Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/UgB4fOSTNNrGybzdfmfGQU-LRCE.roa
File: UgB4fOSTNNrGybzdfmfGQU-LRCE.roa (raw, json)
Hash identifier: aN7fgfYSzf9TDBMKv4i0ze23B4rfTw+DqvNu2Z03dFc=
Subject key identifier: 52:00:78:7C:E4:93:34:DA:C6:C9:BC:DD:7E:67:C6:41:4F:8B:44:21
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3636
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UgB4fOSTNNrGybzdfmfGQU-LRCE.roa
Signing time: Sun 31 Mar 2024 20:52:12 +0000
ROA not before: Sun 31 Mar 2024 20:52:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13878 (0x3636)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 20:52:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5200787CE49334DAC6C9BCDD7E67C6414F8B4421
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:93:30:8a:52:d8:40:71:78:74:22:82:ac:1e:
5e:b0:13:a5:e8:19:5c:f5:ab:16:38:19:2c:e0:ce:
1d:8a:04:7e:c9:96:b1:0d:e7:f7:6b:35:cd:53:8f:
bf:dd:cb:38:79:e3:bf:63:68:c5:75:90:2b:3c:65:
20:fa:e2:76:db:17:be:66:52:57:dc:f3:a0:96:99:
af:d5:09:3a:4d:32:5c:a2:f6:19:d3:ac:6d:da:b5:
c5:a2:a9:3a:a3:00:96:ae:34:4a:e3:53:9a:34:19:
0e:18:01:46:82:8e:92:51:f0:0b:61:03:39:d5:e0:
ce:47:56:ca:cb:a6:28:84:63:75:53:57:36:26:30:
f4:d6:96:a4:57:01:52:7f:c4:01:4f:4a:a7:7f:64:
a0:63:ec:5e:11:63:32:35:6a:8f:06:c7:17:40:1f:
cd:d5:7e:7e:75:a6:c2:b0:0e:f6:f1:c4:34:1c:75:
40:71:46:63:84:a4:1c:43:91:2e:7e:75:83:de:6b:
11:e9:3d:25:0b:14:d9:cc:ac:71:e7:89:ea:c9:be:
e0:75:3d:0c:5b:cd:68:18:09:93:6c:65:07:2b:95:
a5:11:2e:6e:f6:46:43:69:96:15:d8:99:a3:2b:a1:
aa:65:f6:aa:50:d7:41:6a:a6:22:95:3a:07:d5:5e:
2f:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:00:78:7C:E4:93:34:DA:C6:C9:BC:DD:7E:67:C6:41:4F:8B:44:21
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UgB4fOSTNNrGybzdfmfGQU-LRCE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
34:aa:ed:18:1e:09:73:e4:d8:ae:2a:e9:5e:c8:4f:11:ce:8f:
65:59:00:a0:1f:bf:86:8a:7f:3c:f4:c0:eb:58:a7:33:84:92:
c9:5f:8e:e8:25:ec:66:1b:65:fb:3a:33:99:ba:08:8c:57:5e:
9d:33:e6:95:ea:33:fc:d5:09:10:37:5e:4c:3e:a9:3e:27:ed:
cb:59:41:fc:2f:ad:2a:c5:e0:f7:d1:05:cd:7e:0b:da:a4:a7:
69:45:ff:37:c4:5c:45:f2:12:5c:a6:95:66:19:e1:1c:7c:af:
33:16:87:50:f1:20:99:67:c5:8a:96:2d:9d:37:33:30:1c:c7:
a0:0a:ed:3b:37:5b:24:b4:96:67:bf:18:70:5e:88:ff:da:a8:
ed:80:01:fb:5c:15:c1:fa:c8:0a:e5:81:a1:23:90:f7:bd:55:
94:3e:af:af:73:d3:ac:3d:4c:c6:d5:64:15:14:0b:b7:c3:3f:
f2:e9:a3:4f:ca:1b:81:bd:11:52:80:db:0d:e6:a0:85:85:bc:
aa:a7:1c:79:5b:04:f9:fb:07:35:b6:12:fc:6f:5e:f8:02:20:
16:8b:2d:23:bf:bd:76:ed:4e:ec:fe:82:45:2b:e5:17:01:6b:
ae:96:af:e2:5e:52:c0:f8:8f:54:a0:ab:5b:a8:bf:5b:c4:b4:
3b:71:d5:6a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNjYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEy
MDUyMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDUyMDA3ODdDRTQ5MzM0
REFDNkM5QkNERDdFNjdDNjQxNEY4QjQ0MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2kzCKUthAcXh0IoKsHl6wE6XoGVz1qxY4GSzgzh2KBH7JlrEN
5/drNc1Tj7/dyzh5479jaMV1kCs8ZSD64nbbF75mUlfc86CWma/VCTpNMlyi9hnT
rG3atcWiqTqjAJauNErjU5o0GQ4YAUaCjpJR8AthAznV4M5HVsrLpiiEY3VTVzYm
MPTWlqRXAVJ/xAFPSqd/ZKBj7F4RYzI1ao8GxxdAH83Vfn51psKwDvbxxDQcdUBx
RmOEpBxDkS5+dYPeaxHpPSULFNnMrHHnierJvuB1PQxbzWgYCZNsZQcrlaURLm72
RkNplhXYmaMroapl9qpQ10FqpiKVOgfVXi/1AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUUgB4fOSTNNrGybzdfmfGQU+LRCEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1VnQjRmT1NUTk5yR3li
emRmbWZHUVUtTFJDRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEANKrtGB4Jc+TYrirpXshPEc6PZVkAoB+/
hop/PPTA61inM4SSyV+O6CXsZhtl+zozmboIjFdenTPmleoz/NUJEDdeTD6pPift
y1lB/C+tKsXg99EFzX4L2qSnaUX/N8RcRfISXKaVZhnhHHyvMxaHUPEgmWfFipYt
nTczMBzHoArtOzdbJLSWZ78YcF6I/9qo7YAB+1wVwfrICuWBoSOQ971VlD6vr3PT
rD1MxtVkFRQLt8M/8umjT8obgb0RUoDbDeaghYW8qqcceVsE+fsHNbYS/G9e+AIg
FostI7+9du1O7P6CRSvlFwFrrpav4l5SwPiPVKCrW6i/W8S0O3HVag==
-----END CERTIFICATE-----
Generated at Mon Apr 1 03:23:40 2024 by rpki-client on console.sobornost.net