Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/V8OBO7c8NpZC6wgaZaEGmBRwYF8.roa
File: V8OBO7c8NpZC6wgaZaEGmBRwYF8.roa (raw, json)
Hash identifier: b7HPJTWcwd9azhkHPszd6+NjPtG5sMpcAQGA9mXZues=
Subject key identifier: 57:C3:81:3B:B7:3C:36:96:42:EB:08:1A:65:A1:06:98:14:70:60:5F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3872
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/V8OBO7c8NpZC6wgaZaEGmBRwYF8.roa
Signing time: Wed 03 Apr 2024 20:22:22 +0000
ROA not before: Wed 03 Apr 2024 20:22:22 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14450 (0x3872)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 3 20:22:22 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=57C3813BB73C369642EB081A65A106981470605F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fd:a2:82:8d:27:ec:c7:dd:8c:42:2f:1e:3b:fa:
ad:53:da:f4:ce:a0:5c:cc:6e:d0:db:4c:e7:99:f2:
27:ea:a6:0a:4c:9a:19:80:0e:9f:2b:1b:1f:ef:19:
7b:91:ff:a4:46:c2:c6:97:48:24:dc:d4:c1:69:0f:
65:52:95:bb:74:ac:c6:bf:43:44:97:c8:4a:a2:7c:
b7:62:0a:34:85:f1:97:0b:23:91:0a:88:bb:c8:03:
4d:30:f5:55:13:ce:c6:1c:c0:0a:71:69:ce:44:22:
80:28:57:4f:ce:87:be:57:00:f1:ce:04:0f:2b:5c:
77:6e:5e:ae:cd:36:5b:c9:c8:b5:0a:d3:80:19:a1:
dd:6a:27:c3:a8:6f:9c:b5:eb:ee:5f:ad:8c:66:c2:
fc:8c:a5:cf:f8:64:eb:f0:ec:db:c3:8e:6b:60:b4:
6b:ff:be:3d:45:66:cf:84:1c:96:4d:ac:86:aa:e3:
b8:5b:11:23:30:bd:81:ba:7e:7b:a4:5e:1e:f8:e9:
8e:4f:f4:f9:de:cf:25:1d:eb:3e:15:e6:e2:5b:70:
c2:38:a0:b6:7b:2e:7e:15:2b:48:e2:0a:1f:83:d8:
80:24:93:78:6d:6b:23:8a:b7:83:cf:ba:f6:7a:df:
73:72:28:61:63:cd:35:ca:79:f4:ea:8a:0e:78:54:
8d:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:C3:81:3B:B7:3C:36:96:42:EB:08:1A:65:A1:06:98:14:70:60:5F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/V8OBO7c8NpZC6wgaZaEGmBRwYF8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
18:bc:bc:8c:61:21:0b:6c:eb:9d:bb:52:32:64:34:89:38:ce:
95:16:bf:7d:34:68:51:02:3c:d1:2d:ce:29:38:5d:0e:c8:0d:
45:b6:9d:2f:5c:4c:a1:36:07:02:c8:cb:65:8d:69:0f:d2:6d:
3c:76:f5:01:ba:46:02:a0:6b:93:ec:6a:cb:63:8a:25:5b:26:
2e:13:1f:3a:d4:89:bf:85:03:a2:65:8f:39:96:18:ec:21:c7:
13:db:02:c0:bb:7e:57:e7:79:4a:5f:3f:af:43:a6:13:bb:29:
ad:30:9b:06:78:00:a5:e6:03:f6:f9:06:d4:ba:95:1f:91:f3:
eb:4e:51:4c:17:0f:ec:fe:af:b2:ef:28:1e:96:fc:83:e3:79:
a1:f0:71:65:1e:87:aa:08:b0:26:44:c0:18:a6:fd:77:87:13:
26:cd:73:8f:ec:d0:70:4f:42:e4:7a:b1:39:d3:a2:63:2e:ea:
f0:79:b4:28:78:a3:b1:dd:ea:e5:41:9a:43:b9:0d:a7:20:10:
71:a2:17:12:0c:a6:8d:fb:64:41:86:4c:1b:42:dd:61:1a:92:
6b:15:30:2f:73:68:41:ae:02:fc:0c:7e:6e:13:e5:1b:3f:ea:
db:23:6c:c9:2d:be:80:d1:51:73:45:dc:c5:62:90:44:de:f4:
2c:2d:5a:aa
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOHIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDMy
MDIyMjJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU3QzM4MTNCQjczQzM2
OTY0MkVCMDgxQTY1QTEwNjk4MTQ3MDYwNUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD9ooKNJ+zH3YxCLx47+q1T2vTOoFzMbtDbTOeZ8ifqpgpMmhmA
Dp8rGx/vGXuR/6RGwsaXSCTc1MFpD2VSlbt0rMa/Q0SXyEqifLdiCjSF8ZcLI5EK
iLvIA00w9VUTzsYcwApxac5EIoAoV0/Oh75XAPHOBA8rXHduXq7NNlvJyLUK04AZ
od1qJ8Oob5y16+5frYxmwvyMpc/4ZOvw7NvDjmtgtGv/vj1FZs+EHJZNrIaq47hb
ESMwvYG6fnukXh746Y5P9PnezyUd6z4V5uJbcMI4oLZ7Ln4VK0jiCh+D2IAkk3ht
ayOKt4PPuvZ633NyKGFjzTXKefTqig54VI2JAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUV8OBO7c8NpZC6wgaZaEGmBRwYF8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1Y4T0JPN2M4TnBaQzZ3
Z2FaYUVHbUJSd1lGOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAGLy8jGEhC2zrnbtSMmQ0iTjOlRa/fTRo
UQI80S3OKThdDsgNRbadL1xMoTYHAsjLZY1pD9JtPHb1AbpGAqBrk+xqy2OKJVsm
LhMfOtSJv4UDomWPOZYY7CHHE9sCwLt+V+d5Sl8/r0OmE7sprTCbBngApeYD9vkG
1LqVH5Hz605RTBcP7P6vsu8oHpb8g+N5ofBxZR6HqgiwJkTAGKb9d4cTJs1zj+zQ
cE9C5HqxOdOiYy7q8Hm0KHijsd3q5UGaQ7kNpyAQcaIXEgymjftkQYZMG0LdYRqS
axUwL3NoQa4C/Ax+bhPlGz/q2yNsyS2+gNFRc0XcxWKQRN70LC1aqg==
-----END CERTIFICATE-----
Generated at Thu Apr 4 04:53:47 2024 by rpki-client on console.sobornost.net