Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dcQ27jIud3mGRG9AcNk-hvMoAVo.roa
File: dcQ27jIud3mGRG9AcNk-hvMoAVo.roa (raw, json)
Hash identifier: 0fu2eTRg/22VyDYhZWVlfS9jx5Gv5ZEhj4SefeGT/hY=
Subject key identifier: 75:C4:36:EE:32:2E:77:79:86:44:6F:40:70:D9:3E:86:F3:28:01:5A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4052
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dcQ27jIud3mGRG9AcNk-hvMoAVo.roa
Signing time: Sun 14 Apr 2024 08:22:53 +0000
ROA not before: Sun 14 Apr 2024 08:22:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16466 (0x4052)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 08:22:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=75C436EE322E777986446F4070D93E86F328015A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:d7:37:c2:ad:91:fc:c9:f7:96:4e:e4:91:0d:
e8:95:46:14:ff:53:bb:89:1a:54:91:78:9b:4e:4d:
00:49:0c:e8:3c:a8:76:a1:84:75:76:22:91:53:16:
c8:0e:d7:bc:66:c3:16:af:c1:1d:b1:1c:e3:b0:b4:
e2:5c:2e:fe:dd:4f:78:91:65:f1:67:05:7b:49:1c:
ec:e2:7a:9d:2d:17:2e:87:69:29:38:9e:6a:6b:f5:
68:18:68:7d:5b:db:54:f6:55:75:1b:72:5d:4d:54:
07:6e:ab:88:d4:a0:1f:dd:5b:73:1f:99:fe:df:44:
9c:9a:38:8e:8b:aa:b5:4e:cb:d1:25:95:e1:19:63:
6f:0b:fb:f2:0f:f8:fb:f7:ad:b7:00:a6:c3:09:6e:
0c:de:22:a9:9a:d7:69:07:54:2d:4e:f3:4e:2d:a2:
67:99:90:3c:32:71:e7:60:c1:85:00:cc:81:16:e3:
47:c6:60:dc:5c:4b:6b:8a:2b:dc:8d:70:c2:24:50:
71:a8:ef:18:f7:5a:99:1a:50:db:2a:50:f6:b7:2c:
39:0b:7e:4e:b2:a2:82:83:8f:68:ce:fe:71:c3:a2:
42:ec:dc:23:a0:5c:61:22:d8:8a:ab:c9:4e:79:c5:
7a:c6:63:2b:93:bf:d2:f3:5d:54:b4:52:b5:c5:ce:
f4:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:C4:36:EE:32:2E:77:79:86:44:6F:40:70:D9:3E:86:F3:28:01:5A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dcQ27jIud3mGRG9AcNk-hvMoAVo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
92:45:f9:d7:5f:fd:6f:1e:8f:16:bf:9a:07:13:5d:7f:2e:bc:
15:19:3a:cc:d2:be:f4:7b:cf:28:d6:d2:51:e6:0b:56:15:11:
ef:a4:a2:92:79:f7:e4:a0:c7:f8:d6:92:00:2a:6c:fd:58:d8:
10:17:5c:fa:8d:d2:32:34:52:0c:3d:a0:8b:c7:ee:78:46:2c:
2e:74:7d:85:f2:0b:96:2d:fb:80:ed:12:7c:af:46:61:f7:2e:
0b:c6:5a:f4:f1:db:d5:ec:f8:84:a5:c4:c4:36:a3:ff:f1:00:
88:44:a7:40:ba:24:b5:7e:cc:dc:44:c6:63:03:bf:6b:63:3a:
7b:49:59:3a:3a:df:8f:f1:f6:a6:e8:56:02:ca:28:11:6d:97:
c5:0e:19:b9:f3:86:72:cf:a9:64:67:13:d9:14:e2:9d:3b:a7:
2d:b0:54:0c:23:4d:0a:e7:71:38:0e:51:d3:58:08:21:96:d0:
db:75:fc:91:9c:1c:58:4b:16:83:96:96:67:e1:58:33:c7:46:
b4:9f:00:ba:d0:42:b4:66:ce:41:e2:cd:5f:33:c0:e8:ce:04:
6f:c5:8d:21:99:30:8e:d7:1c:33:66:92:21:29:52:5b:65:81:
82:ce:07:45:3c:4f:f0:d5:c0:e8:4d:18:da:cb:60:d6:35:08:
6d:f8:83:f7
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQFIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQw
ODIyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc1QzQzNkVFMzIyRTc3
Nzk4NjQ0NkY0MDcwRDkzRTg2RjMyODAxNUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDx1zfCrZH8yfeWTuSRDeiVRhT/U7uJGlSReJtOTQBJDOg8qHah
hHV2IpFTFsgO17xmwxavwR2xHOOwtOJcLv7dT3iRZfFnBXtJHOziep0tFy6HaSk4
nmpr9WgYaH1b21T2VXUbcl1NVAduq4jUoB/dW3Mfmf7fRJyaOI6LqrVOy9ElleEZ
Y28L+/IP+Pv3rbcApsMJbgzeIqma12kHVC1O804tomeZkDwycedgwYUAzIEW40fG
YNxcS2uKK9yNcMIkUHGo7xj3WpkaUNsqUPa3LDkLfk6yooKDj2jO/nHDokLs3COg
XGEi2IqryU55xXrGYyuTv9LzXVS0UrXFzvTVAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUdcQ27jIud3mGRG9AcNk+hvMoAVowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RjUTI3akl1ZDNtR1JH
OUFjTmstaHZNb0FWby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAkkX511/9bx6PFr+aBxNdfy68FRk6zNK+
9HvPKNbSUeYLVhUR76Siknn35KDH+NaSACps/VjYEBdc+o3SMjRSDD2gi8fueEYs
LnR9hfILli37gO0SfK9GYfcuC8Za9PHb1ez4hKXExDaj//EAiESnQLoktX7M3ETG
YwO/a2M6e0lZOjrfj/H2puhWAsooEW2XxQ4ZufOGcs+pZGcT2RTinTunLbBUDCNN
CudxOA5R01gIIZbQ23X8kZwcWEsWg5aWZ+FYM8dGtJ8AutBCtGbOQeLNXzPA6M4E
b8WNIZkwjtccM2aSISlSW2WBgs4HRTxP8NXA6E0Y2stg1jUIbfiD9w==
-----END CERTIFICATE-----
Generated at Sun Apr 14 14:43:38 2024 by rpki-client on console.sobornost.net