Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XOSTu9_-FOvdbmFrAzSi-FroCl4.roa
File: XOSTu9_-FOvdbmFrAzSi-FroCl4.roa (raw, json)
Hash identifier: gn6xrngYBvbzP9tA3N4L7aOAjncUI8pbLOO/ETZdcyU=
Subject key identifier: 5C:E4:93:BB:DF:FE:14:EB:DD:6E:61:6B:03:34:A2:F8:5A:E8:0A:5E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3682
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XOSTu9_-FOvdbmFrAzSi-FroCl4.roa
Signing time: Mon 01 Apr 2024 06:22:15 +0000
ROA not before: Mon 01 Apr 2024 06:22:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13954 (0x3682)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 1 06:22:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5CE493BBDFFE14EBDD6E616B0334A2F85AE80A5E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:ad:45:59:ed:78:b6:01:fe:6b:e2:22:f2:69:
c3:19:5b:56:f9:a2:89:e4:08:4a:ed:3d:52:61:2b:
c5:a3:fa:16:89:ed:f4:39:12:2a:39:ab:71:5f:0d:
f2:9c:1f:bd:33:34:e1:f9:11:ab:5d:4b:7d:98:4c:
81:fc:96:97:cf:c6:c1:8a:78:1a:21:06:7c:ed:5e:
de:95:d0:59:98:c4:17:2f:57:29:cb:bb:f5:ab:e8:
69:81:6e:44:75:d5:83:5e:9e:97:1e:c3:62:27:6d:
01:e3:82:0a:ea:01:26:00:5d:aa:40:1f:46:73:46:
4e:e8:cb:76:ea:99:4a:fe:2b:16:1d:5d:12:6f:1a:
19:60:20:1a:7c:cd:df:e6:96:d5:24:72:d1:68:c4:
f5:d6:07:bc:b9:71:e0:4d:c0:0e:f6:4e:a0:39:53:
19:aa:d5:93:3a:c9:d5:2b:88:0c:45:23:db:72:72:
82:22:f4:30:9e:d6:ea:ca:6f:49:9f:79:0e:79:c1:
38:70:3b:7f:49:20:2b:ab:35:37:d2:0a:31:c6:08:
87:00:21:2c:dc:0e:90:3f:75:c0:09:a7:bf:27:db:
4b:6a:67:74:d8:23:53:d4:c4:4a:62:b7:88:ab:c6:
86:12:c9:8c:e3:3c:87:94:0a:b3:8e:4b:41:16:1f:
b6:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:E4:93:BB:DF:FE:14:EB:DD:6E:61:6B:03:34:A2:F8:5A:E8:0A:5E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XOSTu9_-FOvdbmFrAzSi-FroCl4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6d:51:9e:cf:08:ac:86:04:20:04:96:c5:d5:a1:bd:39:e3:67:
01:36:72:fc:58:b7:a5:f6:8f:14:30:44:d6:02:6c:55:f2:b4:
2b:94:d7:43:16:0c:e9:20:94:8d:7b:1b:6b:43:5c:1a:1b:ef:
2a:9b:26:10:6b:f6:f2:ab:e1:e3:0c:d4:e7:4c:78:bd:30:81:
92:30:c3:4a:0d:f0:1f:d1:79:ec:ae:59:8e:3f:40:3b:83:62:
dc:6c:cf:f4:19:17:49:07:63:1a:64:57:31:1e:40:f5:ed:8f:
87:da:32:ab:e9:1d:7f:97:67:0f:82:06:cf:10:5e:33:6f:6b:
a3:7a:03:36:ab:4a:b8:f9:cb:ae:b0:e6:f6:8f:ab:04:10:07:
01:ac:19:06:17:86:82:2d:bd:24:8c:1c:ee:8c:db:f7:64:ff:
87:b9:39:c8:6f:91:bf:94:59:06:b9:44:90:6a:b4:08:37:ea:
e9:fc:e9:4e:46:9e:95:99:32:56:fc:23:9a:2d:81:8e:b1:3d:
19:1c:8c:ec:c8:44:bf:75:08:96:8e:72:03:15:d4:1c:18:3c:
ef:ff:b6:59:8d:c9:46:a1:e0:21:9e:45:74:00:e3:65:8d:22:
c5:a8:fe:73:c4:a8:49:41:bf:c2:83:b4:ba:a1:8b:07:45:93:
b7:ad:ec:65
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNoIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDEw
NjIyMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVDRTQ5M0JCREZGRTE0
RUJERDZFNjE2QjAzMzRBMkY4NUFFODBBNUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvrUVZ7Xi2Af5r4iLyacMZW1b5oonkCErtPVJhK8Wj+haJ7fQ5
Eio5q3FfDfKcH70zNOH5EatdS32YTIH8lpfPxsGKeBohBnztXt6V0FmYxBcvVynL
u/Wr6GmBbkR11YNenpcew2InbQHjggrqASYAXapAH0ZzRk7oy3bqmUr+KxYdXRJv
GhlgIBp8zd/mltUkctFoxPXWB7y5ceBNwA72TqA5Uxmq1ZM6ydUriAxFI9tycoIi
9DCe1urKb0mfeQ55wThwO39JICurNTfSCjHGCIcAISzcDpA/dcAJp78n20tqZ3TY
I1PUxEpit4irxoYSyYzjPIeUCrOOS0EWH7ZlAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUXOSTu9/+FOvdbmFrAzSi+FroCl4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hPU1R1OV8tRk92ZGJt
RnJBelNpLUZyb0NsNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAbVGezwishgQgBJbF1aG9OeNnATZy/Fi3
pfaPFDBE1gJsVfK0K5TXQxYM6SCUjXsba0NcGhvvKpsmEGv28qvh4wzU50x4vTCB
kjDDSg3wH9F57K5Zjj9AO4Ni3GzP9BkXSQdjGmRXMR5A9e2Ph9oyq+kdf5dnD4IG
zxBeM29ro3oDNqtKuPnLrrDm9o+rBBAHAawZBheGgi29JIwc7ozb92T/h7k5yG+R
v5RZBrlEkGq0CDfq6fzpTkaelZkyVvwjmi2BjrE9GRyM7MhEv3UIlo5yAxXUHBg8
7/+2WY3JRqHgIZ5FdADjZY0ixaj+c8SoSUG/woO0uqGLB0WTt63sZQ==
-----END CERTIFICATE-----
Generated at Mon Apr 1 11:18:47 2024 by rpki-client on console.sobornost.net