Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/5l_VfBbt96CFIMYiOE1A1zUTMqg.roa
File: 5l_VfBbt96CFIMYiOE1A1zUTMqg.roa (raw, json)
Hash identifier: rOkcYA6jRIijs+E1AZ0GxDhSzeG0nFcvL03Za2G619c=
Subject key identifier: E6:5F:D5:7C:16:ED:F7:A0:85:20:C6:22:38:4D:40:D7:35:13:32:A8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3AFE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5l_VfBbt96CFIMYiOE1A1zUTMqg.roa
Signing time: Sun 07 Apr 2024 05:52:29 +0000
ROA not before: Sun 07 Apr 2024 05:52:29 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15102 (0x3afe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 05:52:29 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E65FD57C16EDF7A08520C622384D40D7351332A8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:a4:ef:3b:df:7d:52:9e:08:e0:03:fa:26:cf:
89:71:45:bb:40:79:db:64:98:c7:9e:a9:ac:da:54:
58:6a:b6:20:54:02:79:e0:54:40:b0:c5:8b:ad:36:
d0:a8:44:a4:d2:6a:87:7d:df:4b:91:b0:d3:10:ce:
d0:46:d0:2f:80:d8:6c:b5:11:a6:88:f0:8c:44:6b:
21:0d:e1:d9:5a:fd:e3:19:f7:c1:a2:71:93:cf:85:
ef:ad:e2:0a:34:f9:6e:0a:c5:11:57:3b:f9:fc:3f:
3d:24:f7:39:28:f2:da:be:61:da:2f:fe:d6:09:5d:
5a:da:97:4e:03:bc:bc:e1:84:70:ad:27:4b:76:29:
b4:c7:54:f9:5f:de:6e:76:6d:91:1a:74:5f:0b:37:
86:b1:39:31:0d:1e:62:f7:99:bd:97:0b:50:a6:31:
47:0c:e4:09:1c:24:f9:40:c3:4a:1f:b5:e5:07:a8:
f9:ef:61:58:c0:08:67:4c:ac:8b:8f:2c:d5:35:a7:
ea:5c:40:56:95:7e:2d:8a:ad:46:51:68:4a:9e:8c:
9a:a7:e5:23:8c:2b:30:d7:4c:a8:12:a7:d9:db:86:
c0:10:ee:0e:00:10:9e:0e:8e:1a:06:a5:81:3c:ea:
c4:bc:5b:e1:06:11:c5:19:f8:6c:c9:ca:87:f8:33:
38:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:5F:D5:7C:16:ED:F7:A0:85:20:C6:22:38:4D:40:D7:35:13:32:A8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5l_VfBbt96CFIMYiOE1A1zUTMqg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
98:e2:92:e3:91:71:8a:e9:99:98:52:ef:27:4e:c2:a7:ab:47:
2c:7d:a0:10:3e:a5:55:bc:5a:bf:75:29:ac:c4:6a:c4:77:11:
f6:c7:75:ed:c5:16:ca:ad:af:71:ba:ea:c1:29:39:0c:cd:6e:
14:b0:00:f6:a5:a6:3e:42:af:94:3d:04:24:60:04:c3:5d:9c:
00:27:d5:96:71:1f:b2:97:e6:ca:51:c8:6f:40:ee:df:0f:d2:
33:48:64:e0:4a:3a:17:88:d5:c6:db:79:89:49:a1:38:11:29:
9d:ef:1a:23:5b:b2:aa:5d:0e:4e:80:16:a5:e7:4b:72:7b:f6:
4f:1f:47:c7:f1:db:1c:d1:6c:9e:02:ec:64:ff:d4:de:1b:b4:
69:10:05:fd:16:7e:58:64:cd:de:48:8b:8d:dd:3a:19:2f:e9:
96:01:32:4a:53:a3:7d:f9:0f:96:8e:19:22:76:c7:32:d3:a7:
b4:99:cc:db:9a:ef:be:ce:bf:97:68:3f:85:79:65:2c:d9:3b:
6e:32:25:4e:98:f8:be:a4:ec:b9:07:30:4e:48:14:55:bc:8e:
29:7f:55:c4:41:93:65:ec:03:5a:50:11:48:3e:4d:4b:a8:f9:
9d:db:5a:5a:97:92:2a:89:95:ca:5c:90:a3:be:49:80:2a:e6:
d7:5d:0e:6e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOv4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcw
NTUyMjlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU2NUZENTdDMTZFREY3
QTA4NTIwQzYyMjM4NEQ0MEQ3MzUxMzMyQTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtpO87331SngjgA/omz4lxRbtAedtkmMeeqazaVFhqtiBUAnng
VECwxYutNtCoRKTSaod930uRsNMQztBG0C+A2Gy1EaaI8IxEayEN4dla/eMZ98Gi
cZPPhe+t4go0+W4KxRFXO/n8Pz0k9zko8tq+Ydov/tYJXVral04DvLzhhHCtJ0t2
KbTHVPlf3m52bZEadF8LN4axOTENHmL3mb2XC1CmMUcM5AkcJPlAw0ofteUHqPnv
YVjACGdMrIuPLNU1p+pcQFaVfi2KrUZRaEqejJqn5SOMKzDXTKgSp9nbhsAQ7g4A
EJ4OjhoGpYE86sS8W+EGEcUZ+GzJyof4MzjLAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU5l/VfBbt96CFIMYiOE1A1zUTMqgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzVsX1ZmQmJ0OTZDRklN
WWlPRTFBMXpVVE1xZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAmOKS45FxiumZmFLvJ07Cp6tHLH2gED6l
Vbxav3UprMRqxHcR9sd17cUWyq2vcbrqwSk5DM1uFLAA9qWmPkKvlD0EJGAEw12c
ACfVlnEfspfmylHIb0Du3w/SM0hk4Eo6F4jVxtt5iUmhOBEpne8aI1uyql0OToAW
pedLcnv2Tx9Hx/HbHNFsngLsZP/U3hu0aRAF/RZ+WGTN3kiLjd06GS/plgEySlOj
ffkPlo4ZInbHMtOntJnM25rvvs6/l2g/hXllLNk7bjIlTpj4vqTsuQcwTkgUVbyO
KX9VxEGTZewDWlARSD5NS6j5ndtaWpeSKomVylyQo75JgCrm110Obg==
-----END CERTIFICATE-----
Generated at Sun Apr 7 10:54:57 2024 by rpki-client on console.sobornost.net