Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YyhflIJswBRmeK2fn_4WE7euwnM.roa
File: YyhflIJswBRmeK2fn_4WE7euwnM.roa (raw, json)
Hash identifier: sSko7euXVAS4UzItI6V7B3iU9vbvIo22PzZx6yHlnrU=
Subject key identifier: 63:28:5F:94:82:6C:C0:14:66:78:AD:9F:9F:FE:16:13:B7:AE:C2:73
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 564E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YyhflIJswBRmeK2fn_4WE7euwnM.roa
Signing time: Mon 13 May 2024 15:54:15 +0000
ROA not before: Mon 13 May 2024 15:54:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22094 (0x564e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 15:54:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=63285F94826CC0146678AD9F9FFE1613B7AEC273
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:80:77:d4:7b:61:43:cd:b9:df:3d:b6:04:77:
e0:82:57:03:5c:df:01:dc:39:f7:3b:a4:98:19:d8:
47:fa:c4:54:2d:3a:7e:7c:77:09:9b:d6:9f:50:cc:
7b:71:5c:6e:9c:74:e9:b5:9d:35:54:3d:5c:10:d3:
77:40:ff:b9:49:92:f6:fc:86:13:e5:e8:5d:e7:1d:
d8:45:a4:9f:a8:10:d2:81:c2:18:d8:bd:16:e2:09:
1c:11:3a:1c:3d:74:ce:96:a1:f8:d7:1e:c9:19:2e:
0f:6a:c3:0d:97:14:e2:3a:5a:3c:72:c2:a7:e2:0b:
06:c0:d6:83:3b:3c:68:8f:4f:96:a1:66:5a:3e:be:
24:f7:fd:c1:77:0f:d4:b5:56:d8:10:41:cd:32:bb:
b6:64:83:e9:dc:68:06:79:27:21:98:72:19:e2:bd:
88:f2:3a:9a:d2:c1:18:35:5d:2b:f4:b6:11:1f:0f:
a5:77:84:11:8e:f8:82:3b:e0:74:92:c3:57:3d:b9:
62:19:f6:73:f0:d5:16:ef:ad:91:c2:43:a7:6f:bc:
36:39:e8:25:82:e5:65:ac:9e:c7:cb:65:6b:37:6c:
4d:f6:d0:9b:c9:04:74:9d:c9:b4:39:80:1e:c9:6b:
04:8a:ce:d5:e0:5f:b5:4d:bc:6c:7a:53:fc:0f:9b:
0d:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:28:5F:94:82:6C:C0:14:66:78:AD:9F:9F:FE:16:13:B7:AE:C2:73
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YyhflIJswBRmeK2fn_4WE7euwnM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4b:42:70:bc:99:5a:81:65:0c:a7:1f:fb:c0:ef:ec:0e:26:18:
0d:88:31:c1:67:95:06:3c:c1:e4:7b:8d:4f:53:70:c3:9e:ae:
44:e5:a9:98:2a:c8:7c:79:b5:4f:e9:c8:49:26:b7:27:d4:b7:
bd:bd:8d:ea:4c:38:2a:dc:2a:7d:2e:4a:e5:09:53:93:44:ef:
2b:16:c8:83:36:da:09:da:b5:51:55:06:26:c7:de:73:45:1a:
d7:a1:55:84:47:15:0b:e3:c3:13:1b:37:3e:27:54:f2:3a:0b:
a3:d2:7a:d2:f9:6b:2d:dd:62:86:80:e8:1f:d6:be:88:ee:37:
84:8e:78:6e:ed:d7:8f:ea:e7:d0:b7:53:f2:18:ac:6e:de:b5:
6e:aa:85:b8:fc:63:60:c7:eb:2d:98:49:a6:fe:82:ea:7c:8c:
19:fb:f9:e8:e2:a1:82:5e:3c:23:5b:2c:05:4f:1e:99:02:5e:
7c:3b:7d:b0:da:18:c8:0c:4c:71:58:f9:a1:0f:39:0f:d8:7d:
51:2a:85:96:f2:ec:0a:17:32:ba:b4:69:88:c7:67:87:87:2a:
7a:a6:90:07:74:58:c7:15:47:1b:74:e4:34:7b:93:4d:5c:12:
e2:c7:e1:ef:64:b2:72:94:01:0e:e1:a2:e4:9c:6b:aa:00:3d:
5b:b0:63:23
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVk4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMx
NTU0MTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYzMjg1Rjk0ODI2Q0Mw
MTQ2Njc4QUQ5RjlGRkUxNjEzQjdBRUMyNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDgHfUe2FDzbnfPbYEd+CCVwNc3wHcOfc7pJgZ2Ef6xFQtOn58
dwmb1p9QzHtxXG6cdOm1nTVUPVwQ03dA/7lJkvb8hhPl6F3nHdhFpJ+oENKBwhjY
vRbiCRwROhw9dM6WofjXHskZLg9qww2XFOI6WjxywqfiCwbA1oM7PGiPT5ahZlo+
viT3/cF3D9S1VtgQQc0yu7Zkg+ncaAZ5JyGYchnivYjyOprSwRg1XSv0thEfD6V3
hBGO+II74HSSw1c9uWIZ9nPw1RbvrZHCQ6dvvDY56CWC5WWsnsfLZWs3bE320JvJ
BHSdybQ5gB7JawSKztXgX7VNvGx6U/wPmw1tAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUYyhflIJswBRmeK2fn/4WE7euwnMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1l5aGZsSUpzd0JSbWVL
MmZuXzRXRTdldXduTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAS0JwvJlagWUMpx/7wO/sDiYYDYgxwWeV
BjzB5HuNT1Nww56uROWpmCrIfHm1T+nISSa3J9S3vb2N6kw4KtwqfS5K5QlTk0Tv
KxbIgzbaCdq1UVUGJsfec0Ua16FVhEcVC+PDExs3PidU8joLo9J60vlrLd1ihoDo
H9a+iO43hI54bu3Xj+rn0LdT8hisbt61bqqFuPxjYMfrLZhJpv6C6nyMGfv56OKh
gl48I1ssBU8emQJefDt9sNoYyAxMcVj5oQ85D9h9USqFlvLsChcyurRpiMdnh4cq
eqaQB3RYxxVHG3TkNHuTTVwS4sfh72SycpQBDuGi5JxrqgA9W7BjIw==
-----END CERTIFICATE-----
Generated at Mon May 13 19:40:33 2024 by rpki-client on console.sobornost.net