Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3ygskEcAFVLUv-sFWFlsdrZ5T4Q.roa
File: 3ygskEcAFVLUv-sFWFlsdrZ5T4Q.roa (raw, json)
Hash identifier: bq7wfdX0J/XsKWcrvnO8AeeqvlVN6WpqmDdT64YvRrQ=
Subject key identifier: DF:28:2C:90:47:00:15:52:D4:BF:EB:05:58:59:6C:76:B6:79:4F:84
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3BEA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3ygskEcAFVLUv-sFWFlsdrZ5T4Q.roa
Signing time: Mon 08 Apr 2024 11:22:34 +0000
ROA not before: Mon 08 Apr 2024 11:22:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15338 (0x3bea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 11:22:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DF282C9047001552D4BFEB0558596C76B6794F84
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:5f:05:bb:b3:2e:d7:5c:c3:68:0a:eb:05:eb:
10:8c:6a:92:f1:40:f6:b8:d2:09:36:0a:3d:cc:fb:
52:5b:f0:15:38:3d:6b:ae:94:cb:e0:45:32:dd:e5:
16:95:57:68:4a:90:bd:1a:83:55:a3:57:7c:87:33:
6d:dc:0e:19:55:13:f0:e8:db:b2:d1:ce:33:1e:98:
89:d2:c5:cd:47:86:ee:da:fc:83:ab:5d:71:7d:fb:
4e:92:81:6d:2a:94:5a:61:55:10:ea:1b:77:f1:60:
84:76:c9:61:d0:80:ca:3e:bf:30:fc:2a:76:57:d2:
15:85:cc:48:8d:58:c0:0d:ae:e3:97:c5:ef:23:58:
79:1e:cc:16:23:7c:27:26:d7:bd:7b:c0:b9:29:e0:
52:17:f8:1c:01:84:58:06:c3:3a:1c:9e:10:09:18:
6b:89:92:5a:9b:8d:e0:6a:b6:bb:20:21:c5:eb:94:
87:e8:2a:e1:9e:5e:12:0a:1f:2f:a4:3e:a5:16:31:
3c:ce:14:a5:c2:bb:bf:e9:4e:3b:92:42:87:5b:4f:
fb:23:c3:ae:63:f5:34:d3:89:5f:af:3c:4d:e9:0f:
d6:fd:eb:6c:e5:25:54:e8:53:ca:a3:c0:4a:e4:62:
30:38:68:eb:80:08:39:a4:b2:27:25:c5:9c:fb:32:
28:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:28:2C:90:47:00:15:52:D4:BF:EB:05:58:59:6C:76:B6:79:4F:84
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3ygskEcAFVLUv-sFWFlsdrZ5T4Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a9:39:db:1c:51:be:e6:9a:b7:91:c3:38:4c:b2:fa:ca:2f:3c:
d7:c2:9d:9c:d3:42:bb:3a:0f:46:23:c4:3b:8f:ae:f4:e4:39:
74:64:de:e6:fb:04:07:17:31:b1:55:db:73:92:b4:c1:3e:1b:
40:4c:1e:88:da:c2:92:12:4c:4a:44:66:7a:bf:ed:f7:e1:95:
a3:3f:82:a8:c2:07:2f:db:cc:bd:3d:21:ff:30:49:16:83:68:
52:9c:b8:ac:23:8e:a2:e6:b3:02:21:ec:e9:0a:41:39:32:02:
59:27:a9:89:d6:61:f3:50:56:d0:69:e3:95:cb:e0:ba:6e:1b:
28:e4:d7:e2:04:82:9a:af:fe:08:c5:88:06:e8:6b:4c:e1:fb:
7e:ef:47:1c:c5:46:4e:86:b6:26:17:f7:84:a6:ab:12:35:28:
82:74:4c:42:55:96:fa:de:5e:5c:cd:b4:76:2c:df:88:08:6f:
db:85:d9:cb:bf:10:e5:37:c2:6a:69:2b:79:4b:ca:c1:d1:c8:
5e:67:8f:85:09:8c:db:92:ec:97:e4:34:f3:bc:17:b7:ac:a9:
e2:49:29:83:89:ad:1e:a5:53:40:30:54:8f:26:f9:da:46:28:
2b:68:3c:cd:d6:06:4e:0d:76:e6:a9:6b:60:2e:c4:42:ac:bf:
08:03:33:2d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICO+owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgx
MTIyMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERGMjgyQzkwNDcwMDE1
NTJENEJGRUIwNTU4NTk2Qzc2QjY3OTRGODQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWXwW7sy7XXMNoCusF6xCMapLxQPa40gk2Cj3M+1Jb8BU4PWuu
lMvgRTLd5RaVV2hKkL0ag1WjV3yHM23cDhlVE/Do27LRzjMemInSxc1Hhu7a/IOr
XXF9+06SgW0qlFphVRDqG3fxYIR2yWHQgMo+vzD8KnZX0hWFzEiNWMANruOXxe8j
WHkezBYjfCcm1717wLkp4FIX+BwBhFgGwzocnhAJGGuJklqbjeBqtrsgIcXrlIfo
KuGeXhIKHy+kPqUWMTzOFKXCu7/pTjuSQodbT/sjw65j9TTTiV+vPE3pD9b962zl
JVToU8qjwErkYjA4aOuACDmksiclxZz7Mih3AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU3ygskEcAFVLUv+sFWFlsdrZ5T4QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzN5Z3NrRWNBRlZMVXYt
c0ZXRmxzZHJaNVQ0US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAqTnbHFG+5pq3kcM4TLL6yi8818KdnNNC
uzoPRiPEO4+u9OQ5dGTe5vsEBxcxsVXbc5K0wT4bQEweiNrCkhJMSkRmer/t9+GV
oz+CqMIHL9vMvT0h/zBJFoNoUpy4rCOOouazAiHs6QpBOTICWSepidZh81BW0Gnj
lcvgum4bKOTX4gSCmq/+CMWIBuhrTOH7fu9HHMVGToa2Jhf3hKarEjUognRMQlWW
+t5eXM20dizfiAhv24XZy78Q5TfCamkreUvKwdHIXmePhQmM25Lsl+Q087wXt6yp
4kkpg4mtHqVTQDBUjyb52kYoK2g8zdYGTg125qlrYC7EQqy/CAMzLQ==
-----END CERTIFICATE-----
Generated at Sun May 18 02:11:38 2025 by rpki-client