Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yH6IHYoxwLW45X7jOTRssfrdq5I.roa
File: yH6IHYoxwLW45X7jOTRssfrdq5I.roa (raw, json)
Hash identifier: oG3mz3u0D7udcqHcKGr501etbHoaLxXZjzV7qntPFmA=
Subject key identifier: C8:7E:88:1D:8A:31:C0:B5:B8:E5:7E:E3:39:34:6C:B1:FA:DD:AB:92
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3FA6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yH6IHYoxwLW45X7jOTRssfrdq5I.roa
Signing time: Sat 13 Apr 2024 10:53:14 +0000
ROA not before: Sat 13 Apr 2024 10:53:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16294 (0x3fa6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 10:53:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C87E881D8A31C0B5B8E57EE339346CB1FADDAB92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:45:93:15:5d:f9:b8:3a:8d:ce:52:1b:1c:4d:
ee:29:00:ae:3c:0b:f8:b7:27:f2:06:32:7d:21:88:
f9:3d:61:4a:cc:17:2a:fc:7b:59:59:0b:98:e7:ad:
44:cc:44:7b:36:5f:a5:0b:e7:77:06:df:b3:40:08:
bf:30:f6:ea:02:6b:14:3f:9e:30:b1:5c:ec:81:cd:
02:3a:e8:51:66:e7:44:d2:81:e4:4a:42:a3:cb:fc:
f3:68:b3:07:24:1a:a7:99:4b:52:63:f6:50:8e:d3:
09:c0:55:6a:5b:c7:f3:70:94:f7:60:0e:f7:f7:9c:
af:9d:de:5f:af:9a:a6:b9:66:dd:6c:15:2c:2c:a6:
fd:18:bf:60:83:98:c5:88:37:26:5f:d0:ee:b1:84:
e0:c5:eb:68:da:bc:b0:a4:ac:40:39:1d:e3:3a:85:
ae:96:75:60:d2:27:40:c5:a5:ff:77:40:6c:1a:d0:
78:02:c8:e2:fd:6e:3f:e3:ff:80:0a:8e:82:96:a1:
e6:57:d2:65:ce:5d:2a:6d:a7:70:a9:ec:9c:bb:4c:
b4:be:1f:b2:b1:fe:64:b3:5c:17:50:3a:df:8b:0a:
0f:91:8f:44:93:d1:00:66:34:99:bd:b1:d5:bf:11:
96:40:65:cc:01:80:b2:72:09:be:f2:8c:06:b8:de:
b1:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:7E:88:1D:8A:31:C0:B5:B8:E5:7E:E3:39:34:6C:B1:FA:DD:AB:92
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yH6IHYoxwLW45X7jOTRssfrdq5I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a8:bc:a3:19:6b:bd:df:9b:51:59:c7:f6:d6:2f:d5:63:e0:3d:
da:c6:71:e8:44:98:e8:f8:b6:89:b9:30:2e:37:c8:bd:14:be:
24:ff:03:57:ed:e7:12:00:b9:0b:86:ee:cf:57:55:d2:a3:20:
9a:d9:2f:a4:56:1a:09:97:c1:f3:08:5a:a6:b2:69:aa:ee:b9:
da:22:4a:74:96:06:f0:df:91:70:f3:d1:3f:2f:94:a0:12:65:
60:4f:0a:eb:3c:42:b1:21:59:43:9d:a3:01:8b:b8:23:a9:75:
bf:15:af:30:46:64:0c:0f:86:15:36:74:18:96:d8:46:fd:4f:
ce:47:d0:fb:c5:04:0b:d6:f3:f6:3e:d6:9d:7b:90:cd:56:ce:
fc:0b:fc:cf:42:2e:4e:26:93:88:3e:bb:01:5a:bd:86:3f:49:
15:cb:b5:72:6b:c1:44:d6:50:c0:f8:16:90:5e:28:c3:fa:81:
6d:f6:9b:ea:f0:a1:71:84:ab:d9:1f:8b:75:bb:a3:04:bc:39:
0f:b3:7f:4a:12:24:4e:4b:2c:ec:87:de:f5:3e:e2:3e:1a:d2:
0a:17:da:f7:a8:78:e2:c6:8f:88:18:1e:c4:48:a7:62:3b:27:
48:8b:db:0d:7c:f5:07:98:bf:ae:de:0e:a3:59:d8:21:bc:c0:
3a:74:1d:70
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICP6YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMx
MDUzMTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM4N0U4ODFEOEEzMUMw
QjVCOEU1N0VFMzM5MzQ2Q0IxRkFEREFCOTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzRZMVXfm4Oo3OUhscTe4pAK48C/i3J/IGMn0hiPk9YUrMFyr8
e1lZC5jnrUTMRHs2X6UL53cG37NACL8w9uoCaxQ/njCxXOyBzQI66FFm50TSgeRK
QqPL/PNoswckGqeZS1Jj9lCO0wnAVWpbx/NwlPdgDvf3nK+d3l+vmqa5Zt1sFSws
pv0Yv2CDmMWINyZf0O6xhODF62javLCkrEA5HeM6ha6WdWDSJ0DFpf93QGwa0HgC
yOL9bj/j/4AKjoKWoeZX0mXOXSptp3Cp7Jy7TLS+H7Kx/mSzXBdQOt+LCg+Rj0ST
0QBmNJm9sdW/EZZAZcwBgLJyCb7yjAa43rEDAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUyH6IHYoxwLW45X7jOTRssfrdq5IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3lINklIWW94d0xXNDVY
N2pPVFJzc2ZyZHE1SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAqLyjGWu935tRWcf21i/VY+A92sZx6ESY
6Pi2ibkwLjfIvRS+JP8DV+3nEgC5C4buz1dV0qMgmtkvpFYaCZfB8whaprJpqu65
2iJKdJYG8N+RcPPRPy+UoBJlYE8K6zxCsSFZQ52jAYu4I6l1vxWvMEZkDA+GFTZ0
GJbYRv1PzkfQ+8UEC9bz9j7WnXuQzVbO/Av8z0IuTiaTiD67AVq9hj9JFcu1cmvB
RNZQwPgWkF4ow/qBbfab6vChcYSr2R+LdbujBLw5D7N/ShIkTkss7Ife9T7iPhrS
Chfa96h44saPiBgexEinYjsnSIvbDXz1B5i/rt4Oo1nYIbzAOnQdcA==
-----END CERTIFICATE-----
Generated at Sat Apr 13 17:22:19 2024 by rpki-client on console.sobornost.net