Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0f-bxn0FBndnpAWIAwhQnOa9CYY.roa
File: 0f-bxn0FBndnpAWIAwhQnOa9CYY.roa (raw, json)
Hash identifier: mMrsxr83Cr0fvzr1fJ3G8EZRGoRxLYhikdwfc4Mjejs=
Subject key identifier: D1:FF:9B:C6:7D:05:06:77:67:A4:05:88:03:08:50:9C:E6:BD:09:86
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A76
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0f-bxn0FBndnpAWIAwhQnOa9CYY.roa
Signing time: Sat 27 Apr 2024 20:53:25 +0000
ROA not before: Sat 27 Apr 2024 20:53:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19062 (0x4a76)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 20:53:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D1FF9BC67D05067767A405880308509CE6BD0986
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:fa:63:87:01:ef:6b:c7:8d:0b:9e:37:41:b7:
84:6d:20:f5:34:10:f2:75:3b:71:c7:1e:bb:86:21:
98:e0:5b:61:be:7d:63:fa:47:0a:f9:cc:58:2f:1b:
cd:0e:a2:08:ea:ed:34:b0:3c:0b:9b:bc:6c:34:cb:
e3:4a:7f:27:c5:e0:b5:bf:15:30:43:48:9d:5a:61:
c2:ea:f0:bc:80:26:68:d5:49:b5:ad:ef:cb:8f:90:
31:ff:74:c1:0b:8f:c3:46:f3:f8:b5:da:22:80:24:
6b:8c:68:01:cb:d4:ad:6a:c9:30:8a:fd:08:0e:30:
6f:23:b7:bc:36:5f:86:39:d7:70:a9:c9:5f:31:94:
10:9d:78:ee:bf:4f:6a:01:dd:6a:ae:98:29:7b:be:
d1:6e:6e:d3:37:10:46:95:15:4a:4e:5c:6d:84:5f:
fc:b5:e6:59:35:6c:f6:e2:78:cf:ac:0e:dd:ae:60:
35:a8:ef:a5:80:a3:d5:ca:ba:f8:fb:a0:75:c3:e7:
8e:08:1e:f9:24:98:2f:37:8d:fa:75:f0:28:69:61:
02:c3:93:6d:6c:35:83:cf:c1:c8:f7:75:6f:5d:72:
77:a0:31:ed:18:be:36:63:db:7f:3d:dd:f6:1d:04:
bf:40:49:c6:3f:d4:20:ca:3f:12:8c:3c:87:72:43:
60:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:FF:9B:C6:7D:05:06:77:67:A4:05:88:03:08:50:9C:E6:BD:09:86
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0f-bxn0FBndnpAWIAwhQnOa9CYY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a4:7e:2a:56:09:64:35:a1:d3:16:7f:5e:53:84:c8:0b:e7:be:
88:fb:61:6f:95:f3:fb:2b:f5:5a:18:f1:f7:df:91:3c:79:a7:
e1:5c:de:bf:a3:b5:d8:23:fd:e7:76:25:4e:81:95:0c:78:25:
9a:07:ef:f6:e3:4c:af:37:d6:a1:3e:b3:94:34:99:78:fe:f6:
55:be:21:e3:ed:51:1a:ff:a3:cc:a3:e5:9a:58:12:bc:5b:4f:
4b:61:8f:b2:0c:c4:39:3e:08:fc:8e:38:69:64:cb:83:7c:ff:
b8:c0:c5:73:40:d1:d7:c1:d5:09:2a:f3:e6:37:7d:ef:49:95:
ea:60:25:18:df:37:c7:f8:cf:81:d4:af:fd:38:a9:e1:11:44:
9e:8d:b1:19:2f:4b:c0:46:35:af:12:bd:53:54:41:87:71:cb:
8f:86:c3:0e:2f:f5:f6:13:1b:8d:aa:aa:cf:ed:5f:55:cd:74:
e9:ef:70:d1:9a:74:66:d3:0f:c8:2d:f1:e5:8a:51:50:f2:2e:
4d:53:8e:ec:ae:61:9f:b3:87:d4:80:0d:77:d9:8d:22:85:61:
01:2b:2e:e6:d1:7c:33:46:5e:45:c8:09:c1:68:ae:cd:64:67:
28:68:27:59:99:fc:9d:cf:39:de:7e:07:87:c9:e5:62:63:be:
b8:5f:f6:57
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSnYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcy
MDUzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQxRkY5QkM2N0QwNTA2
Nzc2N0E0MDU4ODAzMDg1MDlDRTZCRDA5ODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDI+mOHAe9rx40LnjdBt4RtIPU0EPJ1O3HHHruGIZjgW2G+fWP6
Rwr5zFgvG80Oogjq7TSwPAubvGw0y+NKfyfF4LW/FTBDSJ1aYcLq8LyAJmjVSbWt
78uPkDH/dMELj8NG8/i12iKAJGuMaAHL1K1qyTCK/QgOMG8jt7w2X4Y513CpyV8x
lBCdeO6/T2oB3WqumCl7vtFubtM3EEaVFUpOXG2EX/y15lk1bPbieM+sDt2uYDWo
76WAo9XKuvj7oHXD544IHvkkmC83jfp18ChpYQLDk21sNYPPwcj3dW9dcnegMe0Y
vjZj23893fYdBL9AScY/1CDKPxKMPIdyQ2BlAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU0f+bxn0FBndnpAWIAwhQnOa9CYYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBmLWJ4bjBGQm5kbnBB
V0lBd2hRbk9hOUNZWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEApH4qVglkNaHTFn9eU4TIC+e+iPthb5Xz
+yv1Whjx99+RPHmn4Vzev6O12CP953YlToGVDHglmgfv9uNMrzfWoT6zlDSZeP72
Vb4h4+1RGv+jzKPlmlgSvFtPS2GPsgzEOT4I/I44aWTLg3z/uMDFc0DR18HVCSrz
5jd970mV6mAlGN83x/jPgdSv/Tip4RFEno2xGS9LwEY1rxK9U1RBh3HLj4bDDi/1
9hMbjaqqz+1fVc106e9w0Zp0ZtMPyC3x5YpRUPIuTVOO7K5hn7OH1IANd9mNIoVh
ASsu5tF8M0ZeRcgJwWiuzWRnKGgnWZn8nc853n4Hh8nlYmO+uF/2Vw==
-----END CERTIFICATE-----
Generated at Sat May 17 22:39:26 2025 by rpki-client