Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ibVje-t3hAoWwehBLUE8NwwPGeE.roa
File: ibVje-t3hAoWwehBLUE8NwwPGeE.roa (raw, json)
Hash identifier: ejRhZioG+uCvQy/Y3hKbt2JN5eFafGlMTbLFxVjmdkY=
Subject key identifier: 89:B5:63:7B:EB:77:84:0A:16:C1:E8:41:2D:41:3C:37:0C:0F:19:E1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 352A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ibVje-t3hAoWwehBLUE8NwwPGeE.roa
Signing time: Sat 30 Mar 2024 11:22:11 +0000
ROA not before: Sat 30 Mar 2024 11:22:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13610 (0x352a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 11:22:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=89B5637BEB77840A16C1E8412D413C370C0F19E1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:cd:84:2a:9c:9d:0e:1f:ad:f0:16:c7:5c:d2:
63:f8:28:e1:6e:d9:8d:be:00:a2:c4:aa:52:d1:f1:
ad:75:da:ad:aa:51:7b:41:9c:18:d7:56:23:a7:d7:
b9:d3:bf:72:cf:6f:a2:38:ef:20:4a:c7:ac:f0:e5:
d9:c9:00:93:cf:2f:4a:23:dd:7c:ec:4a:ca:82:60:
07:2b:58:73:4f:df:fa:08:56:a8:79:98:b6:37:1e:
20:e1:33:5a:19:a2:d6:e3:6c:0e:4f:67:b5:8d:31:
12:c3:ba:cf:ad:47:4f:f7:3e:75:34:b9:f3:00:7d:
78:9f:91:9b:9f:20:55:45:a1:1d:e7:48:f5:e3:29:
88:3b:ab:9a:7b:60:40:c3:6b:06:5c:98:57:15:30:
9e:6f:9e:df:20:c9:d7:6b:f1:5b:54:25:2e:1a:e5:
62:48:71:d8:5e:d4:dd:67:f7:d5:c0:67:e4:82:e6:
fd:7f:fb:14:16:13:5b:51:e1:57:75:b3:da:bf:d2:
6a:0e:81:d5:27:03:42:3f:61:f3:c5:bf:5a:f8:22:
47:4e:ac:84:db:3f:8c:14:b8:59:0d:d0:f4:ee:a3:
df:07:7f:a1:b0:4a:f4:26:2c:dc:63:9c:60:df:83:
90:94:2d:2c:90:52:5b:c1:0d:8f:c6:7e:7c:97:4f:
2e:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:B5:63:7B:EB:77:84:0A:16:C1:E8:41:2D:41:3C:37:0C:0F:19:E1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ibVje-t3hAoWwehBLUE8NwwPGeE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6e:36:a4:e1:e1:0c:5e:1e:f1:da:74:18:e6:b0:f3:18:7d:1b:
54:97:22:dd:f6:bc:19:85:f8:4a:f5:5d:e4:cc:77:90:3b:25:
2e:fe:a7:3e:11:c7:8f:cd:f0:99:f6:a6:ea:d8:e4:97:3e:7a:
56:75:96:9e:34:89:42:14:b1:de:87:91:c3:34:05:ff:1d:0b:
8d:7c:e7:46:b2:79:1b:ef:66:47:6f:18:5c:da:d3:f6:b2:ec:
dc:01:16:6a:da:c0:ff:a8:83:2f:7c:41:56:4b:05:19:4d:fc:
c6:c9:bb:0b:3f:00:cb:cd:87:7d:d2:45:09:39:ec:62:4c:09:
05:a5:3b:fd:ac:72:72:98:6b:08:37:84:a7:dc:d1:bc:72:56:
5c:1e:02:21:9a:4b:b6:73:f5:0a:35:83:6f:f8:de:66:60:93:
fb:88:d1:bd:36:5c:de:63:c0:d6:54:34:5d:bd:98:2f:ec:95:
d4:19:60:7c:05:fd:2a:40:96:c5:4e:17:a1:0a:44:10:ce:33:
4b:fd:00:23:3e:5c:23:dd:73:7d:9f:31:14:2d:f2:be:eb:7c:
9b:f1:65:b3:79:56:6a:e7:bc:38:b4:5a:47:25:52:09:57:54:
21:dd:27:30:5d:72:f7:ed:50:93:c5:3b:ea:79:e6:53:3e:10:
56:9a:53:fd
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNSowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAx
MTIyMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg5QjU2MzdCRUI3Nzg0
MEExNkMxRTg0MTJENDEzQzM3MEMwRjE5RTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCczYQqnJ0OH63wFsdc0mP4KOFu2Y2+AKLEqlLR8a112q2qUXtB
nBjXViOn17nTv3LPb6I47yBKx6zw5dnJAJPPL0oj3XzsSsqCYAcrWHNP3/oIVqh5
mLY3HiDhM1oZotbjbA5PZ7WNMRLDus+tR0/3PnU0ufMAfXifkZufIFVFoR3nSPXj
KYg7q5p7YEDDawZcmFcVMJ5vnt8gyddr8VtUJS4a5WJIcdhe1N1n99XAZ+SC5v1/
+xQWE1tR4Vd1s9q/0moOgdUnA0I/YfPFv1r4IkdOrITbP4wUuFkN0PTuo98Hf6Gw
SvQmLNxjnGDfg5CULSyQUlvBDY/GfnyXTy6DAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUibVje+t3hAoWwehBLUE8NwwPGeEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2liVmplLXQzaEFvV3dl
aEJMVUU4Tnd3UEdlRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAbjak4eEMXh7x2nQY5rDzGH0bVJci3fa8
GYX4SvVd5Mx3kDslLv6nPhHHj83wmfam6tjklz56VnWWnjSJQhSx3oeRwzQF/x0L
jXznRrJ5G+9mR28YXNrT9rLs3AEWatrA/6iDL3xBVksFGU38xsm7Cz8Ay82HfdJF
CTnsYkwJBaU7/axycphrCDeEp9zRvHJWXB4CIZpLtnP1CjWDb/jeZmCT+4jRvTZc
3mPA1lQ0Xb2YL+yV1BlgfAX9KkCWxU4XoQpEEM4zS/0AIz5cI91zfZ8xFC3yvut8
m/Fls3lWaue8OLRaRyVSCVdUId0nMF1y9+1Qk8U76nnmUz4QVppT/Q==
-----END CERTIFICATE-----
Generated at Sat Mar 30 16:32:16 2024 by rpki-client on console.sobornost.net