Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/05-xR1fQ9mmTb97WbhahCtKhYJ8.roa
File: 05-xR1fQ9mmTb97WbhahCtKhYJ8.roa (raw, json)
Hash identifier: 9PcO06IAs+mRR2KNcMIhBgpTqXMvFL9LO31UcXUfkrQ=
Subject key identifier: D3:9F:B1:47:57:D0:F6:69:93:6F:DE:D6:6E:16:A1:0A:D2:A1:60:9F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57A2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/05-xR1fQ9mmTb97WbhahCtKhYJ8.roa
Signing time: Wed 15 May 2024 10:24:11 +0000
ROA not before: Wed 15 May 2024 10:24:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22434 (0x57a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 10:24:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D39FB14757D0F669936FDED66E16A10AD2A1609F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:ba:da:30:24:5c:7a:5d:d1:e4:70:c7:66:a3:
89:6b:f4:db:3d:b9:02:39:49:e7:37:45:03:84:2b:
0b:13:34:c3:bf:52:f5:17:8c:a0:ed:f8:f7:87:f3:
7a:1a:1a:ed:fb:88:7c:8e:c9:a4:6c:97:b6:68:c0:
ef:bd:ab:09:d2:5f:0e:f8:cc:38:a5:29:83:33:29:
4b:14:be:95:84:cc:9a:e3:3d:0c:ef:ea:69:25:45:
6a:81:9e:6e:ca:23:dc:8a:14:c7:26:61:dc:d0:8d:
e8:2f:06:59:cc:45:11:39:74:9c:17:95:9a:4f:d1:
4e:67:a2:06:ca:ef:a0:95:fb:a0:2b:e6:5e:e8:0b:
cd:35:1c:52:44:86:f8:f4:d1:07:26:03:b9:61:92:
74:a2:9b:37:c0:fb:6e:4c:c4:77:6b:2a:e1:3a:c9:
fc:60:7c:3f:ad:29:8a:df:02:10:49:56:a0:07:88:
7f:ad:22:a6:43:82:54:63:5f:06:e6:eb:20:d2:3c:
81:c0:48:b5:0e:3f:ea:80:e9:b5:d6:34:00:39:bd:
9a:6d:c3:f1:be:12:19:ec:81:91:7a:4c:66:56:99:
56:76:98:fc:30:3a:f6:2e:cb:63:eb:6a:df:ed:25:
75:d2:c7:73:55:e0:ca:53:8d:29:b0:86:d3:50:50:
69:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:9F:B1:47:57:D0:F6:69:93:6F:DE:D6:6E:16:A1:0A:D2:A1:60:9F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/05-xR1fQ9mmTb97WbhahCtKhYJ8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
87:47:9d:01:1d:f0:85:15:4a:db:bd:0c:14:e4:c7:89:9a:22:
c5:f2:7c:d0:19:9d:48:2a:43:7b:bb:db:95:73:9e:6c:78:84:
21:bd:dd:b6:9c:dc:1e:b8:73:d7:4e:a3:43:a3:52:27:9e:bb:
67:ca:5d:8e:86:cc:13:c4:9c:0b:74:8f:cc:49:a2:7d:00:71:
d0:7b:05:60:e7:50:8c:79:8d:d9:23:e9:f9:a4:a0:07:79:d0:
65:98:90:f0:72:ac:05:1f:c9:59:0e:2e:1f:65:1d:48:b3:4b:
55:15:c4:2c:e4:27:ec:cb:5b:81:09:dd:76:77:65:33:1b:14:
17:5f:fb:30:b3:ee:6b:ed:d4:27:64:3f:16:cb:be:f9:69:ba:
b1:35:9a:a5:b4:74:82:cd:f0:36:49:8e:88:07:01:1e:9a:12:
a6:fe:70:8e:0f:23:2a:38:2f:06:35:25:fd:dc:bc:92:16:13:
d2:51:8c:bb:06:15:3f:b5:55:8f:c9:e2:13:a1:d8:8b:d8:44:
e6:30:45:e3:b7:71:e5:e4:5b:9c:ea:fa:25:bb:0f:5a:76:c9:
11:7d:5d:b9:24:4e:67:98:7b:7a:1c:0b:93:c4:36:ee:52:e0:
93:a3:83:8a:0f:ef:ce:e4:59:75:f6:16:aa:84:bc:11:a0:91:
0a:45:0c:14
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICV6IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUx
MDI0MTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQzOUZCMTQ3NTdEMEY2
Njk5MzZGREVENjZFMTZBMTBBRDJBMTYwOUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnutowJFx6XdHkcMdmo4lr9Ns9uQI5Sec3RQOEKwsTNMO/UvUX
jKDt+PeH83oaGu37iHyOyaRsl7ZowO+9qwnSXw74zDilKYMzKUsUvpWEzJrjPQzv
6mklRWqBnm7KI9yKFMcmYdzQjegvBlnMRRE5dJwXlZpP0U5nogbK76CV+6Ar5l7o
C801HFJEhvj00QcmA7lhknSimzfA+25MxHdrKuE6yfxgfD+tKYrfAhBJVqAHiH+t
IqZDglRjXwbm6yDSPIHASLUOP+qA6bXWNAA5vZptw/G+EhnsgZF6TGZWmVZ2mPww
OvYuy2Prat/tJXXSx3NV4MpTjSmwhtNQUGl1AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU05+xR1fQ9mmTb97WbhahCtKhYJ8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzA1LXhSMWZROW1tVGI5
N1diaGFoQ3RLaFlKOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAh0edAR3whRVK270MFOTHiZoixfJ80Bmd
SCpDe7vblXOebHiEIb3dtpzcHrhz106jQ6NSJ567Z8pdjobME8ScC3SPzEmifQBx
0HsFYOdQjHmN2SPp+aSgB3nQZZiQ8HKsBR/JWQ4uH2UdSLNLVRXELOQn7MtbgQnd
dndlMxsUF1/7MLPua+3UJ2Q/Fsu++Wm6sTWapbR0gs3wNkmOiAcBHpoSpv5wjg8j
KjgvBjUl/dy8khYT0lGMuwYVP7VVj8niE6HYi9hE5jBF47dx5eRbnOr6JbsPWnbJ
EX1duSROZ5h7ehwLk8Q27lLgk6ODig/vzuRZdfYWqoS8EaCRCkUMFA==
-----END CERTIFICATE-----
Generated at Sat May 17 21:25:56 2025 by rpki-client