Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/5MjH8_cbccadhz7z6-YPYVdXSPc.roa
File: 5MjH8_cbccadhz7z6-YPYVdXSPc.roa (raw, json)
Hash identifier: LW3IXk5QoC5IEE3i1AzRX+DWo2U3DRJu9q2WhZqzG2I=
Subject key identifier: E4:C8:C7:F3:F7:1B:71:C6:9D:87:3E:F3:EB:E6:0F:61:57:57:48:F7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57B6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5MjH8_cbccadhz7z6-YPYVdXSPc.roa
Signing time: Wed 15 May 2024 12:54:36 +0000
ROA not before: Wed 15 May 2024 12:54:36 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22454 (0x57b6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 12:54:36 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E4C8C7F3F71B71C69D873EF3EBE60F61575748F7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:6c:f5:a3:5e:cd:92:66:1c:46:06:12:06:1a:
e0:be:52:11:8f:7b:0b:3d:35:31:a5:1e:12:4f:6d:
97:67:2e:39:cd:17:ec:ad:ca:a2:aa:1b:eb:f0:8e:
73:ae:76:a7:2a:1c:5e:a1:41:46:c6:ab:ce:8a:7c:
10:8b:13:db:61:71:15:a2:30:07:6b:48:52:ce:2d:
03:fe:ca:6f:57:37:82:8f:d5:c7:f6:59:38:d4:12:
eb:ca:08:55:82:b1:bf:68:47:c1:ea:7a:7f:cf:83:
16:fa:8e:8a:7e:88:60:30:95:95:80:d5:28:d6:67:
92:f8:7e:07:84:30:d5:3d:4b:8b:41:35:38:78:36:
19:dc:78:31:77:f2:2c:5a:27:6a:fa:4c:ab:af:ce:
0b:1c:2d:a6:6c:06:33:0e:7a:4a:f8:de:fc:7f:af:
84:08:c4:34:95:4f:a5:19:54:69:ba:04:6f:d2:21:
fe:76:5f:d5:23:41:e7:f2:80:25:2d:7d:2d:09:41:
42:27:7f:33:8d:3b:74:62:2b:d4:40:5f:de:a7:4b:
c1:06:a2:35:e7:4a:60:24:b1:a3:7e:47:4c:5c:59:
a8:9a:14:76:ec:eb:d3:9d:38:7f:f3:1a:91:31:f5:
55:df:a0:96:72:96:e9:9f:a4:5c:0b:63:4b:3f:a2:
54:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:C8:C7:F3:F7:1B:71:C6:9D:87:3E:F3:EB:E6:0F:61:57:57:48:F7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5MjH8_cbccadhz7z6-YPYVdXSPc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
37:1b:30:4b:fb:4d:db:82:8d:99:a7:50:3f:e7:e9:1e:8c:19:
f7:64:61:08:8f:9c:08:e5:8b:90:93:6f:0d:c9:7d:0b:91:ae:
a1:d7:58:7e:8c:13:fe:10:7f:52:48:6e:21:40:19:8e:de:13:
31:7d:98:a4:e2:b8:a7:3c:c2:76:1b:5a:c6:1f:23:45:37:06:
30:c3:27:94:43:c4:42:ac:04:b4:ba:cd:92:0d:75:54:b2:cd:
2d:5b:ae:01:76:10:3e:64:d1:9f:e6:83:a7:49:26:92:40:5f:
6c:8b:18:e5:35:fd:c4:f1:96:2f:c9:e8:91:ea:2d:8f:b1:a3:
86:24:63:7a:01:fc:e8:29:4f:8e:89:d1:e1:24:55:8b:06:e4:
f9:f0:59:1c:e1:13:6b:e2:50:e6:4a:23:e7:53:a6:c6:47:44:
32:6e:01:d2:21:1f:8f:70:c1:bf:e6:72:68:db:42:ff:5e:12:
60:47:85:2a:b3:6d:e6:a6:b3:e6:66:2a:8d:ec:50:e8:ff:f7:
26:ef:82:1d:d5:b0:74:90:bd:1b:4d:99:9a:b6:19:0f:d0:cf:
20:89:65:c6:de:45:c2:45:86:23:76:34:09:52:06:32:a2:d7:
b3:bf:f5:00:64:8c:8e:5d:7e:68:20:47:43:ab:40:9c:6c:78:
ee:93:4c:f2
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICV7YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUx
MjU0MzZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU0QzhDN0YzRjcxQjcx
QzY5RDg3M0VGM0VCRTYwRjYxNTc1NzQ4RjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCsbPWjXs2SZhxGBhIGGuC+UhGPews9NTGlHhJPbZdnLjnNF+yt
yqKqG+vwjnOudqcqHF6hQUbGq86KfBCLE9thcRWiMAdrSFLOLQP+ym9XN4KP1cf2
WTjUEuvKCFWCsb9oR8Hqen/Pgxb6jop+iGAwlZWA1SjWZ5L4fgeEMNU9S4tBNTh4
NhnceDF38ixaJ2r6TKuvzgscLaZsBjMOekr43vx/r4QIxDSVT6UZVGm6BG/SIf52
X9UjQefygCUtfS0JQUInfzONO3RiK9RAX96nS8EGojXnSmAksaN+R0xcWaiaFHbs
69OdOH/zGpEx9VXfoJZylumfpFwLY0s/olSLAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU5MjH8/cbccadhz7z6+YPYVdXSPcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzVNakg4X2NiY2NhZGh6
N3o2LVlQWVZkWFNQYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEANxswS/tN24KNmadQP+fpHowZ92RhCI+c
COWLkJNvDcl9C5GuoddYfowT/hB/UkhuIUAZjt4TMX2YpOK4pzzCdhtaxh8jRTcG
MMMnlEPEQqwEtLrNkg11VLLNLVuuAXYQPmTRn+aDp0kmkkBfbIsY5TX9xPGWL8no
keotj7GjhiRjegH86ClPjonR4SRViwbk+fBZHOETa+JQ5koj51OmxkdEMm4B0iEf
j3DBv+ZyaNtC/14SYEeFKrNt5qaz5mYqjexQ6P/3Ju+CHdWwdJC9G02ZmrYZD9DP
IIllxt5FwkWGI3Y0CVIGMqLXs7/1AGSMjl1+aCBHQ6tAnGx47pNM8g==
-----END CERTIFICATE-----
Generated at Sat May 17 22:39:25 2025 by rpki-client