Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CPVqg-tb8hPjxR2HIeFaVjja7XU.roa
File: CPVqg-tb8hPjxR2HIeFaVjja7XU.roa (raw, json)
Hash identifier: Mxdk1Kn1n6+3uY+wGPvNmH46wbjPUOrO+oSqJtxPiu8=
Subject key identifier: 08:F5:6A:83:EB:5B:F2:13:E3:C5:1D:87:21:E1:5A:56:38:DA:ED:75
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 442A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CPVqg-tb8hPjxR2HIeFaVjja7XU.roa
Signing time: Fri 19 Apr 2024 11:23:02 +0000
ROA not before: Fri 19 Apr 2024 11:23:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17450 (0x442a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 11:23:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=08F56A83EB5BF213E3C51D8721E15A5638DAED75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:d7:98:d7:91:1d:8f:46:a2:af:fa:10:b7:36:
65:9c:23:74:57:4f:75:29:22:e4:2d:f2:f4:a6:9f:
c3:fb:b5:c2:f5:cf:c0:48:d9:79:de:53:24:54:29:
e3:e9:03:40:18:7e:18:65:6e:7b:8d:cc:f0:e9:2b:
2d:6a:19:e2:27:91:45:0a:e4:44:a4:9c:4a:68:9d:
f5:55:1d:57:51:cd:31:2d:7b:9a:d3:8f:43:12:ab:
e6:ad:96:d8:6e:2a:b1:93:cb:1c:51:d3:f5:43:da:
68:1c:25:62:03:af:90:13:5f:b5:d9:e7:15:87:40:
5c:44:e5:fb:ae:fd:6f:8e:3d:bc:79:dd:ed:e8:84:
c2:a4:4c:b9:5a:f4:22:0e:26:3e:00:63:5a:8c:e7:
7f:cc:77:8b:a7:d8:6c:7a:d2:9b:38:d5:62:b4:e0:
8a:b3:f6:74:ba:d7:f6:bc:86:7c:e4:8a:b8:02:5a:
17:ad:d3:61:da:7d:d1:9e:ef:8d:3f:9f:c3:52:1a:
c1:e8:21:f8:ac:c3:28:56:d9:33:e6:ae:42:f0:d8:
78:ac:6c:e8:af:7f:6d:57:b6:bc:22:82:9c:51:a9:
28:62:f0:0b:42:e4:ad:4f:d6:83:1d:03:48:fe:ae:
d1:a3:69:9a:b2:13:aa:02:58:ea:d6:b4:c6:18:ad:
7e:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:F5:6A:83:EB:5B:F2:13:E3:C5:1D:87:21:E1:5A:56:38:DA:ED:75
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CPVqg-tb8hPjxR2HIeFaVjja7XU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
35:8d:0c:b1:56:13:51:8e:d9:c4:47:6f:f2:6f:14:d0:2c:79:
db:b2:ad:44:b1:20:14:a1:87:67:3e:4a:74:0c:29:95:ef:54:
76:86:45:e7:70:d7:91:0f:c2:78:8e:67:3b:c5:7a:54:ea:d2:
bf:bc:98:62:8c:23:9b:dd:f5:b4:3c:ce:66:36:05:48:6f:0d:
f7:81:d4:a0:ea:07:b9:fc:a0:05:81:c0:66:27:94:50:a7:39:
54:42:e4:5b:0e:5e:9e:b6:d5:7a:f7:95:a2:2a:d0:03:ab:6c:
ae:da:b3:d5:c9:33:36:5a:6c:d4:be:23:33:c0:96:f9:08:19:
08:8b:a3:51:5a:39:19:ce:e2:0f:f2:81:42:42:ee:03:18:2e:
54:fe:2d:f0:f1:e5:8b:f7:68:c3:9e:e9:41:05:0e:32:2e:ac:
0c:6e:e1:3e:87:65:48:0a:ed:1d:07:98:d2:32:c9:ec:79:41:
a1:3e:0e:e1:5a:21:80:b2:63:d4:4f:a9:1f:9f:49:8f:7a:9e:
cf:9d:c5:0c:8b:4e:ce:e1:1f:14:2d:15:00:a9:91:97:46:b2:
2d:8e:d0:09:07:49:a5:73:b1:4f:09:76:80:81:7a:5c:03:52:
2a:b2:49:06:98:58:49:8a:4e:fd:56:d4:7a:67:d7:4e:e4:e5:
3d:1a:75:6e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRCowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkx
MTIzMDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA4RjU2QTgzRUI1QkYy
MTNFM0M1MUQ4NzIxRTE1QTU2MzhEQUVENzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQ15jXkR2PRqKv+hC3NmWcI3RXT3UpIuQt8vSmn8P7tcL1z8BI
2XneUyRUKePpA0AYfhhlbnuNzPDpKy1qGeInkUUK5ESknEponfVVHVdRzTEte5rT
j0MSq+atlthuKrGTyxxR0/VD2mgcJWIDr5ATX7XZ5xWHQFxE5fuu/W+OPbx53e3o
hMKkTLla9CIOJj4AY1qM53/Md4un2Gx60ps41WK04Iqz9nS61/a8hnzkirgCWhet
02HafdGe740/n8NSGsHoIfiswyhW2TPmrkLw2HisbOivf21XtrwigpxRqShi8AtC
5K1P1oMdA0j+rtGjaZqyE6oCWOrWtMYYrX73AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUCPVqg+tb8hPjxR2HIeFaVjja7XUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NQVnFnLXRiOGhQanhS
MkhJZUZhVmpqYTdYVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEANY0MsVYTUY7ZxEdv8m8U0Cx527KtRLEg
FKGHZz5KdAwple9UdoZF53DXkQ/CeI5nO8V6VOrSv7yYYowjm931tDzOZjYFSG8N
94HUoOoHufygBYHAZieUUKc5VELkWw5enrbVeveVoirQA6tsrtqz1ckzNlps1L4j
M8CW+QgZCIujUVo5Gc7iD/KBQkLuAxguVP4t8PHli/dow57pQQUOMi6sDG7hPodl
SArtHQeY0jLJ7HlBoT4O4VohgLJj1E+pH59Jj3qez53FDItOzuEfFC0VAKmRl0ay
LY7QCQdJpXOxTwl2gIF6XANSKrJJBphYSYpO/VbUemfXTuTlPRp1bg==
-----END CERTIFICATE-----
Generated at Fri Apr 19 15:09:47 2024 by rpki-client on console.sobornost.net