Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rSPp5rTeYMgyi2L25fAth4aUpIg.roa
File: rSPp5rTeYMgyi2L25fAth4aUpIg.roa (raw, json)
Hash identifier: 75VRLqEEoP1670IWvABYgVXujKkU/2Ai/MciPTBmp/o=
Subject key identifier: AD:23:E9:E6:B4:DE:60:C8:32:8B:62:F6:E5:F0:2D:87:86:94:A4:88
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 451E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rSPp5rTeYMgyi2L25fAth4aUpIg.roa
Signing time: Sat 20 Apr 2024 17:53:12 +0000
ROA not before: Sat 20 Apr 2024 17:53:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17694 (0x451e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 17:53:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AD23E9E6B4DE60C8328B62F6E5F02D878694A488
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:a2:55:ad:4d:3f:32:2c:1a:2a:68:d9:25:0f:
55:8a:e4:87:7c:41:cd:c0:ea:8d:ef:e4:cf:a9:df:
02:ff:92:22:9c:cb:21:5b:da:12:b4:51:d4:72:94:
20:8e:34:75:73:2a:66:06:1f:85:47:57:9a:03:15:
94:f6:8b:c6:59:03:2f:30:06:f3:95:b0:5f:9c:19:
e1:cc:b7:49:81:47:05:64:5f:6e:f5:e9:ec:d3:4c:
39:62:c0:d8:fc:e2:cb:85:67:b6:a8:97:d9:79:90:
56:5b:bc:c4:21:e8:45:da:bb:0a:44:b9:27:33:f3:
9e:02:db:af:b7:bb:d1:63:40:43:5d:30:26:27:68:
b5:92:91:ad:c0:94:31:1b:ad:f5:eb:d7:77:14:54:
a2:2a:aa:55:d8:88:cd:f8:19:d9:ef:e7:b6:08:7f:
24:43:e0:f6:e9:7c:0a:74:0e:ff:68:52:d1:05:24:
1e:71:ff:41:0e:de:77:b2:23:f2:4e:ff:3d:f5:93:
11:45:dd:b8:bf:43:9f:e5:e4:df:54:5d:9d:e5:f5:
9b:29:0f:2d:ee:1f:47:20:e4:15:12:10:9b:64:83:
56:f5:fe:66:05:fc:c1:29:00:cc:58:f8:fc:a4:45:
1b:b6:d5:28:2a:57:bf:95:7b:8c:88:5f:27:58:1d:
e2:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:23:E9:E6:B4:DE:60:C8:32:8B:62:F6:E5:F0:2D:87:86:94:A4:88
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rSPp5rTeYMgyi2L25fAth4aUpIg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
74:8d:82:a0:7e:a1:e6:41:9e:d3:a8:88:16:0b:4a:41:e9:22:
46:d5:6b:3c:1b:06:fc:d7:6c:b1:f7:3a:cd:60:e0:fb:5a:48:
01:cf:e7:7d:73:c5:20:11:64:4d:e5:15:1e:c6:fe:86:c9:f6:
07:2f:19:25:8e:ba:3b:25:33:c0:dd:6c:fc:43:d3:90:30:ac:
93:8c:6e:56:c6:ea:90:85:11:69:16:b9:54:a0:bf:c2:a0:04:
c2:46:c6:37:07:6d:da:c4:25:70:5b:93:e9:5e:12:d7:d1:ed:
44:e4:df:96:cf:9f:3b:80:4b:ba:59:1b:34:03:ed:fe:72:19:
14:40:63:7b:cd:18:93:51:a6:71:a6:8c:83:70:3c:bf:d6:6f:
ea:d3:40:d4:f6:68:16:78:30:2b:60:8a:c2:d4:a3:72:72:3d:
53:90:78:7e:f3:88:37:8d:72:74:a2:55:80:c1:12:87:44:c0:
20:af:32:6b:14:b2:19:57:b2:49:5a:2b:be:73:57:a0:97:9e:
83:11:59:6a:0e:b6:18:91:33:25:23:ea:30:a0:ff:b3:4f:45:
05:4c:81:9b:2a:88:1c:f7:c6:bd:c4:dc:b0:19:60:a7:f0:f6:
95:2b:15:1a:57:da:6b:c7:11:3c:ef:3d:23:5f:9e:e8:e0:4c:
f9:8d:2f:0a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRR4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAx
NzUzMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFEMjNFOUU2QjRERTYw
QzgzMjhCNjJGNkU1RjAyRDg3ODY5NEE0ODgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOolWtTT8yLBoqaNklD1WK5Id8Qc3A6o3v5M+p3wL/kiKcyyFb
2hK0UdRylCCONHVzKmYGH4VHV5oDFZT2i8ZZAy8wBvOVsF+cGeHMt0mBRwVkX271
6ezTTDliwNj84suFZ7aol9l5kFZbvMQh6EXauwpEuScz854C26+3u9FjQENdMCYn
aLWSka3AlDEbrfXr13cUVKIqqlXYiM34Gdnv57YIfyRD4PbpfAp0Dv9oUtEFJB5x
/0EO3neyI/JO/z31kxFF3bi/Q5/l5N9UXZ3l9ZspDy3uH0cg5BUSEJtkg1b1/mYF
/MEpAMxY+PykRRu21SgqV7+Ve4yIXydYHeJJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUrSPp5rTeYMgyi2L25fAth4aUpIgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JTUHA1clRlWU1neWky
TDI1ZkF0aDRhVXBJZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAdI2CoH6h5kGe06iIFgtKQekiRtVrPBsG
/Ndssfc6zWDg+1pIAc/nfXPFIBFkTeUVHsb+hsn2By8ZJY66OyUzwN1s/EPTkDCs
k4xuVsbqkIURaRa5VKC/wqAEwkbGNwdt2sQlcFuT6V4S19HtROTfls+fO4BLulkb
NAPt/nIZFEBje80Yk1GmcaaMg3A8v9Zv6tNA1PZoFngwK2CKwtSjcnI9U5B4fvOI
N41ydKJVgMESh0TAIK8yaxSyGVeySVorvnNXoJeegxFZag62GJEzJSPqMKD/s09F
BUyBmyqIHPfGvcTcsBlgp/D2lSsVGlfaa8cRPO89I1+e6OBM+Y0vCg==
-----END CERTIFICATE-----
Generated at Sun Apr 21 00:35:22 2024 by rpki-client on console.sobornost.net