Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/N70IsOim45QMhfPjZZsI_FDmuFM.roa
File: N70IsOim45QMhfPjZZsI_FDmuFM.roa (raw, json)
Hash identifier: dG+9gR+yjx8PIfd9Gi0jAyPtZMNR1uYgP53Df7en3Oc=
Subject key identifier: 37:BD:08:B0:E8:A6:E3:94:0C:85:F3:E3:65:9B:08:FC:50:E6:B8:53
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C86
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/N70IsOim45QMhfPjZZsI_FDmuFM.roa
Signing time: Tue 30 Apr 2024 14:53:37 +0000
ROA not before: Tue 30 Apr 2024 14:53:37 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19590 (0x4c86)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 14:53:37 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=37BD08B0E8A6E3940C85F3E3659B08FC50E6B853
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:e1:e8:51:45:dc:a7:64:72:c4:35:e0:fb:05:
11:04:dc:11:91:21:6d:c9:c0:3c:fa:1b:3a:f5:92:
21:63:72:05:c5:07:a9:de:5d:a7:f8:28:2c:4d:f7:
d7:cc:f1:46:78:62:7d:59:5b:06:55:03:aa:3d:dc:
13:0d:78:2f:19:0b:87:b7:86:1d:73:58:9a:9a:71:
27:75:be:4f:c6:29:fb:c4:dc:07:91:3f:ae:e2:81:
d7:23:bf:40:b9:9c:c6:46:33:0a:9a:e9:c3:7a:5f:
43:97:38:7e:4d:e9:e4:94:61:ba:79:e7:20:23:ea:
63:78:b0:66:8b:c2:7e:89:d8:44:63:70:ac:0b:8a:
ca:c1:e2:7d:1b:52:4e:f5:b5:9f:9f:c9:7b:14:0b:
1e:98:e1:45:51:20:03:a5:8e:b8:4a:a5:0d:eb:56:
b1:a3:87:f0:9d:5f:6e:fa:e8:fc:3c:c8:d5:39:ea:
99:e2:75:b7:08:93:da:ac:99:47:18:4f:d5:90:7f:
fc:41:eb:03:78:39:83:16:f1:d9:b7:bd:87:8d:9e:
a7:1b:94:81:58:af:73:34:88:f8:4b:1a:a1:7d:8c:
56:9e:5d:e8:b3:fe:62:78:80:a5:0b:a3:f2:95:84:
fa:f8:3c:7d:44:e1:d8:00:64:3d:54:40:ec:4a:2b:
90:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:BD:08:B0:E8:A6:E3:94:0C:85:F3:E3:65:9B:08:FC:50:E6:B8:53
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/N70IsOim45QMhfPjZZsI_FDmuFM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3e:95:48:d7:a8:40:16:47:8f:ae:db:86:1d:33:71:e3:68:af:
ea:19:b6:1e:be:fa:d4:ad:85:97:18:50:38:ee:bf:51:85:6a:
2e:4a:eb:1a:da:e2:7d:35:ee:6f:07:d0:76:36:42:d4:66:66:
33:66:ff:84:c6:e0:39:ca:a9:44:fc:09:13:2f:c5:2b:f9:18:
a6:d3:26:8c:8f:fd:b3:87:af:d8:27:eb:4f:c0:f6:e0:c2:e6:
b7:f0:9e:c7:69:9f:2e:b7:60:82:85:4c:4e:cc:44:7f:2a:80:
35:22:f6:81:45:10:2a:77:ca:0e:cd:1f:bb:05:41:46:18:61:
78:8c:e6:9e:14:c8:79:8e:55:92:83:bf:f4:55:59:fd:a9:ed:
84:b7:0e:fd:a4:73:02:ed:7a:91:c9:b6:ec:50:99:3d:d9:de:
a2:fb:1f:01:c4:54:79:55:e4:a2:4c:80:db:d7:cd:b4:fd:b0:
6e:d4:30:6b:9d:5a:ad:29:ba:6e:23:0f:76:e6:2b:f0:40:53:
c0:83:45:9e:fb:e0:e3:bf:94:71:9d:7d:f8:a8:78:2f:bc:6a:
27:cb:95:d7:c1:66:68:20:e3:34:df:60:7b:21:20:de:5d:44:
c9:20:7b:3f:d4:84:b8:e5:d1:ce:0b:ec:b2:eb:b1:94:45:d1:
f4:58:1b:5b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTIYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAx
NDUzMzdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM3QkQwOEIwRThBNkUz
OTQwQzg1RjNFMzY1OUIwOEZDNTBFNkI4NTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDh4ehRRdynZHLENeD7BREE3BGRIW3JwDz6Gzr1kiFjcgXFB6ne
Xaf4KCxN99fM8UZ4Yn1ZWwZVA6o93BMNeC8ZC4e3hh1zWJqacSd1vk/GKfvE3AeR
P67igdcjv0C5nMZGMwqa6cN6X0OXOH5N6eSUYbp55yAj6mN4sGaLwn6J2ERjcKwL
isrB4n0bUk71tZ+fyXsUCx6Y4UVRIAOljrhKpQ3rVrGjh/CdX2766Pw8yNU56pni
dbcIk9qsmUcYT9WQf/xB6wN4OYMW8dm3vYeNnqcblIFYr3M0iPhLGqF9jFaeXeiz
/mJ4gKULo/KVhPr4PH1E4dgAZD1UQOxKK5CtAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUN70IsOim45QMhfPjZZsI/FDmuFMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L043MElzT2ltNDVRTWhm
UGpaWnNJX0ZEbXVGTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAPpVI16hAFkePrtuGHTNx42iv6hm2Hr76
1K2FlxhQOO6/UYVqLkrrGtrifTXubwfQdjZC1GZmM2b/hMbgOcqpRPwJEy/FK/kY
ptMmjI/9s4ev2CfrT8D24MLmt/Cex2mfLrdggoVMTsxEfyqANSL2gUUQKnfKDs0f
uwVBRhhheIzmnhTIeY5VkoO/9FVZ/anthLcO/aRzAu16kcm27FCZPdneovsfAcRU
eVXkokyA29fNtP2wbtQwa51arSm6biMPduYr8EBTwINFnvvg47+UcZ19+Kh4L7xq
J8uV18FmaCDjNN9geyEg3l1EySB7P9SEuOXRzgvssuuxlEXR9FgbWw==
-----END CERTIFICATE-----
Generated at Tue Apr 30 18:40:19 2024 by rpki-client on console.sobornost.net