Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/517uzuhuMrn9GzyRZF7ivDJzv0k.roa
File: 517uzuhuMrn9GzyRZF7ivDJzv0k.roa (raw, json)
Hash identifier: om1oamG9dTzSiAcQfzuDDf0M9PyeamhuUVGpQIvJ/ms=
Subject key identifier: E7:5E:EE:CE:E8:6E:32:B9:FD:1B:3C:91:64:5E:E2:BC:32:73:BF:49
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 348E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/517uzuhuMrn9GzyRZF7ivDJzv0k.roa
Signing time: Fri 29 Mar 2024 15:52:05 +0000
ROA not before: Fri 29 Mar 2024 15:52:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13454 (0x348e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 15:52:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E75EEECEE86E32B9FD1B3C91645EE2BC3273BF49
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:87:bb:42:4d:29:ee:92:b8:ce:50:38:54:d9:
62:27:ec:e7:bc:06:5a:a5:0b:43:62:61:a3:6b:03:
ee:7d:06:76:63:54:28:9b:30:3e:01:2c:c4:72:a2:
7f:1e:be:3c:49:bb:bf:63:4c:b3:4b:bc:52:fa:65:
80:13:81:68:b0:34:76:d6:7d:29:72:4b:79:ff:b2:
f6:80:36:43:72:64:79:f8:c0:ec:67:14:a9:d0:83:
a7:46:68:52:94:75:15:a1:b5:a3:e0:96:15:30:58:
8d:55:7b:90:76:c3:ee:5c:13:f8:39:00:ed:b1:a6:
ff:42:0c:d9:3e:19:a6:83:26:96:96:06:03:e0:24:
ec:c1:ac:6b:4a:6b:a6:ca:db:4f:db:84:db:b7:c4:
fb:bf:d3:ab:2d:19:f3:be:22:83:96:77:90:94:f4:
68:31:7b:dd:58:65:4e:ad:d5:d9:84:7c:0c:ba:d7:
48:e0:ff:5d:ba:ea:cd:21:bc:4b:00:00:0a:e7:a1:
c7:5b:62:05:7d:0a:0b:36:d7:4a:1d:27:6c:08:e9:
60:97:58:10:27:4d:a0:1d:54:aa:00:d5:af:8a:b8:
56:56:07:d5:e2:c6:7a:0e:be:98:5c:7c:14:9e:62:
e9:5a:55:c5:16:9a:5a:ba:48:ec:d9:c6:ee:57:c0:
9d:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:5E:EE:CE:E8:6E:32:B9:FD:1B:3C:91:64:5E:E2:BC:32:73:BF:49
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/517uzuhuMrn9GzyRZF7ivDJzv0k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
10:a8:0b:2c:f3:97:75:af:bf:5a:10:2b:d3:a3:87:d7:20:87:
8f:35:70:78:bd:d2:72:d3:7d:03:6e:3e:2e:ed:d7:90:bb:77:
e0:65:4e:06:d3:4d:e4:6e:c5:fe:1b:5b:3d:9a:92:be:b9:4a:
01:5b:02:65:e3:ad:86:c6:2b:5c:a8:bb:50:0e:a3:0b:e6:24:
2b:02:34:52:93:a6:74:bd:3d:5a:b8:86:aa:65:b4:06:45:6a:
3d:3c:f4:2b:b8:2d:a6:9e:35:d7:f2:cb:78:f6:01:ad:43:0d:
77:2b:35:a0:7f:cd:7f:16:97:bf:07:ae:fa:70:ea:ca:75:d9:
f2:e2:cb:df:53:bb:c2:85:f6:50:e6:df:bb:f8:d8:4a:7c:91:
7e:95:27:98:b3:82:ea:c3:74:14:9f:a2:d4:0c:f1:ff:69:57:
a5:f7:0d:ea:4b:bb:ea:9d:75:c8:74:0b:6b:59:0a:13:f2:d5:
9a:0f:13:bf:e9:d8:cf:7a:ee:03:e5:5d:bb:bd:d0:4a:3d:01:
61:09:8e:f6:b3:fa:e1:2e:02:7f:2c:01:a8:28:a4:72:6c:8d:
26:ab:71:c2:d3:b0:cd:2d:34:7a:f9:6e:84:c5:36:bd:b1:53:
2b:cd:f2:48:22:43:6b:8b:02:c2:17:4c:8c:af:0a:e7:47:64:
4b:01:70:66
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNI4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkx
NTUyMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU3NUVFRUNFRTg2RTMy
QjlGRDFCM0M5MTY0NUVFMkJDMzI3M0JGNDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDwh7tCTSnukrjOUDhU2WIn7Oe8BlqlC0NiYaNrA+59BnZjVCib
MD4BLMRyon8evjxJu79jTLNLvFL6ZYATgWiwNHbWfSlyS3n/svaANkNyZHn4wOxn
FKnQg6dGaFKUdRWhtaPglhUwWI1Ve5B2w+5cE/g5AO2xpv9CDNk+GaaDJpaWBgPg
JOzBrGtKa6bK20/bhNu3xPu/06stGfO+IoOWd5CU9Ggxe91YZU6t1dmEfAy610jg
/1266s0hvEsAAArnocdbYgV9Cgs210odJ2wI6WCXWBAnTaAdVKoA1a+KuFZWB9Xi
xnoOvphcfBSeYulaVcUWmlq6SOzZxu5XwJ1HAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU517uzuhuMrn9GzyRZF7ivDJzv0kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzUxN3V6dWh1TXJuOUd6
eVJaRjdpdkRKenYway5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAEKgLLPOXda+/WhAr06OH1yCHjzVweL3S
ctN9A24+Lu3XkLt34GVOBtNN5G7F/htbPZqSvrlKAVsCZeOthsYrXKi7UA6jC+Yk
KwI0UpOmdL09WriGqmW0BkVqPTz0K7gtpp411/LLePYBrUMNdys1oH/NfxaXvweu
+nDqynXZ8uLL31O7woX2UObfu/jYSnyRfpUnmLOC6sN0FJ+i1Azx/2lXpfcN6ku7
6p11yHQLa1kKE/LVmg8Tv+nYz3ruA+Vdu73QSj0BYQmO9rP64S4CfywBqCikcmyN
JqtxwtOwzS00evluhMU2vbFTK83ySCJDa4sCwhdMjK8K50dkSwFwZg==
-----END CERTIFICATE-----
Generated at Sun May 18 09:13:37 2025 by rpki-client