Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8VbOkMt3WRGozgUgcDq046bIIAQ.roa
File: 8VbOkMt3WRGozgUgcDq046bIIAQ.roa (raw, json)
Hash identifier: rX5xXjiLqZFIBK2u71fZ3Ht95RkXMUkcCgDSHPMHMX0=
Subject key identifier: F1:56:CE:90:CB:77:59:11:A8:CE:05:20:70:3A:B4:E3:A6:C8:20:04
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3D76
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8VbOkMt3WRGozgUgcDq046bIIAQ.roa
Signing time: Wed 10 Apr 2024 12:52:41 +0000
ROA not before: Wed 10 Apr 2024 12:52:41 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15734 (0x3d76)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 12:52:41 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F156CE90CB775911A8CE0520703AB4E3A6C82004
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:00:67:94:51:17:ca:01:5e:d2:2e:fe:e1:71:
15:0e:16:ee:2e:b9:02:dd:08:7d:9b:c7:77:1c:d4:
aa:ff:3e:a5:90:b6:7e:20:05:90:8b:ea:a3:fb:6c:
a8:86:92:de:c3:59:8b:2f:ef:b9:60:bd:44:fb:fd:
4a:55:00:3f:38:92:77:f8:bb:d0:01:72:eb:f4:d3:
69:74:30:ab:74:8d:52:68:54:f8:47:ad:f6:1c:f1:
39:af:c3:73:a7:03:0d:38:e1:6e:8c:0b:3c:d2:f4:
1a:57:fb:f1:01:6a:88:89:65:35:38:b5:fb:4f:a6:
d8:21:ae:0c:6b:f0:82:68:74:b2:32:b8:56:8f:93:
fe:4d:ed:76:20:1f:45:0b:da:b7:30:08:b7:5c:e3:
ed:89:5a:9f:06:a9:be:92:19:bf:af:8b:30:6f:d6:
9f:4a:6e:80:a7:70:2c:e2:a1:c7:b9:dc:44:c0:c9:
5e:e9:74:9b:53:d1:95:26:ee:7f:e2:33:d2:39:38:
4f:13:9a:87:b0:f8:31:de:a7:44:0e:ed:e0:71:d5:
cf:82:4f:20:4d:24:b0:83:ee:93:57:70:90:18:b1:
f4:2f:9d:22:70:15:c4:25:e6:97:88:0a:c9:c0:53:
b2:2a:d7:75:c6:71:14:ff:92:95:09:0d:32:94:da:
de:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:56:CE:90:CB:77:59:11:A8:CE:05:20:70:3A:B4:E3:A6:C8:20:04
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8VbOkMt3WRGozgUgcDq046bIIAQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
19:55:64:3d:f2:10:3d:6a:6a:49:eb:3c:69:9b:08:4c:b9:75:
47:b3:63:dc:b5:80:04:0f:6b:64:4f:48:b5:56:5a:b4:72:c5:
8a:9d:20:3e:71:a5:46:28:05:a6:1e:85:f8:24:3e:05:6e:0e:
ea:6e:f2:66:ea:1b:8c:b1:d7:50:df:39:09:0b:74:18:a9:c8:
45:84:73:b8:8c:c0:7d:ff:0d:4e:db:77:51:2a:71:7b:47:23:
84:75:5c:77:f8:43:08:8d:3e:28:49:71:ea:a1:84:07:bb:61:
1c:98:50:6d:32:94:15:f8:68:ce:ac:23:61:b3:62:85:88:64:
88:33:00:60:78:15:8e:46:40:42:43:38:ee:f0:24:6e:6e:7f:
00:bc:12:21:a5:bd:b5:c8:24:36:73:3d:a7:38:f1:49:78:c9:
c5:52:a6:37:6a:f3:a1:0a:68:ad:fc:b8:1f:64:e5:03:38:55:
e2:06:5b:44:eb:a1:cb:f8:c9:d9:76:bf:27:fd:23:63:fc:c7:
94:b8:a7:8e:fe:3c:38:5a:24:84:39:48:26:c5:bc:ab:4b:95:
29:a2:60:3e:ca:4b:48:ec:f4:66:3a:18:17:63:1e:80:5a:97:
87:84:b7:b7:09:c2:a9:87:cb:8f:e9:a4:d2:70:f1:34:20:4a:
89:17:31:a8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPXYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAx
MjUyNDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEYxNTZDRTkwQ0I3NzU5
MTFBOENFMDUyMDcwM0FCNEUzQTZDODIwMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAAGeUURfKAV7SLv7hcRUOFu4uuQLdCH2bx3cc1Kr/PqWQtn4g
BZCL6qP7bKiGkt7DWYsv77lgvUT7/UpVAD84knf4u9ABcuv002l0MKt0jVJoVPhH
rfYc8Tmvw3OnAw044W6MCzzS9BpX+/EBaoiJZTU4tftPptghrgxr8IJodLIyuFaP
k/5N7XYgH0UL2rcwCLdc4+2JWp8Gqb6SGb+vizBv1p9KboCncCzioce53ETAyV7p
dJtT0ZUm7n/iM9I5OE8Tmoew+DHep0QO7eBx1c+CTyBNJLCD7pNXcJAYsfQvnSJw
FcQl5peICsnAU7Iq13XGcRT/kpUJDTKU2t4XAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU8VbOkMt3WRGozgUgcDq046bIIAQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhWYk9rTXQzV1JHb3pn
VWdjRHEwNDZiSUlBUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAGVVkPfIQPWpqSes8aZsITLl1R7Nj3LWA
BA9rZE9ItVZatHLFip0gPnGlRigFph6F+CQ+BW4O6m7yZuobjLHXUN85CQt0GKnI
RYRzuIzAff8NTtt3USpxe0cjhHVcd/hDCI0+KElx6qGEB7thHJhQbTKUFfhozqwj
YbNihYhkiDMAYHgVjkZAQkM47vAkbm5/ALwSIaW9tcgkNnM9pzjxSXjJxVKmN2rz
oQporfy4H2TlAzhV4gZbROuhy/jJ2Xa/J/0jY/zHlLinjv48OFokhDlIJsW8q0uV
KaJgPspLSOz0ZjoYF2MegFqXh4S3twnCqYfLj+mk0nDxNCBKiRcxqA==
-----END CERTIFICATE-----
Generated at Wed Apr 10 19:53:41 2024 by rpki-client on console.sobornost.net