U1qlQnQ1XgoluIUna2seaxYXXoWpB9cSRMnB9JuJODtztHP4npIZZEl2F/
WwxBs7JwCEovgLeKhE+bR/BwfBS43Q6ekqvrMTuUuESyivyW1gbNFAW0qcWx+gBR
s7d1pwBlAcsDrdpRnbg9wx/7hVkMTSnrpQ/lPB+VjNBjHnLUa28GMQ==
-----END CERTIFICATE-----
Generated at Thu Apr 11 07:01:24 2024 by rpki-client on console.sobornost.net