Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/VpK0waaIeOdA1FDQAYZcbTIZrpc.roa
File: VpK0waaIeOdA1FDQAYZcbTIZrpc.roa (raw, json)
Hash identifier: OqNLHafIl9v8+wdSmQAzSet+IgnTTdO/TnF/uXj9E8k=
Subject key identifier: 56:92:B4:C1:A6:88:78:E7:40:D4:50:D0:01:86:5C:6D:32:19:AE:97
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 36E2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VpK0waaIeOdA1FDQAYZcbTIZrpc.roa
Signing time: Mon 01 Apr 2024 18:22:13 +0000
ROA not before: Mon 01 Apr 2024 18:22:13 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14050 (0x36e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 1 18:22:13 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5692B4C1A68878E740D450D001865C6D3219AE97
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:4c:26:da:91:aa:e7:f5:39:f2:b4:8f:6f:e3:
82:a5:85:ff:7d:33:97:5b:09:5e:41:b0:72:49:8f:
1f:9c:98:d6:be:3f:2f:87:57:41:2e:9d:ed:a9:b2:
40:31:65:22:60:5c:76:f8:7e:6a:5d:50:2c:87:a0:
ca:85:3b:05:f6:68:93:1d:42:28:62:36:11:97:4d:
09:a8:14:01:53:a6:01:a9:3b:ff:b8:05:0d:cf:19:
02:c4:fa:13:bd:45:de:c6:ed:c0:b3:61:3d:a1:ec:
e6:ec:70:13:88:2a:2f:a8:a4:14:cc:29:fc:1b:98:
33:6f:30:05:e6:56:20:c6:ed:ca:b4:23:26:ad:8d:
3c:e8:70:f1:26:6d:69:36:43:0e:7e:2a:a4:f1:71:
67:5c:c2:6d:24:5d:55:f3:2d:95:22:00:63:37:c7:
be:84:7c:86:aa:79:1e:e8:b5:9a:57:22:39:5a:45:
8e:c7:89:0c:1c:80:4f:1f:9a:75:54:00:b4:a0:89:
39:9e:45:aa:4d:eb:aa:66:8a:33:23:72:be:4d:3b:
ef:68:54:de:94:1e:b7:47:ad:10:ad:d0:d6:7a:66:
77:fd:cb:54:fb:8b:68:e3:da:7d:39:16:86:89:73:
63:1a:57:23:70:41:e4:3e:2e:93:db:6f:6d:d5:36:
08:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:92:B4:C1:A6:88:78:E7:40:D4:50:D0:01:86:5C:6D:32:19:AE:97
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VpK0waaIeOdA1FDQAYZcbTIZrpc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5e:6a:76:7d:54:b5:21:ff:35:8c:a2:3d:2d:b1:84:56:3e:be:
5f:3c:bd:57:54:c8:ba:ec:a1:37:fb:00:23:5e:d7:88:6d:cf:
86:24:f7:84:55:b8:e0:ad:e5:cb:c4:e7:ba:92:a4:f2:cc:73:
21:c5:01:51:72:25:df:42:7f:5b:77:52:57:77:b3:88:6b:68:
5f:cd:2f:d8:88:34:40:a3:37:e9:76:1b:a2:38:e1:5c:8d:52:
46:00:f8:76:9f:1e:7b:6e:c1:b5:0e:db:4c:76:4c:c2:fd:38:
a2:d4:ae:34:28:04:75:cd:da:be:ee:b8:bb:bc:33:68:f7:06:
ba:c7:6c:b9:b1:61:f0:7c:67:5b:d3:34:2b:92:39:10:71:3e:
56:1d:19:93:fe:d5:11:a3:35:ea:04:52:d8:e1:19:99:c7:c9:
1c:52:be:b1:26:cf:e6:64:44:47:76:37:33:b2:a1:9d:85:50:
26:9b:68:3f:bc:b0:58:b4:bf:d4:3a:fc:48:f7:24:0b:b9:11:
c0:a1:0d:c6:fb:cf:c3:86:78:6a:d8:4c:a1:d3:aa:62:6e:d5:
e3:a0:49:52:0e:4d:82:13:5e:de:6a:55:9b:61:43:79:77:37:
0d:45:0b:64:cb:b4:ff:b2:5e:ad:e1:78:7b:b8:b6:59:ca:5f:
81:d4:4a:fd
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNuIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDEx
ODIyMTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU2OTJCNEMxQTY4ODc4
RTc0MEQ0NTBEMDAxODY1QzZEMzIxOUFFOTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnTCbakarn9TnytI9v44Klhf99M5dbCV5BsHJJjx+cmNa+Py+H
V0Eune2pskAxZSJgXHb4fmpdUCyHoMqFOwX2aJMdQihiNhGXTQmoFAFTpgGpO/+4
BQ3PGQLE+hO9Rd7G7cCzYT2h7ObscBOIKi+opBTMKfwbmDNvMAXmViDG7cq0Iyat
jTzocPEmbWk2Qw5+KqTxcWdcwm0kXVXzLZUiAGM3x76EfIaqeR7otZpXIjlaRY7H
iQwcgE8fmnVUALSgiTmeRapN66pmijMjcr5NO+9oVN6UHrdHrRCt0NZ6Znf9y1T7
i2jj2n05FoaJc2MaVyNwQeQ+LpPbb23VNghRAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUVpK0waaIeOdA1FDQAYZcbTIZrpcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1ZwSzB3YWFJZU9kQTFG
RFFBWVpjYlRJWnJwYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAXmp2fVS1If81jKI9LbGEVj6+Xzy9V1TI
uuyhN/sAI17XiG3PhiT3hFW44K3ly8TnupKk8sxzIcUBUXIl30J/W3dSV3eziGto
X80v2Ig0QKM36XYbojjhXI1SRgD4dp8ee27BtQ7bTHZMwv04otSuNCgEdc3avu64
u7wzaPcGusdsubFh8HxnW9M0K5I5EHE+Vh0Zk/7VEaM16gRS2OEZmcfJHFK+sSbP
5mRER3Y3M7KhnYVQJptoP7ywWLS/1Dr8SPckC7kRwKENxvvPw4Z4athModOqYm7V
46BJUg5NghNe3mpVm2FDeXc3DUULZMu0/7JereF4e7i2WcpfgdRK/Q==
-----END CERTIFICATE-----
Generated at Mon Apr 1 22:19:10 2024 by rpki-client on console.sobornost.net