Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vKmfUo0oUTkTuoSrxLyNcFSjhr8.roa
File: vKmfUo0oUTkTuoSrxLyNcFSjhr8.roa (raw, json)
Hash identifier: e8rKRQdHc/YwQB2R4KG6ZjikQrjFAEbX0DUmRwa3+iM=
Subject key identifier: BC:A9:9F:52:8D:28:51:39:13:BA:84:AB:C4:BC:8D:70:54:A3:86:BF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A16
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vKmfUo0oUTkTuoSrxLyNcFSjhr8.roa
Signing time: Sat 27 Apr 2024 08:53:24 +0000
ROA not before: Sat 27 Apr 2024 08:53:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18966 (0x4a16)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 08:53:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=BCA99F528D28513913BA84ABC4BC8D7054A386BF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:8d:c2:2c:cc:d1:15:90:fa:04:c8:db:c8:ec:
69:3c:1b:a1:58:2a:a6:e1:a8:95:f2:48:73:92:ac:
8a:88:87:2f:0a:ad:db:6a:3b:39:ed:58:fa:c3:c3:
85:e7:21:ee:b9:81:28:63:50:d2:b6:ca:39:92:da:
99:1d:59:17:ab:5f:af:9d:e0:2b:65:8e:cc:bd:87:
e7:c6:11:15:25:cc:8a:d6:42:2f:68:25:89:12:32:
87:39:24:61:8c:6b:f5:84:b3:f7:de:05:40:04:53:
88:a2:0b:8e:8e:ed:76:c8:c9:d5:cc:48:c4:82:b8:
f0:d7:d5:1a:56:51:5c:b7:4a:0d:71:b1:84:a1:03:
29:94:b0:14:d7:66:07:38:ee:ee:9c:72:19:a7:43:
66:3e:cd:d3:7d:e7:c9:29:1e:de:17:1b:5a:91:70:
e9:56:55:fa:50:8b:bb:be:b6:10:7c:1e:41:c6:a5:
39:26:18:19:0e:6e:21:74:12:62:a8:e8:a5:76:97:
e6:87:8f:65:68:a0:c0:44:7e:b7:b2:63:3a:44:29:
a1:50:51:97:a6:9f:52:13:ad:5f:ee:23:ef:63:67:
b3:6c:43:f9:a2:01:cd:d7:ed:cd:ed:a2:6f:4c:e9:
4a:73:fe:97:f2:93:22:17:02:84:5a:b7:4f:40:e6:
68:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:A9:9F:52:8D:28:51:39:13:BA:84:AB:C4:BC:8D:70:54:A3:86:BF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vKmfUo0oUTkTuoSrxLyNcFSjhr8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2e:f7:c6:6b:0c:00:3d:ef:f0:49:79:51:2f:45:5f:58:4c:30:
40:03:d1:41:e8:59:c1:9d:06:a3:3b:99:6e:e7:77:40:c6:1b:
e0:88:cf:8a:b4:62:16:74:37:15:be:4e:b6:4d:5c:0c:45:2b:
a6:dc:de:1e:ef:77:c9:f7:ce:ea:4c:dc:d5:54:26:53:22:37:
24:6e:2a:f0:66:c3:64:2e:20:d7:da:e0:f5:b5:a5:54:f5:b8:
f0:79:a0:be:41:38:37:a6:6b:fd:1f:89:f1:f4:5e:56:9c:86:
bc:6c:d5:64:a0:58:b4:87:97:26:09:d0:52:d6:82:b9:0a:5e:
69:b5:cb:05:ce:0f:d4:3d:6f:16:e3:17:92:d2:9e:0b:fd:36:
23:2f:95:f8:b0:12:e9:29:98:a3:5f:c3:12:ed:b3:86:71:d6:
71:cb:2c:7d:4e:24:e2:c1:39:8c:42:71:ca:e5:6c:64:0f:ae:
09:3e:74:ec:1f:23:a5:13:7b:3b:ab:b3:d1:47:28:6d:61:a2:
a8:af:45:fc:05:0d:fd:16:ce:12:54:5d:7f:69:d1:3e:4e:a5:
d4:6d:21:61:5a:a0:a3:c1:d0:20:d9:c9:56:7e:87:dd:a6:30:
15:34:e1:f5:3a:eb:45:35:9f:7f:ca:1e:3b:75:d7:76:a7:cf:
74:5e:7a:e2
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICShYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcw
ODUzMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJDQTk5RjUyOEQyODUx
MzkxM0JBODRBQkM0QkM4RDcwNTRBMzg2QkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPjcIszNEVkPoEyNvI7Gk8G6FYKqbhqJXySHOSrIqIhy8Krdtq
OzntWPrDw4XnIe65gShjUNK2yjmS2pkdWRerX6+d4Ctljsy9h+fGERUlzIrWQi9o
JYkSMoc5JGGMa/WEs/feBUAEU4iiC46O7XbIydXMSMSCuPDX1RpWUVy3Sg1xsYSh
AymUsBTXZgc47u6cchmnQ2Y+zdN958kpHt4XG1qRcOlWVfpQi7u+thB8HkHGpTkm
GBkObiF0EmKo6KV2l+aHj2VooMBEfreyYzpEKaFQUZemn1ITrV/uI+9jZ7NsQ/mi
Ac3X7c3tom9M6Upz/pfykyIXAoRat09A5mjdAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUvKmfUo0oUTkTuoSrxLyNcFSjhr8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZLbWZVbzBvVVRrVHVv
U3J4THlOY0ZTamhyOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEALvfGawwAPe/wSXlRL0VfWEwwQAPRQehZ
wZ0GozuZbud3QMYb4IjPirRiFnQ3Fb5Otk1cDEUrptzeHu93yffO6kzc1VQmUyI3
JG4q8GbDZC4g19rg9bWlVPW48HmgvkE4N6Zr/R+J8fReVpyGvGzVZKBYtIeXJgnQ
UtaCuQpeabXLBc4P1D1vFuMXktKeC/02Iy+V+LAS6SmYo1/DEu2zhnHWccssfU4k
4sE5jEJxyuVsZA+uCT507B8jpRN7O6uz0UcobWGiqK9F/AUN/RbOElRdf2nRPk6l
1G0hYVqgo8HQINnJVn6H3aYwFTTh9TrrRTWff8oeO3XXdqfPdF564g==
-----END CERTIFICATE-----
Generated at Sat Apr 27 12:54:23 2024 by rpki-client on console.sobornost.net