Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-0gV2Wf3lnCra6T6TloX1GJCT8o.roa
File: -0gV2Wf3lnCra6T6TloX1GJCT8o.roa (raw, json)
Hash identifier: 03nc6Ou72vMdviDn8uopuvEUPPhjPzTYH2/oJ4xmgJs=
Subject key identifier: FB:48:15:D9:67:F7:96:70:AB:6B:A4:FA:4E:5A:17:D4:62:42:4F:CA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3ECA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-0gV2Wf3lnCra6T6TloX1GJCT8o.roa
Signing time: Fri 12 Apr 2024 07:22:48 +0000
ROA not before: Fri 12 Apr 2024 07:22:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16074 (0x3eca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 07:22:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FB4815D967F79670AB6BA4FA4E5A17D462424FCA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:98:12:07:fd:ca:f1:ad:7a:5b:3d:bc:f5:5e:
c9:d9:17:1d:3f:47:f4:7e:ce:21:7b:27:68:e7:32:
8f:aa:d9:22:fe:5f:53:1b:ef:3a:c7:33:69:01:e8:
c4:df:67:9e:76:36:01:a0:6d:4b:39:01:4b:dd:f3:
0e:71:4e:1e:a5:fa:18:bd:0b:e9:49:b1:1c:b5:b5:
47:ab:8b:e5:1b:03:53:9f:09:86:0b:8f:73:f3:96:
c3:9c:e3:af:54:dd:2a:67:ad:e0:5c:3b:74:1a:27:
01:7a:7a:9c:60:f0:bf:b6:e2:f8:04:8b:4f:b9:45:
e3:2f:81:fa:15:e7:3b:59:dc:25:87:67:fd:32:be:
c2:a7:e0:77:61:78:eb:97:7b:fd:28:7d:54:c7:63:
bf:a8:8a:bf:27:1d:27:55:f0:32:ca:a1:14:a3:f4:
b3:e4:52:14:f6:bf:46:62:e1:3b:c0:f7:50:9a:02:
ae:ac:f3:79:57:9d:03:c5:2a:08:37:c1:ce:56:80:
e2:d4:a6:94:97:0f:d9:96:4b:69:06:b0:a4:69:0e:
12:20:a4:74:a3:8d:be:af:1c:bd:54:c2:20:14:99:
97:1a:22:30:30:f4:c1:6b:ab:2c:c4:7d:e3:7f:ce:
0b:e8:cc:30:53:bb:86:8d:d0:e7:fd:6d:96:52:5c:
22:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:48:15:D9:67:F7:96:70:AB:6B:A4:FA:4E:5A:17:D4:62:42:4F:CA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-0gV2Wf3lnCra6T6TloX1GJCT8o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a1:08:ac:0f:ee:90:66:21:d9:44:9c:fa:ec:a0:44:fb:c8:65:
c1:1d:66:27:1b:2f:ad:64:23:ee:de:41:b1:92:aa:0e:40:8a:
2c:db:67:d6:a2:29:42:d9:13:dd:8b:de:a7:e1:04:ad:ab:ef:
16:b0:57:2d:9b:d8:e7:5a:7f:f4:55:da:8d:c8:82:c4:49:1b:
c7:b2:c2:9c:3b:9e:d3:74:2e:99:f0:b6:88:ad:97:b3:17:99:
9f:9d:99:01:45:7d:37:c0:08:42:7e:a5:c4:13:36:4b:05:4a:
be:2d:97:74:9c:49:70:7d:00:b1:a5:be:b7:5b:97:05:67:d8:
c3:fd:8a:a8:03:73:8e:46:a0:39:25:bc:25:60:96:53:9f:4c:
6c:9a:91:1c:2b:30:dc:87:08:1d:d7:5c:75:1c:32:b5:03:cc:
e7:c6:c2:07:da:99:1e:59:2b:dc:d0:50:9b:d4:e5:5e:da:cc:
7e:19:68:73:a8:0b:af:03:80:6e:e5:5c:02:a9:24:bf:b2:23:
f7:06:21:a9:ed:0f:4b:a5:67:5f:e0:92:b9:24:24:db:01:fe:
59:05:04:1d:50:a2:66:30:d8:67:34:f7:84:a5:70:9e:a2:de:
94:f9:24:a7:df:23:4d:db:20:e7:eb:8b:66:73:24:79:aa:ec:
c8:be:dd:d8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPsowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIw
NzIyNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZCNDgxNUQ5NjdGNzk2
NzBBQjZCQTRGQTRFNUExN0Q0NjI0MjRGQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7mBIH/crxrXpbPbz1XsnZFx0/R/R+ziF7J2jnMo+q2SL+X1Mb
7zrHM2kB6MTfZ552NgGgbUs5AUvd8w5xTh6l+hi9C+lJsRy1tUeri+UbA1OfCYYL
j3PzlsOc469U3SpnreBcO3QaJwF6epxg8L+24vgEi0+5ReMvgfoV5ztZ3CWHZ/0y
vsKn4HdheOuXe/0ofVTHY7+oir8nHSdV8DLKoRSj9LPkUhT2v0Zi4TvA91CaAq6s
83lXnQPFKgg3wc5WgOLUppSXD9mWS2kGsKRpDhIgpHSjjb6vHL1UwiAUmZcaIjAw
9MFrqyzEfeN/zgvozDBTu4aN0Of9bZZSXCLLAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU+0gV2Wf3lnCra6T6TloX1GJCT8owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly0wZ1YyV2YzbG5DcmE2
VDZUbG9YMUdKQ1Q4by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAoQisD+6QZiHZRJz67KBE+8hlwR1mJxsv
rWQj7t5BsZKqDkCKLNtn1qIpQtkT3Yvep+EEravvFrBXLZvY51p/9FXajciCxEkb
x7LCnDue03QumfC2iK2XsxeZn52ZAUV9N8AIQn6lxBM2SwVKvi2XdJxJcH0AsaW+
t1uXBWfYw/2KqANzjkagOSW8JWCWU59MbJqRHCsw3IcIHddcdRwytQPM58bCB9qZ
Hlkr3NBQm9TlXtrMfhloc6gLrwOAbuVcAqkkv7Ij9wYhqe0PS6VnX+CSuSQk2wH+
WQUEHVCiZjDYZzT3hKVwnqLelPkkp98jTdsg5+uLZnMkearsyL7d2A==
-----END CERTIFICATE-----
Generated at Sun May 18 02:13:51 2025 by rpki-client