Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1bz0SOEHTUceulN4uTqzW_f3US4.roa
File: 1bz0SOEHTUceulN4uTqzW_f3US4.roa (raw, json)
Hash identifier: n5vrjhKWMUliZg/w3+/+jtcV5nFNp1yFTGfeiXRfc30=
Subject key identifier: D5:BC:F4:48:E1:07:4D:47:1E:BA:53:78:B9:3A:B3:5B:F7:F7:51:2E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DDA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1bz0SOEHTUceulN4uTqzW_f3US4.roa
Signing time: Thu 02 May 2024 09:24:01 +0000
ROA not before: Thu 02 May 2024 09:24:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19930 (0x4dda)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 09:24:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D5BCF448E1074D471EBA5378B93AB35BF7F7512E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:74:dd:c1:bb:1b:18:67:bb:06:01:19:68:0d:
27:52:ec:e5:42:91:06:1f:31:19:94:19:15:2c:f3:
d3:bd:d1:08:59:57:94:93:b4:3a:3d:a1:71:de:39:
e8:6e:30:9a:e8:cd:d3:47:a2:90:03:1b:7b:cb:30:
ea:99:44:c4:22:f0:72:42:a9:53:10:63:47:c0:91:
7f:16:76:ea:ac:aa:22:3e:bb:b8:cc:de:a2:ba:00:
34:9e:41:eb:2f:51:df:fd:ba:15:ac:60:24:86:a7:
b5:09:59:6c:f4:76:3e:ec:a6:8e:e2:6a:98:ee:7c:
26:11:dd:99:03:7c:dc:9a:1e:87:04:e9:d3:e3:10:
ef:26:35:90:67:eb:99:c7:eb:05:a3:a3:06:24:6d:
4d:cf:ae:ae:23:7b:d4:9f:33:18:63:49:8c:b2:74:
88:18:a9:bb:61:94:c2:20:4b:29:d1:14:3d:7b:c5:
c8:5c:e2:23:b3:04:6e:aa:8c:b6:df:7f:da:10:29:
88:8b:e6:77:24:3d:cf:5d:04:cb:d0:39:83:99:66:
51:13:1a:d6:95:85:60:34:65:7a:c5:08:4e:a8:54:
47:c9:ff:b8:43:e6:94:27:d5:bb:5d:c9:46:e9:43:
63:d8:00:9d:e8:41:26:41:ec:37:c8:db:b9:b7:e4:
8e:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:BC:F4:48:E1:07:4D:47:1E:BA:53:78:B9:3A:B3:5B:F7:F7:51:2E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1bz0SOEHTUceulN4uTqzW_f3US4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7e:e3:03:bc:e7:c5:f2:ef:5e:88:99:91:2b:2a:fe:b9:43:d6:
37:d5:44:36:6f:90:91:0d:35:cb:1d:66:f9:7b:2d:6c:7f:26:
a3:ac:f2:9b:0b:e5:0e:f7:69:0d:24:0a:0f:0b:a8:24:83:f5:
af:20:f6:5b:58:46:1f:72:14:68:b0:b6:50:eb:df:20:0b:8d:
98:d0:a9:c3:bf:73:f3:4e:30:d9:e7:22:53:da:eb:36:8f:9f:
30:90:32:1a:c3:2b:56:f8:0a:e1:bd:ba:50:01:81:ff:5a:e4:
07:8d:3d:47:33:9e:7b:1b:ed:af:4e:d9:cb:7f:53:e3:53:a0:
b3:3b:46:3a:89:07:3a:63:96:5e:2d:91:53:cf:92:11:9f:32:
46:83:f9:bb:b8:3e:de:80:1f:55:d8:ce:37:51:9e:7e:a4:50:
c1:65:8c:3c:22:d1:3b:af:d7:86:4c:47:6d:4f:b4:b8:0f:d6:
1b:45:58:b9:9e:be:e0:9a:d2:80:ad:d9:30:73:d5:f7:ad:99:
1c:ca:d1:d0:d6:87:e7:c0:b0:4c:fa:4f:ed:18:f9:17:ad:8f:
76:ef:4d:7e:4a:af:03:a2:d6:52:d1:f4:f2:06:cc:cf:a3:15:
ff:38:39:f8:3b:02:9d:18:fa:ff:0f:c3:a2:ec:c7:4d:d2:29:
a0:0f:28:90
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTdowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
OTI0MDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ1QkNGNDQ4RTEwNzRE
NDcxRUJBNTM3OEI5M0FCMzVCRjdGNzUxMkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqdN3BuxsYZ7sGARloDSdS7OVCkQYfMRmUGRUs89O90QhZV5ST
tDo9oXHeOehuMJrozdNHopADG3vLMOqZRMQi8HJCqVMQY0fAkX8WduqsqiI+u7jM
3qK6ADSeQesvUd/9uhWsYCSGp7UJWWz0dj7spo7iapjufCYR3ZkDfNyaHocE6dPj
EO8mNZBn65nH6wWjowYkbU3Prq4je9SfMxhjSYyydIgYqbthlMIgSynRFD17xchc
4iOzBG6qjLbff9oQKYiL5nckPc9dBMvQOYOZZlETGtaVhWA0ZXrFCE6oVEfJ/7hD
5pQn1btdyUbpQ2PYAJ3oQSZB7DfI27m35I7xAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU1bz0SOEHTUceulN4uTqzW/f3US4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFiejBTT0VIVFVjZXVs
TjR1VHF6V19mM1VTNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAfuMDvOfF8u9eiJmRKyr+uUPWN9VENm+Q
kQ01yx1m+XstbH8mo6zymwvlDvdpDSQKDwuoJIP1ryD2W1hGH3IUaLC2UOvfIAuN
mNCpw79z804w2eciU9rrNo+fMJAyGsMrVvgK4b26UAGB/1rkB409RzOeexvtr07Z
y39T41OgsztGOokHOmOWXi2RU8+SEZ8yRoP5u7g+3oAfVdjON1GefqRQwWWMPCLR
O6/XhkxHbU+0uA/WG0VYuZ6+4JrSgK3ZMHPV962ZHMrR0NaH58CwTPpP7Rj5F62P
du9NfkqvA6LWUtH08gbMz6MV/zg5+DsCnRj6/w/DouzHTdIpoA8okA==
-----END CERTIFICATE-----
Generated at Sat May 17 19:48:53 2025 by rpki-client