Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MREoHpIfRXe6JRlJyzVTMKNvsWU.roa
File: MREoHpIfRXe6JRlJyzVTMKNvsWU.roa (raw, json)
Hash identifier: lWkztGlgJsVyufnS6Q1UORADmfo0arwx+OYJQZRcP4U=
Subject key identifier: 31:11:28:1E:92:1F:45:77:BA:25:19:49:CB:35:53:30:A3:6F:B1:65
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3556
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MREoHpIfRXe6JRlJyzVTMKNvsWU.roa
Signing time: Sat 30 Mar 2024 16:52:21 +0000
ROA not before: Sat 30 Mar 2024 16:52:21 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13654 (0x3556)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 16:52:21 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3111281E921F4577BA251949CB355330A36FB165
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:7f:cc:f7:b8:83:48:ef:da:0f:0c:1b:81:94:
90:44:48:1c:71:c7:e7:99:17:16:2c:ae:67:d9:a0:
1e:68:98:2a:ac:ca:73:29:79:c4:c0:7f:39:f3:52:
aa:b3:3c:2c:9d:fc:93:70:5c:a4:c4:83:37:66:e8:
8f:22:ed:3d:a9:41:ca:68:e5:75:c2:6e:74:6e:3f:
bf:6e:0f:71:13:af:10:10:4f:80:f6:67:cb:b6:b2:
f0:bc:5d:c3:8b:b3:09:b2:7a:92:07:d3:44:28:b0:
ab:6d:68:73:84:66:29:e8:bf:e8:af:43:f4:69:34:
bc:69:43:81:95:37:fd:e7:8f:6e:ae:0c:dc:bc:26:
cb:a2:52:af:58:03:30:7e:62:f6:e6:fb:8f:23:0a:
37:12:ed:33:c1:f1:8c:58:41:ab:ff:78:60:4f:61:
b2:d7:54:1f:1e:5a:78:52:ea:86:5b:e5:73:b2:6a:
6e:ff:60:f4:77:6d:06:99:b5:96:47:a5:f8:8f:28:
dd:e2:ce:a2:75:ad:0c:9d:45:83:f6:8c:b6:92:e4:
0f:b7:9a:d7:8d:95:25:62:f8:0a:c1:a2:7d:94:dc:
18:3f:f6:19:ba:c9:74:c3:85:4a:6a:cc:25:1a:8d:
72:2e:a3:a6:b2:10:f9:a6:bc:03:f9:de:4b:90:f1:
85:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:11:28:1E:92:1F:45:77:BA:25:19:49:CB:35:53:30:A3:6F:B1:65
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MREoHpIfRXe6JRlJyzVTMKNvsWU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a5:64:25:39:b3:52:17:19:1a:b6:5b:c5:12:f3:5f:16:fe:73:
58:99:31:4e:a1:6e:3f:60:27:8f:0b:38:33:03:44:a6:6c:51:
63:82:63:ae:b5:da:f5:93:b6:7d:38:4c:1f:d8:e3:40:0a:1a:
f0:b5:d9:12:1c:f7:2e:56:f2:fa:db:47:41:70:df:51:e4:a5:
04:3c:70:23:13:32:2f:83:39:e9:dc:97:8b:05:17:00:a1:f6:
a7:fe:82:8b:69:ed:3f:4a:5c:c6:8f:02:21:04:68:08:5b:d5:
f2:61:2b:2f:f6:7a:a7:df:3c:4e:10:b5:db:40:83:5f:2a:3a:
91:16:ff:3c:f5:31:2e:2d:54:1b:5a:4a:6e:71:e4:1d:db:c1:
0d:e4:6c:24:3e:a9:50:b3:21:36:b1:62:97:e2:a1:4a:9b:59:
d7:64:ef:ba:44:46:cd:9c:55:db:cc:09:bb:ad:f6:b2:b1:30:
8d:8d:f9:5e:62:0a:54:e9:5a:bc:f3:57:9c:0c:f4:69:91:4c:
98:95:91:13:84:14:56:3d:85:b8:4c:1d:fe:7b:df:51:82:7e:
14:67:e5:78:cb:1a:10:fc:27:e4:8f:ab:d1:0b:34:7b:83:3d:
32:8b:5f:4b:d7:01:07:41:5b:ca:e3:45:8c:96:0a:13:fb:99:
10:21:57:52
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNVYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAx
NjUyMjFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDMxMTEyODFFOTIxRjQ1
NzdCQTI1MTk0OUNCMzU1MzMwQTM2RkIxNjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6f8z3uINI79oPDBuBlJBESBxxx+eZFxYsrmfZoB5omCqsynMp
ecTAfznzUqqzPCyd/JNwXKTEgzdm6I8i7T2pQcpo5XXCbnRuP79uD3ETrxAQT4D2
Z8u2svC8XcOLswmyepIH00QosKttaHOEZinov+ivQ/RpNLxpQ4GVN/3nj26uDNy8
JsuiUq9YAzB+Yvbm+48jCjcS7TPB8YxYQav/eGBPYbLXVB8eWnhS6oZb5XOyam7/
YPR3bQaZtZZHpfiPKN3izqJ1rQydRYP2jLaS5A+3mteNlSVi+ArBon2U3Bg/9hm6
yXTDhUpqzCUajXIuo6ayEPmmvAP53kuQ8YVDAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUMREoHpIfRXe6JRlJyzVTMKNvsWUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01SRW9IcElmUlhlNkpS
bEp5elZUTUtOdnNXVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEApWQlObNSFxkatlvFEvNfFv5zWJkxTqFu
P2Anjws4MwNEpmxRY4JjrrXa9ZO2fThMH9jjQAoa8LXZEhz3Llby+ttHQXDfUeSl
BDxwIxMyL4M56dyXiwUXAKH2p/6Ci2ntP0pcxo8CIQRoCFvV8mErL/Z6p988ThC1
20CDXyo6kRb/PPUxLi1UG1pKbnHkHdvBDeRsJD6pULMhNrFil+KhSptZ12TvukRG
zZxV28wJu632srEwjY35XmIKVOlavPNXnAz0aZFMmJWRE4QUVj2FuEwd/nvfUYJ+
FGfleMsaEPwn5I+r0Qs0e4M9MotfS9cBB0FbyuNFjJYKE/uZECFXUg==
-----END CERTIFICATE-----
Generated at Sat Mar 30 19:50:24 2024 by rpki-client on console.sobornost.net