Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gURw-MQ09OwUDYw7E6nmZ3482Ks.roa
File: gURw-MQ09OwUDYw7E6nmZ3482Ks.roa (raw, json)
Hash identifier: vsus5UYQHRTmPYC87QpDsog0RnsbAOWTQfi1u+zDo9o=
Subject key identifier: 81:44:70:F8:C4:34:F4:EC:14:0D:8C:3B:13:A9:E6:67:7E:3C:D8:AB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35C6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gURw-MQ09OwUDYw7E6nmZ3482Ks.roa
Signing time: Sun 31 Mar 2024 06:52:10 +0000
ROA not before: Sun 31 Mar 2024 06:52:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13766 (0x35c6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 06:52:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=814470F8C434F4EC140D8C3B13A9E6677E3CD8AB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:fe:27:18:95:38:60:77:f6:34:e7:06:17:e9:
02:a2:69:60:87:ad:5b:9e:c5:35:05:1e:d7:42:5a:
70:01:b2:08:60:eb:83:b8:cd:58:0e:27:69:73:bf:
31:63:82:d1:48:f0:0e:9e:20:a4:e2:a7:e5:c7:66:
35:23:c6:88:0a:6f:33:1b:40:ba:7a:80:48:d3:a5:
e4:9b:96:da:04:c8:1f:21:19:59:3c:aa:4d:a3:71:
e5:e1:fb:77:e4:d2:3c:2e:ed:64:7a:f2:16:69:50:
60:47:b2:d0:d8:3b:91:5a:af:42:34:1b:a9:83:3f:
c2:5e:ff:64:a8:27:05:37:dc:4a:d2:06:b3:00:a4:
8f:1b:9c:18:31:67:dc:60:83:23:f7:ff:0e:65:a5:
f3:70:e6:69:7c:93:ad:2f:bf:cc:19:c5:0a:13:17:
e6:6e:96:bf:ab:25:e4:85:0f:c1:e6:3d:d3:1a:1b:
22:bd:ef:27:27:f3:5e:c3:d3:d2:48:c5:2f:d7:8c:
b8:37:49:bc:bb:8b:2e:ac:39:03:c0:0f:7f:15:8d:
05:3c:fa:93:90:e7:92:b7:b4:70:0d:cb:c3:cb:dd:
3f:b2:07:6c:95:b6:7f:07:3b:e7:a7:c5:4d:b6:c3:
7e:26:43:6b:92:db:8e:24:01:e4:f6:76:2d:7a:b0:
0b:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:44:70:F8:C4:34:F4:EC:14:0D:8C:3B:13:A9:E6:67:7E:3C:D8:AB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gURw-MQ09OwUDYw7E6nmZ3482Ks.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
23:59:3f:25:1c:fa:d8:6d:e5:fa:8e:47:dd:72:f0:96:80:9c:
70:28:01:b9:f7:a6:58:05:15:f3:b5:59:52:66:e3:a9:6c:43:
32:c6:b5:b0:97:1b:77:15:2d:a7:cd:c5:c2:46:0f:01:dd:2b:
f2:12:57:61:b1:1f:f1:3c:3c:de:d2:e3:59:fd:6a:a5:a1:00:
45:41:b8:43:c4:07:b1:68:c1:df:34:4a:97:96:bb:e7:39:b8:
56:d6:f8:92:45:82:50:78:b9:a6:d2:48:c2:d8:9d:df:d7:eb:
ed:60:7a:bd:b8:86:d5:d5:da:88:d6:97:36:fb:4f:93:0f:a0:
5b:ef:e4:d3:a9:c6:e0:75:b2:1d:ce:d6:0a:13:db:4f:64:92:
a4:94:04:c7:44:f4:4c:ad:ff:ad:10:cf:03:e3:da:b0:fb:2b:
56:d7:8f:08:ce:80:ef:ee:ac:83:25:4e:d3:60:d1:39:8a:80:
94:70:f0:a1:28:48:de:9c:eb:4d:d9:36:5f:28:ce:f6:77:1c:
65:46:43:e1:e1:7a:4f:c3:78:a2:6d:3c:db:4a:7f:0f:28:c0:
72:47:8c:32:cc:2d:64:31:26:a1:bd:4a:99:fb:d8:3f:37:28:
0c:45:f0:dd:06:1e:db:f0:76:b6:98:cf:19:3f:90:23:96:5a:
59:07:2b:35
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNcYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
NjUyMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgxNDQ3MEY4QzQzNEY0
RUMxNDBEOEMzQjEzQTlFNjY3N0UzQ0Q4QUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDS/icYlThgd/Y05wYX6QKiaWCHrVuexTUFHtdCWnABsghg64O4
zVgOJ2lzvzFjgtFI8A6eIKTip+XHZjUjxogKbzMbQLp6gEjTpeSbltoEyB8hGVk8
qk2jceXh+3fk0jwu7WR68hZpUGBHstDYO5Far0I0G6mDP8Je/2SoJwU33ErSBrMA
pI8bnBgxZ9xggyP3/w5lpfNw5ml8k60vv8wZxQoTF+Zulr+rJeSFD8HmPdMaGyK9
7ycn817D09JIxS/XjLg3Sby7iy6sOQPAD38VjQU8+pOQ55K3tHANy8PL3T+yB2yV
tn8HO+enxU22w34mQ2uS244kAeT2di16sAvVAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUgURw+MQ09OwUDYw7E6nmZ3482KswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2dVUnctTVEwOU93VURZ
dzdFNm5tWjM0ODJLcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAI1k/JRz62G3l+o5H3XLwloCccCgBufem
WAUV87VZUmbjqWxDMsa1sJcbdxUtp83FwkYPAd0r8hJXYbEf8Tw83tLjWf1qpaEA
RUG4Q8QHsWjB3zRKl5a75zm4Vtb4kkWCUHi5ptJIwtid39fr7WB6vbiG1dXaiNaX
NvtPkw+gW+/k06nG4HWyHc7WChPbT2SSpJQEx0T0TK3/rRDPA+PasPsrVtePCM6A
7+6sgyVO02DROYqAlHDwoShI3pzrTdk2XyjO9nccZUZD4eF6T8N4om0820p/DyjA
ckeMMswtZDEmob1KmfvYPzcoDEXw3QYe2/B2tpjPGT+QI5ZaWQcrNQ==
-----END CERTIFICATE-----
Generated at Sun Mar 31 12:03:00 2024 by rpki-client on console.sobornost.net