Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4E3FkvGRMyy0-qGevkJrgFWjhUE.roa
File: 4E3FkvGRMyy0-qGevkJrgFWjhUE.roa (raw, json)
Hash identifier: 5IE2Y2w1QmcbSy1gZw+lerU/d9tQ0T36PYtgcLGrlOQ=
Subject key identifier: E0:4D:C5:92:F1:91:33:2C:B4:FA:A1:9E:BE:42:6B:80:55:A3:85:41
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5616
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4E3FkvGRMyy0-qGevkJrgFWjhUE.roa
Signing time: Mon 13 May 2024 08:54:25 +0000
ROA not before: Mon 13 May 2024 08:54:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22038 (0x5616)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 08:54:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E04DC592F191332CB4FAA19EBE426B8055A38541
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:e2:4e:ed:64:83:d5:7b:32:5a:ee:a9:48:11:
4b:33:8a:39:d1:6b:13:75:e5:69:3d:b8:5a:f3:76:
7e:59:c8:a9:2e:83:c2:ee:77:aa:30:f3:f4:b6:98:
6a:98:dd:a5:57:24:c7:de:f7:09:8b:b9:5a:d0:44:
37:62:cf:c0:a8:ce:13:c5:3b:9f:f6:5f:78:bd:c4:
d8:8c:2a:3c:e7:1f:7a:a1:28:09:b5:8f:15:9b:e1:
ad:7b:78:06:1a:45:db:e0:22:84:c3:40:06:30:7f:
08:28:3f:f2:9d:ee:04:81:af:ef:bd:ce:53:b2:d1:
04:09:a6:a1:2d:a7:d9:cd:c6:ce:aa:f5:32:ea:5a:
51:73:44:b1:9e:14:2c:45:86:43:3a:4e:17:a9:2a:
99:04:50:b5:f4:6c:9f:c1:ed:4e:82:49:8e:00:d1:
6b:bc:70:52:4b:53:7f:c5:ed:d9:a3:55:c6:85:c2:
9e:65:e1:f3:3b:ea:e0:a6:a0:6d:5e:ae:f1:81:1d:
e6:bb:c8:09:e2:93:ee:1c:85:58:cf:83:e2:7b:50:
67:66:e8:6b:16:a1:94:a1:23:e1:76:af:37:34:18:
fd:29:2c:71:c5:21:2d:49:63:93:71:b2:a3:5f:8a:
42:b0:4a:40:be:11:7c:ff:a4:7d:93:c7:90:d8:e0:
17:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:4D:C5:92:F1:91:33:2C:B4:FA:A1:9E:BE:42:6B:80:55:A3:85:41
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4E3FkvGRMyy0-qGevkJrgFWjhUE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
67:78:a4:2f:65:03:e0:56:31:87:b3:77:8d:0f:60:79:bd:66:
af:e7:c3:0d:81:13:f3:bf:d0:70:5b:fb:85:48:94:fe:5f:ab:
b5:8e:c5:94:d3:c5:80:f9:1d:70:eb:88:f5:48:99:19:da:dd:
ff:69:7d:9b:6c:3b:16:90:69:fd:2c:42:ee:13:fb:2a:e7:a9:
34:dd:60:48:75:0e:28:48:02:27:93:78:0e:d4:74:ea:3c:dc:
83:e7:6a:93:0b:07:3b:cc:c7:71:8b:fd:ca:ab:c3:c5:86:3f:
97:66:07:f8:87:2a:52:8a:24:ca:57:6f:81:c8:d1:52:1b:b6:
03:52:d5:09:4a:ff:b3:5e:37:d4:39:b0:18:e3:f4:70:ad:a4:
59:69:c1:4d:21:89:77:42:22:45:39:7a:dc:c7:5d:1f:c6:c3:
e3:62:42:63:1f:66:48:ab:f5:19:96:ae:be:20:ea:33:b8:92:
02:f2:52:82:a2:6a:55:be:a2:d5:b4:19:44:42:f8:8b:6a:c8:
4a:cc:61:cd:6f:3d:26:ab:20:f1:81:47:0d:2d:f0:9e:32:b5:
e2:ed:94:72:e6:1c:69:87:2c:65:53:14:f6:1d:81:32:09:63:
b9:0a:1b:61:5a:1e:a5:8c:fd:9b:13:07:48:85:24:71:e7:62:
86:57:28:ae
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVhYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMw
ODU0MjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUwNERDNTkyRjE5MTMz
MkNCNEZBQTE5RUJFNDI2QjgwNTVBMzg1NDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC64k7tZIPVezJa7qlIEUszijnRaxN15Wk9uFrzdn5ZyKkug8Lu
d6ow8/S2mGqY3aVXJMfe9wmLuVrQRDdiz8CozhPFO5/2X3i9xNiMKjznH3qhKAm1
jxWb4a17eAYaRdvgIoTDQAYwfwgoP/Kd7gSBr++9zlOy0QQJpqEtp9nNxs6q9TLq
WlFzRLGeFCxFhkM6ThepKpkEULX0bJ/B7U6CSY4A0Wu8cFJLU3/F7dmjVcaFwp5l
4fM76uCmoG1ervGBHea7yAnik+4chVjPg+J7UGdm6GsWoZShI+F2rzc0GP0pLHHF
IS1JY5NxsqNfikKwSkC+EXz/pH2Tx5DY4BehAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU4E3FkvGRMyy0+qGevkJrgFWjhUEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRFM0ZrdkdSTXl5MC1x
R2V2a0pyZ0ZXamhVRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAZ3ikL2UD4FYxh7N3jQ9geb1mr+fDDYET
87/QcFv7hUiU/l+rtY7FlNPFgPkdcOuI9UiZGdrd/2l9m2w7FpBp/SxC7hP7Kuep
NN1gSHUOKEgCJ5N4DtR06jzcg+dqkwsHO8zHcYv9yqvDxYY/l2YH+IcqUookyldv
gcjRUhu2A1LVCUr/s1431DmwGOP0cK2kWWnBTSGJd0IiRTl63MddH8bD42JCYx9m
SKv1GZauviDqM7iSAvJSgqJqVb6i1bQZREL4i2rISsxhzW89Jqsg8YFHDS3wnjK1
4u2UcuYcaYcsZVMU9h2BMgljuQobYVoepYz9mxMHSIUkcedihlcorg==
-----END CERTIFICATE-----
Generated at Sat May 17 21:00:45 2025 by rpki-client