Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xAPtKO0ak5WJaxORWKaN_EMKljM.roa
File: xAPtKO0ak5WJaxORWKaN_EMKljM.roa (raw, json)
Hash identifier: hoz1DHiS5LJj2HTJMp7ZGtoETm7C69BQIdgChgxUnDM=
Subject key identifier: C4:03:ED:28:ED:1A:93:95:89:6B:13:91:58:A6:8D:FC:43:0A:96:33
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 36C6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xAPtKO0ak5WJaxORWKaN_EMKljM.roa
Signing time: Mon 01 Apr 2024 14:52:11 +0000
ROA not before: Mon 01 Apr 2024 14:52:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14022 (0x36c6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 1 14:52:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C403ED28ED1A9395896B139158A68DFC430A9633
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:6e:74:e1:d7:4b:54:49:ce:38:50:04:1f:1f:
9c:da:04:9d:9d:a8:a3:5f:8b:14:65:57:81:d3:c2:
72:02:4e:81:d1:3f:c9:7c:c2:9c:7d:0e:33:c2:f3:
a9:b0:2e:f5:e8:58:46:e1:8b:4b:88:01:64:6a:c9:
3f:fe:7e:bf:64:2c:46:3b:5e:f2:10:f2:27:20:12:
b9:18:fd:2d:6d:96:cb:68:64:3e:21:5c:d6:20:98:
1b:39:46:80:9c:98:37:c0:20:42:b8:10:02:5d:96:
05:a5:73:f2:59:26:7d:03:7f:5b:a3:b3:69:17:9c:
a7:8a:71:1b:7a:99:c5:d1:80:c8:82:c5:42:cf:8e:
84:2b:c0:35:03:1d:69:10:79:c1:1f:e0:f7:d3:3a:
3c:f7:23:bc:01:57:ee:94:d4:6a:fa:6d:97:e7:81:
8c:3f:a8:d1:26:8b:bf:79:80:c2:44:05:03:a7:2b:
ad:80:52:e4:b8:e2:ba:28:f6:fc:d3:01:4a:8c:45:
cd:a6:c8:7b:67:41:cc:b2:7d:73:ad:3b:02:cc:df:
68:34:b5:5c:5e:da:3d:5d:68:61:45:9f:e2:a5:a3:
df:15:79:1d:cf:5f:0f:40:94:8f:58:6a:25:42:40:
24:1f:1e:ab:cf:e0:75:6b:3d:37:5c:31:f8:05:a7:
08:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:03:ED:28:ED:1A:93:95:89:6B:13:91:58:A6:8D:FC:43:0A:96:33
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xAPtKO0ak5WJaxORWKaN_EMKljM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9b:d0:96:54:c0:a6:dd:fe:bc:33:12:bd:4a:e6:e5:7a:42:0e:
bc:87:79:33:5e:8c:f9:2a:c2:ac:7e:19:16:2c:28:c6:61:40:
15:bf:7a:ca:3d:20:74:7b:8c:b9:f6:ad:6d:0c:21:a1:07:f0:
6d:5c:04:eb:ea:55:3f:60:cb:3c:a5:3f:96:f9:82:e3:9d:ad:
e6:30:52:fd:75:ca:27:9b:5d:ba:11:b4:85:45:0b:bd:13:6b:
8b:93:d4:4d:7d:53:30:b9:c0:80:e1:ec:b3:bd:4b:b7:c2:9c:
28:4a:f6:a1:cb:bc:09:73:c9:3c:a6:26:17:d7:c3:b7:9e:72:
e9:61:f2:1e:08:99:4e:53:e4:31:44:b7:a2:c7:2e:fe:eb:cd:
5d:24:dc:a6:88:34:39:29:1e:03:c7:f0:14:69:ae:ef:1e:9b:
5c:18:87:de:4c:52:05:2b:54:70:d7:8f:95:c1:72:ee:d1:df:
52:d8:9a:d0:62:e8:e2:14:1e:2a:18:ca:65:dd:b5:08:6a:0c:
87:19:66:d9:bc:3b:82:37:37:ff:ba:1a:58:bc:4a:58:78:59:
18:d2:53:5a:90:c8:e3:5f:fb:f4:5f:ca:ce:16:19:8b:59:94:
f4:b3:c1:1b:16:67:47:7a:05:0d:73:f8:17:6a:15:c7:ce:76:
3d:73:d7:80
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNsYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDEx
NDUyMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM0MDNFRDI4RUQxQTkz
OTU4OTZCMTM5MTU4QTY4REZDNDMwQTk2MzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfbnTh10tUSc44UAQfH5zaBJ2dqKNfixRlV4HTwnICToHRP8l8
wpx9DjPC86mwLvXoWEbhi0uIAWRqyT/+fr9kLEY7XvIQ8icgErkY/S1tlstoZD4h
XNYgmBs5RoCcmDfAIEK4EAJdlgWlc/JZJn0Df1ujs2kXnKeKcRt6mcXRgMiCxULP
joQrwDUDHWkQecEf4PfTOjz3I7wBV+6U1Gr6bZfngYw/qNEmi795gMJEBQOnK62A
UuS44roo9vzTAUqMRc2myHtnQcyyfXOtOwLM32g0tVxe2j1daGFFn+Klo98VeR3P
Xw9AlI9YaiVCQCQfHqvP4HVrPTdcMfgFpwhNAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUxAPtKO0ak5WJaxORWKaN/EMKljMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hBUHRLTzBhazVXSmF4
T1JXS2FOX0VNS2xqTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAm9CWVMCm3f68MxK9SublekIOvId5M16M
+SrCrH4ZFiwoxmFAFb96yj0gdHuMufatbQwhoQfwbVwE6+pVP2DLPKU/lvmC452t
5jBS/XXKJ5tduhG0hUULvRNri5PUTX1TMLnAgOHss71Lt8KcKEr2ocu8CXPJPKYm
F9fDt55y6WHyHgiZTlPkMUS3oscu/uvNXSTcpog0OSkeA8fwFGmu7x6bXBiH3kxS
BStUcNePlcFy7tHfUtia0GLo4hQeKhjKZd21CGoMhxlm2bw7gjc3/7oaWLxKWHhZ
GNJTWpDI41/79F/KzhYZi1mU9LPBGxZnR3oFDXP4F2oVx852PXPXgA==
-----END CERTIFICATE-----
Generated at Mon Apr 1 20:28:32 2024 by rpki-client on console.sobornost.net