Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/i8Gdem08x-J2t4GJoBsmMIRPNik.roa
File: i8Gdem08x-J2t4GJoBsmMIRPNik.roa (raw, json)
Hash identifier: peRTL3uKBXz1xnsgf6vVw41Rx9FAI8+7B+2G1Eg8pzE=
Subject key identifier: 8B:C1:9D:7A:6D:3C:C7:E2:76:B7:81:89:A0:1B:26:30:84:4F:36:29
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3CF6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/i8Gdem08x-J2t4GJoBsmMIRPNik.roa
Signing time: Tue 09 Apr 2024 20:52:39 +0000
ROA not before: Tue 09 Apr 2024 20:52:39 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15606 (0x3cf6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 20:52:39 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8BC19D7A6D3CC7E276B78189A01B2630844F3629
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:1c:63:75:a0:33:f2:b4:f5:34:02:cc:aa:97:
24:56:2e:ef:cc:ba:0e:c7:b1:1a:5e:95:5c:76:bb:
b4:d4:f0:e3:ed:97:99:2f:14:05:7e:18:32:a6:46:
07:77:40:61:78:5b:66:28:4e:87:7d:4c:c5:81:61:
04:a9:dc:a8:f0:75:84:0e:5e:67:d9:3b:4b:6c:04:
c4:07:c4:2f:2c:cd:96:92:e4:04:19:af:e3:1a:48:
7d:e9:a2:4c:ed:73:12:c5:e8:22:a5:ea:4d:b2:76:
94:c5:da:2e:03:0f:3e:1c:d2:21:43:69:c7:55:8d:
56:fb:13:77:0e:8c:38:20:77:9b:66:44:e5:c0:96:
6e:3b:12:6e:89:51:6d:93:f0:7f:13:18:73:9b:eb:
52:d8:d3:d2:56:c1:3f:79:8d:57:da:3c:57:c1:78:
c3:76:a7:25:5d:25:91:52:a7:86:e7:8c:66:ae:34:
1d:ed:60:2a:74:5d:1a:1e:4c:e7:cc:7f:a5:58:eb:
02:31:fd:54:43:84:ab:a6:fb:01:70:34:4c:4a:ab:
95:a9:f9:39:e6:cb:90:1e:7c:73:4d:d5:6b:13:82:
e6:c1:27:c9:52:c6:21:1d:c4:15:9e:78:ad:63:4b:
17:8a:14:6b:6d:e2:78:a0:0f:3a:8d:18:26:f8:25:
67:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:C1:9D:7A:6D:3C:C7:E2:76:B7:81:89:A0:1B:26:30:84:4F:36:29
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/i8Gdem08x-J2t4GJoBsmMIRPNik.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2e:ab:ff:ff:34:c7:b1:0b:26:5a:29:12:61:d1:42:5c:e0:92:
15:3c:84:32:c3:7e:cb:cd:8a:95:84:c7:11:3c:20:ea:03:61:
f8:8a:73:8e:d0:91:4b:96:15:d0:24:8a:5b:84:6e:50:7b:17:
d4:e6:46:e8:be:3e:fe:b2:83:e0:06:a5:54:3e:9e:fc:06:9c:
9f:44:7f:78:40:49:83:95:2e:ab:47:a7:63:c6:60:09:4a:49:
81:c0:b1:33:21:a1:6b:f6:83:20:0a:ab:94:5a:50:f5:26:29:
33:e0:dd:66:20:c6:91:ec:3e:28:24:10:54:5a:37:08:42:b4:
bd:59:db:3f:a9:20:bd:a2:a8:ed:ba:92:fb:75:c5:dd:c7:97:
d9:ee:bb:0e:d6:3f:6b:40:69:0e:7d:2d:a3:29:42:bb:b8:c0:
88:27:a2:ab:90:ec:a7:55:91:ef:d6:67:b5:25:fb:6e:83:b2:
b7:ab:e3:76:43:3c:17:1d:68:53:ca:5d:9d:3b:c7:99:2d:14:
4b:ec:c5:8e:ea:a2:30:5d:c9:36:63:ec:6d:c9:bb:80:7d:58:
2f:39:37:eb:e1:ab:32:34:3c:5e:fc:a7:35:b7:2c:73:06:7f:
78:cf:ab:0d:d2:14:d5:a0:15:17:7a:b3:b8:4b:5a:a7:03:d3:
e7:2c:06:a8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPPYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDky
MDUyMzlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhCQzE5RDdBNkQzQ0M3
RTI3NkI3ODE4OUEwMUIyNjMwODQ0RjM2MjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmHGN1oDPytPU0AsyqlyRWLu/Mug7HsRpelVx2u7TU8OPtl5kv
FAV+GDKmRgd3QGF4W2YoTod9TMWBYQSp3KjwdYQOXmfZO0tsBMQHxC8szZaS5AQZ
r+MaSH3pokztcxLF6CKl6k2ydpTF2i4DDz4c0iFDacdVjVb7E3cOjDggd5tmROXA
lm47Em6JUW2T8H8TGHOb61LY09JWwT95jVfaPFfBeMN2pyVdJZFSp4bnjGauNB3t
YCp0XRoeTOfMf6VY6wIx/VRDhKum+wFwNExKq5Wp+Tnmy5AefHNN1WsTgubBJ8lS
xiEdxBWeeK1jSxeKFGtt4nigDzqNGCb4JWc5AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUi8Gdem08x+J2t4GJoBsmMIRPNikwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2k4R2RlbTA4eC1KMnQ0
R0pvQnNtTUlSUE5pay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEALqv//zTHsQsmWikSYdFCXOCSFTyEMsN+
y82KlYTHETwg6gNh+IpzjtCRS5YV0CSKW4RuUHsX1OZG6L4+/rKD4AalVD6e/Aac
n0R/eEBJg5Uuq0enY8ZgCUpJgcCxMyGha/aDIAqrlFpQ9SYpM+DdZiDGkew+KCQQ
VFo3CEK0vVnbP6kgvaKo7bqS+3XF3ceX2e67DtY/a0BpDn0toylCu7jAiCeiq5Ds
p1WR79ZntSX7boOyt6vjdkM8Fx1oU8pdnTvHmS0US+zFjuqiMF3JNmPsbcm7gH1Y
Lzk36+GrMjQ8XvynNbcscwZ/eM+rDdIU1aAVF3qzuEtapwPT5ywGqA==
-----END CERTIFICATE-----
Generated at Wed Apr 10 03:54:24 2024 by rpki-client on console.sobornost.net