Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wT7zkZU3CDh_ef952qfTR0ceVFg.roa
File: wT7zkZU3CDh_ef952qfTR0ceVFg.roa (raw, json)
Hash identifier: OA/RsgGehiuVHfMaKADw1cQ40euebD8qXn1QsdpKCas=
Subject key identifier: C1:3E:F3:91:95:37:08:38:7F:79:FF:79:DA:A7:D3:47:47:1E:54:58
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3452
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wT7zkZU3CDh_ef952qfTR0ceVFg.roa
Signing time: Fri 29 Mar 2024 08:22:04 +0000
ROA not before: Fri 29 Mar 2024 08:22:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13394 (0x3452)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 08:22:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C13EF391953708387F79FF79DAA7D347471E5458
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:c1:48:34:62:b6:ec:5e:af:a2:6d:8b:90:ae:
82:f0:f2:48:d3:9b:c0:70:bb:30:ab:41:57:8f:75:
ad:fa:12:c3:de:54:11:07:d6:ca:28:98:2f:61:77:
b1:14:f3:e9:c1:e3:7e:a5:8c:18:5d:ec:3b:3a:ef:
74:4c:f7:89:2b:3d:dc:54:b5:a8:7b:9b:80:5a:58:
c9:3c:14:10:43:b4:30:1c:3b:0b:09:ad:5e:31:9a:
bc:38:01:3c:a3:d7:05:dd:0b:8d:3b:48:8d:4b:0b:
8d:16:d3:47:b2:8d:51:78:65:08:62:f9:11:1d:72:
1a:49:b5:00:3d:87:e5:30:ba:39:c4:79:c9:28:f6:
f0:cd:bb:e3:a5:1b:95:84:d5:4a:e5:d1:24:71:e0:
26:32:d3:97:77:02:77:e1:cb:85:42:b8:9b:2c:ba:
d6:16:fe:03:4a:ca:0c:23:2d:15:ba:a2:28:2e:f9:
99:8d:85:4e:6e:79:5f:55:08:49:22:fa:ee:1a:9e:
be:7d:28:4c:12:b2:2c:b0:fb:ae:e7:50:41:43:eb:
54:f9:3b:03:55:19:9b:a9:96:e5:3e:ca:95:57:e1:
8e:ad:1c:ba:6b:5f:40:48:73:c6:5e:09:6d:d3:89:
9c:d0:a1:16:7e:d5:9d:80:e0:4d:9f:82:d0:11:52:
ab:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:3E:F3:91:95:37:08:38:7F:79:FF:79:DA:A7:D3:47:47:1E:54:58
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wT7zkZU3CDh_ef952qfTR0ceVFg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
62:d5:f1:a3:09:05:a1:41:06:6f:f6:d5:d2:7d:3b:97:c4:82:
b6:3b:89:3d:70:60:43:04:f1:fb:91:80:5d:d7:98:74:80:8d:
c1:0a:fd:31:d4:a2:ea:8e:72:bc:6c:c8:84:fb:cd:49:1f:7a:
f3:af:24:5b:e0:d7:a5:1d:82:ff:20:14:31:24:95:70:0b:32:
35:3d:ac:23:76:b0:3f:66:de:2c:01:39:ae:bb:8c:a1:eb:d1:
f1:f3:68:65:35:fc:c5:8c:a9:68:0f:cc:9d:76:77:33:82:73:
47:9b:a5:1d:54:98:a9:8a:2a:1b:92:36:a0:8c:49:44:f3:25:
2d:c1:c7:fb:21:bc:7c:99:6b:3d:41:fc:33:03:c5:f3:3b:76:
2f:d8:a4:a4:1b:14:03:0b:29:27:49:f3:cf:6a:c0:87:e5:3e:
18:7c:a1:14:dc:16:71:93:ff:28:34:61:e2:28:02:d5:04:d7:
8d:06:c7:09:27:d1:4a:c6:b2:8f:52:b9:d3:28:59:b3:65:7d:
49:f5:1b:07:2b:35:f6:79:e5:88:13:f9:8e:3e:49:9c:fa:31:
10:a5:f2:5c:05:b0:1a:fa:49:64:ad:04:65:6b:93:8d:a0:9b:
ac:ee:1e:c7:2a:76:7d:6f:a6:68:0f:ac:22:cb:85:0f:5e:ab:
98:ae:07:48
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNFIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkw
ODIyMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEMxM0VGMzkxOTUzNzA4
Mzg3Rjc5RkY3OURBQTdEMzQ3NDcxRTU0NTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCiwUg0YrbsXq+ibYuQroLw8kjTm8BwuzCrQVePda36EsPeVBEH
1soomC9hd7EU8+nB436ljBhd7Ds673RM94krPdxUtah7m4BaWMk8FBBDtDAcOwsJ
rV4xmrw4ATyj1wXdC407SI1LC40W00eyjVF4ZQhi+REdchpJtQA9h+UwujnEecko
9vDNu+OlG5WE1Url0SRx4CYy05d3Anfhy4VCuJssutYW/gNKygwjLRW6oigu+ZmN
hU5ueV9VCEki+u4anr59KEwSsiyw+67nUEFD61T5OwNVGZupluU+ypVX4Y6tHLpr
X0BIc8ZeCW3TiZzQoRZ+1Z2A4E2fgtARUqtDAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUwT7zkZU3CDh/ef952qfTR0ceVFgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dUN3prWlUzQ0RoX2Vm
OTUycWZUUjBjZVZGZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAYtXxowkFoUEGb/bV0n07l8SCtjuJPXBg
QwTx+5GAXdeYdICNwQr9MdSi6o5yvGzIhPvNSR96868kW+DXpR2C/yAUMSSVcAsy
NT2sI3awP2beLAE5rruMoevR8fNoZTX8xYypaA/MnXZ3M4JzR5ulHVSYqYoqG5I2
oIxJRPMlLcHH+yG8fJlrPUH8MwPF8zt2L9ikpBsUAwspJ0nzz2rAh+U+GHyhFNwW
cZP/KDRh4igC1QTXjQbHCSfRSsayj1K50yhZs2V9SfUbBys19nnliBP5jj5JnPox
EKXyXAWwGvpJZK0EZWuTjaCbrO4exyp2fW+maA+sIsuFD16rmK4HSA==
-----END CERTIFICATE-----
Generated at Fri Mar 29 14:29:05 2024 by rpki-client on console.sobornost.net