Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1QC08g-dkPwLvl53f_G7Npw8Zw0.roa
File: 1QC08g-dkPwLvl53f_G7Npw8Zw0.roa (raw, json)
Hash identifier: 9Rb7+Y5D2FKx7M9wnqYUUFUYSBwKt8hg4DOK4JT4uBI=
Subject key identifier: D5:00:B4:F2:0F:9D:90:FC:0B:BE:5E:77:7F:F1:BB:36:9C:3C:67:0D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 531A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1QC08g-dkPwLvl53f_G7Npw8Zw0.roa
Signing time: Thu 09 May 2024 09:24:01 +0000
ROA not before: Thu 09 May 2024 09:24:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21274 (0x531a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 09:24:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D500B4F20F9D90FC0BBE5E777FF1BB369C3C670D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:ee:7f:43:41:d6:40:a4:80:68:ff:a5:b6:7a:
f7:18:01:20:9b:74:07:b2:d5:d5:c9:7b:9d:d1:e6:
a4:51:ce:15:2d:08:5b:23:01:fe:d5:0d:67:65:ba:
f7:66:35:0c:4d:21:25:84:e1:3b:3c:bc:d8:d7:25:
48:5d:26:86:0c:fb:b3:1c:f6:3a:27:20:a1:ce:af:
ed:d1:07:00:59:b4:06:25:fe:f5:9e:b9:1d:eb:29:
03:5e:02:d8:9b:db:ce:06:ec:75:4b:a6:b2:f2:f5:
51:47:71:8f:07:eb:ea:4a:dd:94:50:50:29:c6:6a:
ea:67:9f:78:10:8a:15:49:4d:0e:5b:0e:f2:17:13:
ca:5b:7f:1a:ca:aa:c4:48:9d:12:a3:4e:96:66:a0:
0c:07:72:54:99:f2:67:cb:f0:a5:7b:23:0d:5f:aa:
32:fd:45:43:20:3e:95:92:55:0e:a6:6a:61:0d:8b:
2c:30:88:00:d0:70:e1:f3:0e:66:d6:7b:67:72:da:
af:17:74:aa:2e:93:de:9d:36:30:1a:39:13:d7:0c:
70:dd:df:81:8a:6a:4c:e8:3e:79:e9:f7:5e:c5:ad:
dc:b7:8d:aa:da:01:33:ca:43:9c:3d:39:8a:3c:bf:
32:ce:0c:f1:d6:67:f5:dd:9e:7b:2c:6d:8d:37:73:
2d:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:00:B4:F2:0F:9D:90:FC:0B:BE:5E:77:7F:F1:BB:36:9C:3C:67:0D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1QC08g-dkPwLvl53f_G7Npw8Zw0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
64:8b:8e:f6:bf:fc:33:60:f9:76:9d:c8:94:00:85:84:21:7b:
c7:b4:a0:42:35:71:1d:d7:10:95:53:3f:f9:74:fe:14:de:67:
c3:ff:2e:97:c1:00:82:c5:6a:d0:a1:97:d1:13:4a:46:47:cd:
82:7c:bd:30:73:f0:fc:aa:43:8c:4d:1d:46:2e:2a:37:fb:46:
55:01:ec:0f:5b:32:e8:e9:38:cb:17:b5:4f:12:7d:7e:cf:33:
0f:bd:d2:da:51:d9:58:cf:9b:02:82:f0:0d:77:86:b2:0c:bd:
5c:11:78:7f:c1:79:53:c5:73:58:fe:09:13:97:84:97:74:1b:
f1:b2:53:3f:f8:28:3c:d4:ec:9a:ca:d9:0a:b5:05:bd:21:fe:
01:ec:14:f8:df:2a:5a:01:70:89:0c:1c:09:57:5b:19:ff:17:
db:71:d7:ea:bb:90:0e:83:a9:b1:3c:be:93:db:c9:ca:21:fc:
47:4c:5a:ba:5b:3f:c3:e9:c7:0f:3a:bd:4e:ee:cf:3e:1a:aa:
17:20:f7:a8:51:cb:2a:79:b6:16:d1:2b:ea:9b:47:db:db:69:
2d:87:4f:42:90:16:95:44:d7:95:55:1e:4a:1f:bd:1f:d3:bd:
25:ca:ed:49:f6:d7:27:b5:4c:3b:c6:f0:70:62:6a:9e:56:8a:
2f:e1:8a:ee
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICUxowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDkw
OTI0MDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ1MDBCNEYyMEY5RDkw
RkMwQkJFNUU3NzdGRjFCQjM2OUMzQzY3MEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDE7n9DQdZApIBo/6W2evcYASCbdAey1dXJe53R5qRRzhUtCFsj
Af7VDWdluvdmNQxNISWE4Ts8vNjXJUhdJoYM+7Mc9jonIKHOr+3RBwBZtAYl/vWe
uR3rKQNeAtib284G7HVLprLy9VFHcY8H6+pK3ZRQUCnGaupnn3gQihVJTQ5bDvIX
E8pbfxrKqsRInRKjTpZmoAwHclSZ8mfL8KV7Iw1fqjL9RUMgPpWSVQ6mamENiyww
iADQcOHzDmbWe2dy2q8XdKouk96dNjAaORPXDHDd34GKakzoPnnp917Frdy3jara
ATPKQ5w9OYo8vzLODPHWZ/XdnnssbY03cy3bAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU1QC08g+dkPwLvl53f/G7Npw8Zw0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFRQzA4Zy1ka1B3THZs
NTNmX0c3TnB3OFp3MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAZIuO9r/8M2D5dp3IlACFhCF7x7SgQjVx
HdcQlVM/+XT+FN5nw/8ul8EAgsVq0KGX0RNKRkfNgny9MHPw/KpDjE0dRi4qN/tG
VQHsD1sy6Ok4yxe1TxJ9fs8zD73S2lHZWM+bAoLwDXeGsgy9XBF4f8F5U8VzWP4J
E5eEl3Qb8bJTP/goPNTsmsrZCrUFvSH+AewU+N8qWgFwiQwcCVdbGf8X23HX6ruQ
DoOpsTy+k9vJyiH8R0xauls/w+nHDzq9Tu7PPhqqFyD3qFHLKnm2FtEr6ptH29tp
LYdPQpAWlUTXlVUeSh+9H9O9JcrtSfbXJ7VMO8bwcGJqnlaKL+GK7g==
-----END CERTIFICATE-----
Generated at Sun May 18 02:01:42 2025 by rpki-client