Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KdFPGIv_P6JvYH5T_vchFZ5Sfug.roa
File: KdFPGIv_P6JvYH5T_vchFZ5Sfug.roa (raw, json)
Hash identifier: Qz1DyiKNpiRSHHo9jFkcr1les9wL0O0E3+FG64+vrRo=
Subject key identifier: 29:D1:4F:18:8B:FF:3F:A2:6F:60:7E:53:FE:F7:21:15:9E:52:7E:E8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 32E2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KdFPGIv_P6JvYH5T_vchFZ5Sfug.roa
Signing time: Wed 27 Mar 2024 10:22:23 +0000
ROA not before: Wed 27 Mar 2024 10:22:23 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13026 (0x32e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 27 10:22:23 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=29D14F188BFF3FA26F607E53FEF721159E527EE8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:c3:a9:2d:e2:ec:c1:22:fb:02:88:43:6a:36:
c6:4e:f4:64:dd:09:51:a0:14:00:72:57:99:cf:fa:
de:8b:06:50:b0:41:95:28:25:dc:f3:7f:4b:79:95:
e6:f6:f0:83:24:13:16:45:cd:f1:7d:32:fa:5e:6b:
94:53:d6:40:da:87:59:0d:26:49:b0:1a:c5:61:74:
2c:d2:00:5f:8b:22:bd:a1:30:39:07:1b:94:c9:cf:
ab:15:b5:64:d1:af:52:25:0e:24:35:4f:53:60:ac:
84:73:93:77:0c:bd:63:10:bd:2b:d1:83:6c:53:61:
ec:dc:55:07:47:5a:d0:70:2e:6f:3e:94:20:78:f2:
e0:92:be:9d:1c:10:56:4d:3c:a7:55:2c:73:10:68:
7d:28:bd:59:ed:69:3e:49:8c:b1:d8:99:ee:80:c5:
c7:9c:39:ce:6e:97:60:c0:42:a6:98:ff:27:7d:1a:
07:53:1a:14:16:13:e7:55:90:17:f2:37:a1:12:26:
43:c3:4f:0f:87:69:7e:87:3a:9a:fa:91:c0:41:13:
78:5e:03:65:2f:19:ae:6a:4e:4f:84:0a:6a:4b:12:
b2:06:da:a1:f1:a7:47:eb:54:f1:33:2a:6c:5d:d7:
a5:0b:2d:33:b6:3f:0a:75:37:46:40:a8:47:a7:2e:
5c:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:D1:4F:18:8B:FF:3F:A2:6F:60:7E:53:FE:F7:21:15:9E:52:7E:E8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KdFPGIv_P6JvYH5T_vchFZ5Sfug.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
42:d5:de:83:3e:c0:d0:d2:44:5d:61:f9:78:cf:4a:94:14:b0:
e4:9e:aa:3d:a7:d7:ed:7f:f8:76:8a:b6:a3:cd:98:f0:ff:0a:
3b:f9:46:7a:9f:26:c0:5b:7b:76:7f:8e:a1:ab:31:73:3e:13:
ca:bf:26:f9:5e:69:9e:8e:8b:50:a4:c9:cf:32:f1:b1:f5:f3:
0a:cc:c5:f3:c5:26:87:c4:e6:2b:27:a8:54:3d:0e:36:69:f1:
17:a6:81:5b:0e:96:47:14:d1:e3:76:75:1b:13:64:e0:7e:45:
fc:c3:00:d8:eb:94:6d:08:31:47:60:03:76:c4:97:72:db:56:
bb:83:9d:44:79:32:dd:6e:da:a5:08:0a:37:2e:a4:80:fb:15:
db:e7:95:08:56:d1:4d:eb:7d:18:29:a8:28:7a:97:48:6f:a1:
9b:b0:83:3a:c7:72:f4:78:7e:ae:9f:5f:6c:17:82:de:e7:f9:
ff:18:07:f9:ce:dd:0f:29:62:b2:44:c5:fd:66:00:47:0b:69:
83:f8:e3:9d:1e:7c:55:57:7a:18:60:b9:be:34:b5:ac:c0:50:
c9:67:f1:02:55:98:21:54:98:26:b3:a6:48:92:25:e1:3b:2f:
4a:c8:ff:d0:12:59:af:8a:07:6b:47:e3:a3:97:69:95:b5:13:
ab:2d:f4:14
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICMuIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjcx
MDIyMjNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI5RDE0RjE4OEJGRjNG
QTI2RjYwN0U1M0ZFRjcyMTE1OUU1MjdFRTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQw6kt4uzBIvsCiENqNsZO9GTdCVGgFAByV5nP+t6LBlCwQZUo
Jdzzf0t5leb28IMkExZFzfF9Mvpea5RT1kDah1kNJkmwGsVhdCzSAF+LIr2hMDkH
G5TJz6sVtWTRr1IlDiQ1T1NgrIRzk3cMvWMQvSvRg2xTYezcVQdHWtBwLm8+lCB4
8uCSvp0cEFZNPKdVLHMQaH0ovVntaT5JjLHYme6AxcecOc5ul2DAQqaY/yd9GgdT
GhQWE+dVkBfyN6ESJkPDTw+HaX6HOpr6kcBBE3heA2UvGa5qTk+ECmpLErIG2qHx
p0frVPEzKmxd16ULLTO2Pwp1N0ZAqEenLlxJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUKdFPGIv/P6JvYH5T/vchFZ5SfugwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tkRlBHSXZfUDZKdllI
NVRfdmNoRlo1U2Z1Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAQtXegz7A0NJEXWH5eM9KlBSw5J6qPafX
7X/4doq2o82Y8P8KO/lGep8mwFt7dn+Ooasxcz4Tyr8m+V5pno6LUKTJzzLxsfXz
CszF88Umh8TmKyeoVD0ONmnxF6aBWw6WRxTR43Z1GxNk4H5F/MMA2OuUbQgxR2AD
dsSXcttWu4OdRHky3W7apQgKNy6kgPsV2+eVCFbRTet9GCmoKHqXSG+hm7CDOsdy
9Hh+rp9fbBeC3uf5/xgH+c7dDyliskTF/WYARwtpg/jjnR58VVd6GGC5vjS1rMBQ
yWfxAlWYIVSYJrOmSJIl4TsvSsj/0BJZr4oHa0fjo5dplbUTqy30FA==
-----END CERTIFICATE-----
Generated at Wed Mar 27 16:40:20 2024 by rpki-client on console.sobornost.net