Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4i37wfOIUldrEezzCjHIlnSzuJA.roa
File: 4i37wfOIUldrEezzCjHIlnSzuJA.roa (raw, json)
Hash identifier: pkFLqFthRAl9suqG28XQNU4/Q+K1mpxuawjlxFMFjs8=
Subject key identifier: E2:2D:FB:C1:F3:88:52:57:6B:11:EC:F3:0A:31:C8:96:74:B3:B8:90
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 359A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4i37wfOIUldrEezzCjHIlnSzuJA.roa
Signing time: Sun 31 Mar 2024 01:22:12 +0000
ROA not before: Sun 31 Mar 2024 01:22:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13722 (0x359a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 01:22:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E22DFBC1F38852576B11ECF30A31C89674B3B890
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:f9:d5:fe:e0:aa:52:f1:d2:a5:ee:c9:74:f3:
5a:d3:b5:a7:3d:62:e8:fc:f6:9c:27:fb:cb:ad:75:
b7:5b:16:f3:0b:3c:cd:2c:69:dd:2c:09:13:76:d8:
0a:2d:10:31:38:df:b3:93:fc:cd:91:e4:d4:04:0d:
ac:c1:78:90:62:28:36:06:5c:74:09:c7:01:a4:7d:
3f:a1:b8:c6:b7:68:ad:50:fa:65:7b:6d:a7:10:44:
cd:5a:93:31:55:70:18:70:59:fd:83:bd:0d:51:b3:
dd:e0:85:ad:a9:99:97:f4:b0:59:c1:18:3d:bb:85:
b0:f2:ad:a2:c6:52:c7:d1:31:05:e1:56:58:b5:48:
0e:03:61:a0:57:0a:98:f5:9a:90:ea:52:ba:4c:78:
1c:86:24:e1:c4:52:0d:a3:f8:b9:93:63:f2:03:16:
40:08:ea:57:3f:ad:d4:0e:19:8f:b0:a6:a7:25:c6:
76:74:e9:4d:de:b4:1e:d6:99:0a:7f:a7:9b:93:df:
2e:68:be:73:f5:a2:6c:1e:70:32:31:ad:db:a3:09:
14:87:d3:c3:04:51:ec:5e:25:b9:ce:0b:41:19:60:
78:d3:fc:07:aa:ab:73:3c:7f:7b:e2:94:b8:03:a5:
9c:85:50:0e:9b:78:1a:ef:ae:22:38:7d:9e:78:c4:
9d:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:2D:FB:C1:F3:88:52:57:6B:11:EC:F3:0A:31:C8:96:74:B3:B8:90
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4i37wfOIUldrEezzCjHIlnSzuJA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5c:0f:34:93:68:5f:89:c8:a1:5e:4a:21:8b:01:85:88:c5:60:
e8:ac:59:24:25:64:d5:e8:69:8f:11:01:25:e1:7b:4c:36:75:
69:7d:fe:2c:c2:71:38:09:56:cd:52:50:64:c3:78:f8:b8:52:
01:90:17:cd:0c:48:4e:b0:aa:71:f1:ea:7c:65:4a:80:9f:4d:
3f:26:04:19:2d:f8:9b:cd:66:74:a6:3e:7e:a5:05:7c:39:b0:
b5:96:b2:5a:e1:30:60:72:d0:eb:58:f0:51:46:87:9a:de:8e:
bf:16:61:28:b6:0b:db:b5:28:4c:60:dc:8d:c4:bd:be:35:c2:
2e:8b:0f:75:07:83:45:3c:fa:cd:46:7f:7c:06:5b:11:99:46:
e1:a4:5c:5d:0b:0c:f6:f7:1e:99:ca:de:de:99:6f:20:7c:c5:
f8:33:48:8b:f5:77:29:b1:ec:13:5a:3b:79:79:66:e6:14:78:
72:4f:28:bc:80:fb:cc:90:46:4f:de:ca:98:ca:8c:5e:4d:8f:
ac:91:c5:9f:ab:88:88:a4:11:b7:c8:32:4b:c8:8b:59:1c:9f:
1d:da:53:5c:dd:37:0a:3a:12:c3:2b:f3:3e:f5:56:61:7a:c0:
30:50:05:9a:c9:25:86:4e:5d:f7:10:e6:ae:b6:33:9c:e0:3e:
24:bb:46:7e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNZowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
MTIyMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUyMkRGQkMxRjM4ODUy
NTc2QjExRUNGMzBBMzFDODk2NzRCM0I4OTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDD+dX+4KpS8dKl7sl081rTtac9Yuj89pwn+8utdbdbFvMLPM0s
ad0sCRN22AotEDE437OT/M2R5NQEDazBeJBiKDYGXHQJxwGkfT+huMa3aK1Q+mV7
bacQRM1akzFVcBhwWf2DvQ1Rs93gha2pmZf0sFnBGD27hbDyraLGUsfRMQXhVli1
SA4DYaBXCpj1mpDqUrpMeByGJOHEUg2j+LmTY/IDFkAI6lc/rdQOGY+wpqclxnZ0
6U3etB7WmQp/p5uT3y5ovnP1omwecDIxrdujCRSH08MEUexeJbnOC0EZYHjT/Aeq
q3M8f3vilLgDpZyFUA6beBrvriI4fZ54xJ3ZAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU4i37wfOIUldrEezzCjHIlnSzuJAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRpMzd3Zk9JVWxkckVl
enpDakhJbG5TenVKQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAXA80k2hficihXkohiwGFiMVg6KxZJCVk
1ehpjxEBJeF7TDZ1aX3+LMJxOAlWzVJQZMN4+LhSAZAXzQxITrCqcfHqfGVKgJ9N
PyYEGS34m81mdKY+fqUFfDmwtZayWuEwYHLQ61jwUUaHmt6OvxZhKLYL27UoTGDc
jcS9vjXCLosPdQeDRTz6zUZ/fAZbEZlG4aRcXQsM9vcemcre3plvIHzF+DNIi/V3
KbHsE1o7eXlm5hR4ck8ovID7zJBGT97KmMqMXk2PrJHFn6uIiKQRt8gyS8iLWRyf
HdpTXN03CjoSwyvzPvVWYXrAMFAFmsklhk5d9xDmrrYznOA+JLtGfg==
-----END CERTIFICATE-----
Generated at Sun Mar 31 06:26:09 2024 by rpki-client on console.sobornost.net