Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/VfOhntDRx4g_n6UhJSjDwW6tByQ.roa
File: VfOhntDRx4g_n6UhJSjDwW6tByQ.roa (raw, json)
Hash identifier: XuBxxZ4hSwsKE8DJCFn93cqNCqGz7S3Q5/8xrgni1j0=
Subject key identifier: 55:F3:A1:9E:D0:D1:C7:88:3F:9F:A5:21:25:28:C3:C1:6E:AD:07:24
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54EA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VfOhntDRx4g_n6UhJSjDwW6tByQ.roa
Signing time: Sat 11 May 2024 19:24:03 +0000
ROA not before: Sat 11 May 2024 19:24:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21738 (0x54ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 19:24:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=55F3A19ED0D1C7883F9FA5212528C3C16EAD0724
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:ca:55:46:3b:2f:0a:b6:d0:e2:9b:66:68:0c:
c9:70:80:e4:94:6d:e1:a5:55:da:44:86:f1:57:9e:
b1:0c:e9:c5:18:a4:43:3c:af:0a:a5:24:3e:3d:35:
f8:16:1f:c1:96:ae:f2:49:33:d2:7c:94:7f:68:d6:
bf:8d:b6:2f:f6:af:e0:7c:b9:8b:d8:29:44:b4:f5:
01:20:b5:0c:4f:92:9c:61:77:df:3c:a4:b5:1e:8e:
cb:78:bf:99:1f:69:f2:b2:f0:4c:4a:70:df:47:1c:
38:92:8d:64:fb:94:fd:ac:17:3c:0e:75:5a:12:e4:
95:e5:5b:27:6f:39:bd:9e:6e:0c:6f:29:7e:5f:fe:
e8:28:12:06:ed:89:2e:65:cc:1e:f2:86:74:2d:a3:
bc:6c:6a:44:fc:eb:99:ab:c0:f0:3a:0a:a8:4a:3c:
05:3e:1b:90:08:1c:5f:87:90:b1:ed:5f:cc:62:7a:
69:1c:78:77:ff:7e:1c:57:1b:bd:4a:01:7c:d7:2c:
fb:e6:43:18:e6:04:a3:3e:29:31:2e:da:b1:74:dc:
5c:fa:26:01:ec:92:dc:24:99:e4:fd:88:d4:66:64:
cc:99:55:00:ef:be:dc:5c:bf:86:9e:2e:39:e7:15:
68:3c:7b:cc:82:e7:59:7b:4d:b3:04:ed:bd:f6:1c:
83:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:F3:A1:9E:D0:D1:C7:88:3F:9F:A5:21:25:28:C3:C1:6E:AD:07:24
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VfOhntDRx4g_n6UhJSjDwW6tByQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9c:38:28:00:eb:d3:bb:23:e5:b9:58:ae:73:28:00:da:82:d1:
87:63:1b:ee:b5:81:74:e2:57:0d:8c:af:52:8d:c2:6b:e2:8f:
07:66:c9:ae:16:ff:76:88:51:c2:7d:1e:5c:53:11:ff:76:25:
04:1f:08:c8:f6:1c:b6:89:96:e0:f2:b1:4a:dc:71:07:75:59:
90:2d:cb:c8:bb:af:a2:db:92:15:b2:8d:50:26:7a:41:1a:71:
b5:45:24:56:82:f8:c6:e6:f2:49:03:b8:06:be:a0:e4:10:5a:
8e:87:43:20:30:51:10:e8:79:88:b8:8a:51:5d:0d:46:35:ce:
28:8d:23:e2:fb:df:38:3c:8d:33:74:79:4c:a5:f0:9e:25:e3:
aa:52:f8:b9:ed:df:5b:71:1b:c7:b2:9f:0d:11:4f:ce:9f:95:
0c:82:63:59:b0:57:4b:c6:22:05:ad:16:a0:fb:6f:87:5e:d6:
d5:7e:7e:a9:73:6c:f2:e9:eb:ad:52:34:f6:d2:0d:1e:16:61:
a0:90:02:e9:84:7e:ad:f2:f1:02:d6:5c:6c:90:af:76:67:fb:
3d:53:77:e2:f2:f4:41:ca:85:a4:2c:70:6a:94:1d:02:24:98:
da:40:f0:9f:95:52:6c:7c:7d:d0:eb:89:fe:5b:4a:e1:e2:23:
5c:c3:8b:03
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVOowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEx
OTI0MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU1RjNBMTlFRDBEMUM3
ODgzRjlGQTUyMTI1MjhDM0MxNkVBRDA3MjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClylVGOy8KttDim2ZoDMlwgOSUbeGlVdpEhvFXnrEM6cUYpEM8
rwqlJD49NfgWH8GWrvJJM9J8lH9o1r+Nti/2r+B8uYvYKUS09QEgtQxPkpxhd988
pLUejst4v5kfafKy8ExKcN9HHDiSjWT7lP2sFzwOdVoS5JXlWydvOb2ebgxvKX5f
/ugoEgbtiS5lzB7yhnQto7xsakT865mrwPA6CqhKPAU+G5AIHF+HkLHtX8xiemkc
eHf/fhxXG71KAXzXLPvmQxjmBKM+KTEu2rF03Fz6JgHsktwkmeT9iNRmZMyZVQDv
vtxcv4aeLjnnFWg8e8yC51l7TbME7b32HINBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUVfOhntDRx4g/n6UhJSjDwW6tByQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1ZmT2hudERSeDRnX242
VWhKU2pEd1c2dEJ5US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAnDgoAOvTuyPluViucygA2oLRh2Mb7rWB
dOJXDYyvUo3Ca+KPB2bJrhb/dohRwn0eXFMR/3YlBB8IyPYctomW4PKxStxxB3VZ
kC3LyLuvotuSFbKNUCZ6QRpxtUUkVoL4xubySQO4Br6g5BBajodDIDBREOh5iLiK
UV0NRjXOKI0j4vvfODyNM3R5TKXwniXjqlL4ue3fW3Ebx7KfDRFPzp+VDIJjWbBX
S8YiBa0WoPtvh17W1X5+qXNs8unrrVI09tINHhZhoJAC6YR+rfLxAtZcbJCvdmf7
PVN34vL0QcqFpCxwapQdAiSY2kDwn5VSbHx90OuJ/ltK4eIjXMOLAw==
-----END CERTIFICATE-----
Generated at Sun May 12 00:32:58 2024 by rpki-client on console.sobornost.net