Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lbvgSkxcdbybDofItP6djc8hurk.roa
File: lbvgSkxcdbybDofItP6djc8hurk.roa (raw, json)
Hash identifier: FYd6S8FCdcpUc1TIT7+xWZ6aOeQ6uWMTtj5gKNcTjO0=
Subject key identifier: 95:BB:E0:4A:4C:5C:75:BC:9B:0E:87:C8:B4:FE:9D:8D:CF:21:BA:B9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4EDE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lbvgSkxcdbybDofItP6djc8hurk.roa
Signing time: Fri 03 May 2024 17:53:45 +0000
ROA not before: Fri 03 May 2024 17:53:45 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20190 (0x4ede)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 17:53:45 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=95BBE04A4C5C75BC9B0E87C8B4FE9D8DCF21BAB9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:70:d6:07:65:64:de:f3:e3:be:44:3e:76:df:
84:99:c0:d6:be:dc:64:a6:53:d2:e4:4a:d8:d4:72:
d3:bf:be:9b:ca:3d:f7:2b:2f:b7:99:74:a9:d9:00:
38:f0:f4:ce:0c:92:32:77:02:f2:c3:1b:58:3e:75:
af:99:06:1b:e0:3b:56:76:fa:e1:44:0d:14:f2:b0:
3c:17:9b:7d:fa:9c:35:5e:a2:e9:3e:b5:21:bc:75:
38:7c:bd:ca:19:f4:57:43:16:86:27:27:06:e0:45:
5a:02:f7:0c:94:6d:56:b4:0b:d6:36:d4:7d:13:bf:
b5:df:8c:f4:b3:a3:26:23:a3:d0:a9:f2:09:f8:f0:
b7:be:52:aa:e1:00:bc:35:43:e2:03:7b:b5:c6:4b:
24:b4:5f:cc:88:6d:1b:00:6e:8e:84:39:c6:70:12:
c7:9a:82:88:aa:94:9d:fa:ec:7f:0a:96:4c:52:7e:
6f:e4:d5:fc:19:e6:2c:94:7b:bf:6d:2c:5d:7a:76:
12:2f:b3:0a:f9:f0:b5:f3:19:57:79:32:83:10:55:
b9:67:87:58:8a:e3:26:5e:86:69:d0:5a:c2:96:f5:
79:83:cb:c5:e4:2b:13:9c:c6:55:8f:04:4f:92:f9:
d6:03:07:97:0d:d6:1b:0a:21:9d:49:43:82:37:a2:
82:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:BB:E0:4A:4C:5C:75:BC:9B:0E:87:C8:B4:FE:9D:8D:CF:21:BA:B9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lbvgSkxcdbybDofItP6djc8hurk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
43:87:a4:49:01:06:f6:e6:9f:e4:13:81:0b:ef:c8:2e:42:26:
b3:de:7c:d6:58:27:a9:28:21:0d:b1:15:84:1a:35:88:6a:ab:
26:b4:fc:c0:bb:83:df:18:ef:6c:0e:24:fe:2c:7b:3e:18:c5:
b0:7d:54:83:20:49:f2:40:87:be:de:75:af:15:0f:14:4b:c2:
c3:21:df:25:a6:cb:44:b5:44:72:58:99:c1:ca:79:77:fb:88:
8c:47:40:08:cb:2d:42:7c:46:da:2d:b3:07:45:7d:02:1f:42:
da:e0:52:fd:02:9b:01:37:7f:22:c8:01:62:5a:ba:02:99:dc:
65:fc:03:a6:5f:85:a4:a6:68:71:bf:7b:20:4b:a6:5f:19:71:
75:fe:85:3f:0a:85:36:69:a6:31:84:c1:59:69:4b:ac:bc:e3:
84:d2:ef:a3:db:ab:b1:b9:a5:63:b5:e4:70:19:0d:65:a9:27:
f9:e3:6a:48:46:f5:47:10:3c:9e:3a:20:47:b0:16:08:4a:51:
7c:7b:3c:c0:a2:58:58:2a:73:15:33:3f:20:98:f8:59:71:bb:
5f:f6:89:41:5e:78:82:c3:8f:12:fa:14:f6:72:91:91:3a:3f:
c9:0b:7e:38:0f:b7:1a:14:21:81:ae:75:ec:23:dd:ec:6f:df:
69:f9:11:56
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTt4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMx
NzUzNDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk1QkJFMDRBNEM1Qzc1
QkM5QjBFODdDOEI0RkU5RDhEQ0YyMUJBQjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmcNYHZWTe8+O+RD5234SZwNa+3GSmU9LkStjUctO/vpvKPfcr
L7eZdKnZADjw9M4MkjJ3AvLDG1g+da+ZBhvgO1Z2+uFEDRTysDwXm336nDVeouk+
tSG8dTh8vcoZ9FdDFoYnJwbgRVoC9wyUbVa0C9Y21H0Tv7XfjPSzoyYjo9Cp8gn4
8Le+UqrhALw1Q+IDe7XGSyS0X8yIbRsAbo6EOcZwEseagoiqlJ367H8KlkxSfm/k
1fwZ5iyUe79tLF16dhIvswr58LXzGVd5MoMQVblnh1iK4yZehmnQWsKW9XmDy8Xk
KxOcxlWPBE+S+dYDB5cN1hsKIZ1JQ4I3ooKfAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUlbvgSkxcdbybDofItP6djc8hurkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xidmdTa3hjZGJ5YkRv
Zkl0UDZkamM4aHVyay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAQ4ekSQEG9uaf5BOBC+/ILkIms9581lgn
qSghDbEVhBo1iGqrJrT8wLuD3xjvbA4k/ix7PhjFsH1UgyBJ8kCHvt51rxUPFEvC
wyHfJabLRLVEcliZwcp5d/uIjEdACMstQnxG2i2zB0V9Ah9C2uBS/QKbATd/IsgB
Ylq6ApncZfwDpl+FpKZocb97IEumXxlxdf6FPwqFNmmmMYTBWWlLrLzjhNLvo9ur
sbmlY7XkcBkNZakn+eNqSEb1RxA8njogR7AWCEpRfHs8wKJYWCpzFTM/IJj4WXG7
X/aJQV54gsOPEvoU9nKRkTo/yQt+OA+3GhQhga517CPd7G/fafkRVg==
-----END CERTIFICATE-----
Generated at Fri May 3 23:21:24 2024 by rpki-client on console.sobornost.net