Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QHV74H6pHY8QSLY0giADYACGitY.roa
File: QHV74H6pHY8QSLY0giADYACGitY.roa (raw, json)
Hash identifier: zFvI8WVfbi6fk4jKL3ULCZArn4nVlSZ8dqBbnj5MYKg=
Subject key identifier: 40:75:7B:E0:7E:A9:1D:8F:10:48:B6:34:82:20:03:60:00:86:8A:D6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DF6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QHV74H6pHY8QSLY0giADYACGitY.roa
Signing time: Thu 02 May 2024 12:53:42 +0000
ROA not before: Thu 02 May 2024 12:53:42 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19958 (0x4df6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 12:53:42 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=40757BE07EA91D8F1048B6348220036000868AD6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:82:73:ca:1f:6f:0a:57:b6:0e:42:74:79:73:
bf:27:f6:b5:cc:a0:60:94:f4:17:8d:1b:56:8f:a8:
42:87:55:a1:3d:9e:f6:07:93:a4:2d:ae:11:68:49:
8c:18:7d:37:14:05:5d:7b:11:79:f8:f0:79:85:99:
fe:7f:f2:60:80:55:c1:eb:cf:97:a9:34:44:48:d4:
47:3c:6c:35:df:fa:b7:72:ef:d4:86:24:ee:6c:0b:
4e:a1:f1:3b:73:c6:36:20:7a:3f:d7:2f:16:4b:52:
a5:54:bd:3b:d0:1a:3f:be:f0:de:e5:48:4b:ee:eb:
d1:9e:4d:e5:2a:7f:9b:50:49:f5:90:55:56:3a:83:
78:15:dc:bb:57:c5:9d:53:9c:df:da:3a:a5:cc:7c:
ca:47:31:75:a4:6b:bc:7d:04:5c:fe:38:37:74:50:
f0:00:29:fc:14:50:18:94:bf:7a:0c:41:21:ce:f1:
b5:71:75:cd:2d:e3:74:fb:4d:aa:ef:7e:fb:7a:8f:
5b:5a:49:87:6a:13:16:09:f3:05:8a:7a:1e:c1:ae:
07:4a:94:6a:d2:14:7e:35:20:9f:22:ac:72:2d:e9:
8d:8d:da:ba:fc:58:6d:92:a8:4c:df:1b:ae:9f:4e:
46:39:9f:77:21:b9:5f:5b:42:c6:be:39:6b:28:ec:
76:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:75:7B:E0:7E:A9:1D:8F:10:48:B6:34:82:20:03:60:00:86:8A:D6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QHV74H6pHY8QSLY0giADYACGitY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8e:3d:ac:12:a0:fa:77:19:fb:27:1e:cf:eb:b0:e8:53:9a:71:
52:1e:62:21:0b:71:2e:b9:e5:fc:12:6e:28:da:86:ea:71:6f:
56:8d:a0:ad:a0:ca:fa:87:bf:13:50:7c:d0:c4:10:99:30:4b:
72:15:a1:a3:e4:3e:00:c2:77:10:dc:78:a9:b0:85:08:ec:61:
30:b8:22:c0:18:6c:f2:f9:9e:1a:e3:3c:4d:9e:96:28:41:09:
74:96:f2:20:88:e8:eb:57:36:60:b8:28:e9:6a:56:9b:86:c1:
7a:58:d7:ae:6a:fd:42:f5:4b:54:08:65:1f:e5:b4:57:9f:4f:
34:9c:46:22:43:8a:74:aa:b1:00:ae:06:20:51:ca:59:f4:f1:
1b:06:22:41:61:de:be:75:c1:4e:4b:6f:cb:7a:c3:89:d6:b7:
36:90:57:e6:a5:5f:f7:27:1a:84:fb:4c:43:22:d9:f8:44:82:
1e:6f:ce:cc:af:05:4c:fb:8a:3e:26:cc:f6:46:9c:b2:50:35:
12:a4:0a:bc:e5:e4:b9:d9:0d:5a:be:b3:5c:a7:21:0d:7d:c3:
da:09:48:29:c1:a4:a1:a8:72:a4:b2:81:1a:c5:2e:c6:d3:05:
82:5b:b0:bb:4e:63:48:52:7a:fe:13:9e:05:15:2e:d6:76:c5:
8e:bf:fe:9a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTfYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIx
MjUzNDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQwNzU3QkUwN0VBOTFE
OEYxMDQ4QjYzNDgyMjAwMzYwMDA4NjhBRDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCygnPKH28KV7YOQnR5c78n9rXMoGCU9BeNG1aPqEKHVaE9nvYH
k6QtrhFoSYwYfTcUBV17EXn48HmFmf5/8mCAVcHrz5epNERI1Ec8bDXf+rdy79SG
JO5sC06h8TtzxjYgej/XLxZLUqVUvTvQGj++8N7lSEvu69GeTeUqf5tQSfWQVVY6
g3gV3LtXxZ1TnN/aOqXMfMpHMXWka7x9BFz+ODd0UPAAKfwUUBiUv3oMQSHO8bVx
dc0t43T7Tarvfvt6j1taSYdqExYJ8wWKeh7BrgdKlGrSFH41IJ8irHIt6Y2N2rr8
WG2SqEzfG66fTkY5n3chuV9bQsa+OWso7HaHAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUQHV74H6pHY8QSLY0giADYACGitYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FIVjc0SDZwSFk4UVNM
WTBnaUFEWUFDR2l0WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAjj2sEqD6dxn7Jx7P67DoU5pxUh5iIQtx
Lrnl/BJuKNqG6nFvVo2graDK+oe/E1B80MQQmTBLchWho+Q+AMJ3ENx4qbCFCOxh
MLgiwBhs8vmeGuM8TZ6WKEEJdJbyIIjo61c2YLgo6WpWm4bBeljXrmr9QvVLVAhl
H+W0V59PNJxGIkOKdKqxAK4GIFHKWfTxGwYiQWHevnXBTktvy3rDida3NpBX5qVf
9ycahPtMQyLZ+ESCHm/OzK8FTPuKPibM9kacslA1EqQKvOXkudkNWr6zXKchDX3D
2glIKcGkoahypLKBGsUuxtMFgluwu05jSFJ6/hOeBRUu1nbFjr/+mg==
-----END CERTIFICATE-----
Generated at Thu May 2 16:08:50 2024 by rpki-client on console.sobornost.net