Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gG4Nnokd4Vmo4bO95mTsUgifqyI.roa
File: gG4Nnokd4Vmo4bO95mTsUgifqyI.roa (raw, json)
Hash identifier: 5RnsAvI42vt9eQJhUtxb/eG+wyVXrZnfTASJSRNh1iU=
Subject key identifier: 80:6E:0D:9E:89:1D:E1:59:A8:E1:B3:BD:E6:64:EC:52:08:9F:AB:22
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F12
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gG4Nnokd4Vmo4bO95mTsUgifqyI.roa
Signing time: Fri 12 Apr 2024 16:22:48 +0000
ROA not before: Fri 12 Apr 2024 16:22:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16146 (0x3f12)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 16:22:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=806E0D9E891DE159A8E1B3BDE664EC52089FAB22
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:70:4b:3b:c6:6d:1b:58:63:27:1a:fb:89:1b:
c3:2c:8e:87:56:72:8c:d2:96:53:6f:b3:b9:96:34:
e5:b4:6e:92:8f:e6:09:ca:5d:69:89:a4:ad:8a:8f:
f6:00:47:7b:d3:6f:43:3a:92:76:4a:92:14:04:02:
73:d4:af:c3:66:aa:03:65:c4:0b:5a:3e:2f:12:8b:
74:ee:f2:3f:52:bf:23:43:4f:90:d4:19:e6:1b:4c:
85:a8:f1:9f:a2:e7:16:86:bc:a9:b7:75:17:c8:e7:
a5:d3:da:77:f4:ac:46:df:90:2d:71:16:ae:8c:63:
68:7b:bc:7e:2f:23:f7:8d:64:c1:d1:dd:5f:9c:3a:
41:04:b3:35:3a:11:41:e7:22:e0:20:c6:46:8f:cc:
b3:73:d5:50:ce:ef:ad:c0:ca:b5:f9:7a:fb:af:13:
a2:6e:1d:21:46:7a:1e:24:aa:70:f5:80:51:fb:6e:
12:b2:73:6b:12:35:d0:a9:a0:82:b0:9e:8e:ac:77:
65:06:fc:2b:4e:8c:47:55:ec:ae:39:e1:8e:c8:0b:
ec:fe:9e:9a:de:73:1e:2a:ea:fb:7b:59:9f:56:44:
b7:71:6f:e0:04:d7:a2:be:62:0f:69:d9:6f:01:18:
ac:8c:b6:73:2e:6d:5f:36:31:09:5e:bf:fa:93:d6:
0d:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:6E:0D:9E:89:1D:E1:59:A8:E1:B3:BD:E6:64:EC:52:08:9F:AB:22
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gG4Nnokd4Vmo4bO95mTsUgifqyI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5e:ca:97:9d:7a:b6:2a:52:5c:aa:61:fb:60:86:b2:16:fa:64:
38:3b:0d:41:1f:ae:53:ab:1d:b6:0c:96:cd:21:b4:d7:29:a3:
ae:3e:b9:7c:a4:31:56:5a:c5:72:e3:cf:dd:de:11:b2:e7:95:
b7:02:59:83:76:a5:8e:f4:f3:18:24:f4:e6:25:10:1a:6d:49:
ca:be:84:72:4b:ad:24:96:d5:af:20:f1:4a:29:da:0c:90:ee:
1e:d5:01:39:0e:c3:c8:3d:be:56:e1:0e:05:da:a4:50:04:29:
4c:fa:f6:c0:25:fd:c0:4d:76:73:19:c5:4c:72:59:73:ca:64:
dc:f7:68:b7:31:34:f7:63:43:5b:06:b3:8b:4e:7d:80:5b:a3:
67:b0:4f:39:a8:9d:f0:d8:52:4c:5f:91:cf:b0:f3:4b:03:44:
11:19:ec:fe:12:91:db:a9:60:42:da:2e:56:eb:3a:45:01:af:
3f:af:f4:0d:f9:2d:c1:74:ad:b9:fe:d5:48:8f:e6:2c:aa:81:
f8:9e:13:58:32:67:35:37:0e:a5:cb:cf:3e:78:b2:cb:62:4c:
bc:d6:98:3e:d9:6c:74:aa:22:57:df:47:54:7e:b3:74:94:48:
eb:2b:6d:7f:e3:12:33:ed:3b:70:07:b7:a3:d0:57:02:08:25:
03:65:e2:88
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPxIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIx
NjIyNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgwNkUwRDlFODkxREUx
NTlBOEUxQjNCREU2NjRFQzUyMDg5RkFCMjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRcEs7xm0bWGMnGvuJG8MsjodWcozSllNvs7mWNOW0bpKP5gnK
XWmJpK2Kj/YAR3vTb0M6knZKkhQEAnPUr8NmqgNlxAtaPi8Si3Tu8j9SvyNDT5DU
GeYbTIWo8Z+i5xaGvKm3dRfI56XT2nf0rEbfkC1xFq6MY2h7vH4vI/eNZMHR3V+c
OkEEszU6EUHnIuAgxkaPzLNz1VDO763AyrX5evuvE6JuHSFGeh4kqnD1gFH7bhKy
c2sSNdCpoIKwno6sd2UG/CtOjEdV7K454Y7IC+z+nprecx4q6vt7WZ9WRLdxb+AE
16K+Yg9p2W8BGKyMtnMubV82MQlev/qT1g3RAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUgG4Nnokd4Vmo4bO95mTsUgifqyIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2dHNE5ub2tkNFZtbzRi
Tzk1bVRzVWdpZnF5SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAXsqXnXq2KlJcqmH7YIayFvpkODsNQR+u
U6sdtgyWzSG01ymjrj65fKQxVlrFcuPP3d4RsueVtwJZg3aljvTzGCT05iUQGm1J
yr6EckutJJbVryDxSinaDJDuHtUBOQ7DyD2+VuEOBdqkUAQpTPr2wCX9wE12cxnF
THJZc8pk3PdotzE092NDWwazi059gFujZ7BPOaid8NhSTF+Rz7DzSwNEERns/hKR
26lgQtouVus6RQGvP6/0DfktwXStuf7VSI/mLKqB+J4TWDJnNTcOpcvPPniyy2JM
vNaYPtlsdKoiV99HVH6zdJRI6yttf+MSM+07cAe3o9BXAgglA2XiiA==
-----END CERTIFICATE-----
Generated at Sat Apr 13 02:37:20 2024 by rpki-client on console.sobornost.net