Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/G--VqdvHL2bU6_IJYGDxGECfZ48.roa
File: G--VqdvHL2bU6_IJYGDxGECfZ48.roa (raw, json)
Hash identifier: Y8xGuBK/ohHdXOJsdYtv+lnFmyfRyzK6BJQcH7a382o=
Subject key identifier: 1B:EF:95:A9:DB:C7:2F:66:D4:EB:F2:09:60:60:F1:18:40:9F:67:8F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5362
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G--VqdvHL2bU6_IJYGDxGECfZ48.roa
Signing time: Thu 09 May 2024 18:23:58 +0000
ROA not before: Thu 09 May 2024 18:23:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21346 (0x5362)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 18:23:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1BEF95A9DBC72F66D4EBF2096060F118409F678F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:8d:9a:15:f6:93:1d:9e:02:aa:90:3b:1f:cc:
db:7f:06:ba:e8:39:a6:65:44:40:9e:f9:62:cc:64:
bc:7a:7e:10:b6:f7:07:02:88:5a:31:d5:8f:32:9f:
0b:e4:4a:44:07:1d:e3:d8:77:ff:82:28:67:df:45:
b4:ca:a5:45:dc:7f:cc:90:cf:6d:56:9e:ee:a9:4d:
e2:0a:87:6f:c2:92:32:7b:fc:64:c9:9a:a0:67:49:
96:9a:58:c7:85:cb:61:26:6d:f1:d9:53:9c:20:de:
d8:d0:e9:90:0a:87:8e:f4:d7:d4:6b:5e:26:db:47:
b9:5d:db:92:89:d4:74:d6:ea:72:d3:38:0d:8e:ea:
ba:91:9d:aa:d9:36:d9:a0:88:32:09:5c:2a:44:51:
2e:9c:5f:d0:a3:47:57:2b:ab:96:9d:8e:1d:1b:82:
86:32:cf:18:55:46:ee:27:af:35:16:dc:2c:47:2f:
6b:11:68:8e:64:8d:ac:fb:06:06:5a:7f:c9:87:f8:
b1:99:8f:55:e8:4d:26:fe:bb:66:b7:2d:2b:e8:9c:
e7:b8:35:34:85:19:7f:7e:62:a4:e3:d9:18:d8:fd:
e5:5c:8f:38:36:70:be:2c:c9:de:38:13:86:75:d5:
89:91:9d:1d:53:f0:52:7c:26:72:c2:24:b7:2a:9a:
48:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:EF:95:A9:DB:C7:2F:66:D4:EB:F2:09:60:60:F1:18:40:9F:67:8F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G--VqdvHL2bU6_IJYGDxGECfZ48.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
72:e1:7a:21:c3:7d:0c:1d:d0:39:75:ff:86:ba:b4:5b:e4:75:
c7:ca:74:e7:f8:55:51:5a:a7:03:ae:c0:cc:3a:80:bf:f9:ed:
5a:73:f5:e6:c7:0b:f5:8e:2c:85:bb:d6:80:2f:5c:cf:42:4a:
69:76:4d:66:b3:4d:54:b2:6b:36:1e:9e:df:f7:e0:5d:a7:41:
2f:54:7b:a0:a1:58:47:57:21:2c:e3:c7:a3:47:4a:c7:63:4b:
4f:e6:ed:ba:80:31:56:f9:63:56:fa:7c:e0:d4:e0:f9:f0:2a:
64:39:33:45:09:a8:74:7e:86:7a:b9:b0:f4:40:6c:7e:4a:a0:
7a:2c:30:a5:ba:ab:9b:41:3e:be:20:8a:92:62:53:6c:86:27:
bc:88:1b:f0:74:54:ef:c5:6f:71:05:16:14:c5:af:22:79:d5:
88:9a:0d:34:03:ac:2e:87:e5:90:23:ea:a3:c2:f6:a0:89:fb:
61:8f:31:82:69:26:1e:8a:31:eb:31:f5:d8:7b:3c:b9:59:6c:
eb:de:6d:0c:22:18:85:c4:84:f0:a4:c9:2a:b4:d5:ee:96:ac:
29:8c:64:08:56:56:03:65:72:37:40:0a:ad:b9:1a:5c:22:b3:
5d:c4:89:55:65:ea:bd:51:8f:e3:2e:0f:86:2d:ef:78:4c:3f:
0a:3e:0c:87
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICU2IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDkx
ODIzNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFCRUY5NUE5REJDNzJG
NjZENEVCRjIwOTYwNjBGMTE4NDA5RjY3OEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFjZoV9pMdngKqkDsfzNt/BrroOaZlRECe+WLMZLx6fhC29wcC
iFox1Y8ynwvkSkQHHePYd/+CKGffRbTKpUXcf8yQz21Wnu6pTeIKh2/CkjJ7/GTJ
mqBnSZaaWMeFy2EmbfHZU5wg3tjQ6ZAKh47019RrXibbR7ld25KJ1HTW6nLTOA2O
6rqRnarZNtmgiDIJXCpEUS6cX9CjR1crq5adjh0bgoYyzxhVRu4nrzUW3CxHL2sR
aI5kjaz7BgZaf8mH+LGZj1XoTSb+u2a3LSvonOe4NTSFGX9+YqTj2RjY/eVcjzg2
cL4syd44E4Z11YmRnR1T8FJ8JnLCJLcqmkirAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUG++VqdvHL2bU6/IJYGDxGECfZ48wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ctLVZxZHZITDJiVTZf
SUpZR0R4R0VDZlo0OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAcuF6IcN9DB3QOXX/hrq0W+R1x8p05/hV
UVqnA67AzDqAv/ntWnP15scL9Y4shbvWgC9cz0JKaXZNZrNNVLJrNh6e3/fgXadB
L1R7oKFYR1chLOPHo0dKx2NLT+btuoAxVvljVvp84NTg+fAqZDkzRQmodH6Germw
9EBsfkqgeiwwpbqrm0E+viCKkmJTbIYnvIgb8HRU78VvcQUWFMWvInnViJoNNAOs
LoflkCPqo8L2oIn7YY8xgmkmHoox6zH12Hs8uVls695tDCIYhcSE8KTJKrTV7pas
KYxkCFZWA2VyN0AKrbkaXCKzXcSJVWXqvVGP4y4Phi3veEw/Cj4Mhw==
-----END CERTIFICATE-----
Generated at Fri May 10 00:19:25 2024 by rpki-client on console.sobornost.net