Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/iuFWCdzAtDpjXJ8DZ5-MIxV1Vac.roa
File: iuFWCdzAtDpjXJ8DZ5-MIxV1Vac.roa (raw, json)
Hash identifier: FStc48zkx+XK24dTEFimp+g2q2q0V/PBKyISX7kkSno=
Subject key identifier: 8A:E1:56:09:DC:C0:B4:3A:63:5C:9F:03:67:9F:8C:23:15:75:55:A7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35E2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iuFWCdzAtDpjXJ8DZ5-MIxV1Vac.roa
Signing time: Sun 31 Mar 2024 10:22:11 +0000
ROA not before: Sun 31 Mar 2024 10:22:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13794 (0x35e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 10:22:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8AE15609DCC0B43A635C9F03679F8C23157555A7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ab:e7:26:c8:ac:a4:e8:18:d5:d9:e5:ee:29:
c4:fb:55:ec:9a:0e:81:bf:1c:b2:cc:90:3c:9e:7e:
a4:0c:d2:b8:ae:3a:8f:4b:ec:42:86:e9:e3:ed:22:
70:9e:a4:27:47:1b:58:f5:f3:39:a1:4d:03:a8:a5:
c6:da:d6:9b:0a:c0:da:de:84:28:9a:30:a7:6b:ff:
fc:02:27:00:ed:9b:a8:62:52:dc:46:63:4f:e4:8d:
7c:eb:32:d7:87:f4:f3:e1:da:af:4e:12:9d:2f:ce:
64:3e:d5:c2:40:7f:c8:46:8d:d9:eb:35:e9:bf:06:
f6:ff:a6:d7:b7:07:f0:15:8d:b2:f3:67:34:34:08:
ae:1a:78:f8:c5:42:95:1f:d1:97:cb:ac:e2:11:e8:
b1:95:a1:7e:2b:aa:c4:37:a0:5c:4c:f6:01:df:10:
69:eb:06:3e:90:6e:e2:f6:93:b0:e0:6e:cb:e8:57:
53:eb:d1:19:50:6f:57:96:31:20:d2:41:b7:66:e2:
3a:4e:f6:54:0b:2e:51:59:e4:f7:12:95:54:d9:ab:
4e:0a:16:77:1d:35:e7:8d:d9:fe:e9:08:e1:f7:50:
84:b2:bb:9c:48:bf:f8:bc:47:80:e1:89:dc:70:2f:
d4:90:6a:ba:cf:c8:41:36:f1:14:f3:2b:92:a9:2f:
62:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:E1:56:09:DC:C0:B4:3A:63:5C:9F:03:67:9F:8C:23:15:75:55:A7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iuFWCdzAtDpjXJ8DZ5-MIxV1Vac.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4c:e2:08:bc:97:7d:a1:1e:fb:c2:c2:7c:0c:0e:e1:82:94:0b:
ef:0d:8a:50:1c:e0:b6:45:2a:19:e2:14:6c:9d:43:0f:b1:15:
39:d2:7a:1f:da:1e:bc:45:2d:3a:e1:3a:b3:77:be:a4:48:1f:
e0:cf:e2:97:69:2d:24:54:c5:c5:f5:d0:6d:ff:c0:6a:2f:97:
bc:bd:22:42:5d:c6:16:d1:92:6e:07:0d:2e:fc:75:28:c4:a0:
df:bc:a5:07:12:a4:a6:f7:49:6b:9f:e4:d7:fe:7c:43:b3:de:
77:42:ce:f6:33:c0:87:0f:dc:f8:ca:6e:3a:8e:1d:48:9d:fb:
59:c3:2c:ed:66:fa:76:6c:5b:cb:d3:5f:8e:50:df:06:e1:ab:
6a:2a:dc:b3:21:eb:1e:80:60:d6:cf:d2:66:0f:d4:cf:95:72:
30:df:ef:c4:28:a9:09:29:a3:4e:f2:1f:12:55:4b:d7:04:a2:
c5:a4:64:10:7b:7a:2e:ca:92:ad:e8:87:a0:8b:63:ab:eb:31:
4b:b5:22:49:91:92:9a:24:56:d9:6b:22:7d:9e:13:17:d3:5f:
13:da:3e:07:90:17:0b:92:ba:cc:51:f8:2d:e6:dd:ea:8d:d7:
00:94:02:68:04:45:f7:3e:71:1c:1b:ab:38:cf:30:94:6a:59:
b9:ac:5e:a2
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNeIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEx
MDIyMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhBRTE1NjA5RENDMEI0
M0E2MzVDOUYwMzY3OUY4QzIzMTU3NTU1QTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBq+cmyKyk6BjV2eXuKcT7VeyaDoG/HLLMkDyefqQM0riuOo9L
7EKG6ePtInCepCdHG1j18zmhTQOopcba1psKwNrehCiaMKdr//wCJwDtm6hiUtxG
Y0/kjXzrMteH9PPh2q9OEp0vzmQ+1cJAf8hGjdnrNem/Bvb/pte3B/AVjbLzZzQ0
CK4aePjFQpUf0ZfLrOIR6LGVoX4rqsQ3oFxM9gHfEGnrBj6QbuL2k7DgbsvoV1Pr
0RlQb1eWMSDSQbdm4jpO9lQLLlFZ5PcSlVTZq04KFncdNeeN2f7pCOH3UISyu5xI
v/i8R4DhidxwL9SQarrPyEE28RTzK5KpL2JjAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUiuFWCdzAtDpjXJ8DZ5+MIxV1VacwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2l1RldDZHpBdERwalhK
OERaNS1NSXhWMVZhYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEATOIIvJd9oR77wsJ8DA7hgpQL7w2KUBzg
tkUqGeIUbJ1DD7EVOdJ6H9oevEUtOuE6s3e+pEgf4M/il2ktJFTFxfXQbf/Aai+X
vL0iQl3GFtGSbgcNLvx1KMSg37ylBxKkpvdJa5/k1/58Q7Ped0LO9jPAhw/c+Mpu
Oo4dSJ37WcMs7Wb6dmxby9NfjlDfBuGraircsyHrHoBg1s/SZg/Uz5VyMN/vxCip
CSmjTvIfElVL1wSixaRkEHt6LsqSreiHoItjq+sxS7UiSZGSmiRW2WsifZ4TF9Nf
E9o+B5AXC5K6zFH4Lebd6o3XAJQCaARF9z5xHBurOM8wlGpZuaxeog==
-----END CERTIFICATE-----
Generated at Sun Mar 31 13:30:54 2024 by rpki-client on console.sobornost.net