Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/5XN5rFGc-QgNW7sI9hhXn9mBANQ.roa
File: 5XN5rFGc-QgNW7sI9hhXn9mBANQ.roa (raw, json)
Hash identifier: MLPzpXIPRmaqeznt7UEI8U7TNBYwow9W6NJoOSmNKiY=
Subject key identifier: E5:73:79:AC:51:9C:F9:08:0D:5B:BB:08:F6:18:57:9F:D9:81:00:D4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5342
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5XN5rFGc-QgNW7sI9hhXn9mBANQ.roa
Signing time: Thu 09 May 2024 14:24:01 +0000
ROA not before: Thu 09 May 2024 14:24:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21314 (0x5342)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 14:24:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E57379AC519CF9080D5BBB08F618579FD98100D4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:d7:62:bf:e3:72:23:d9:08:1f:ee:4b:59:3d:
8d:2d:37:ed:d1:53:8e:98:9f:7c:75:93:30:a0:f3:
e0:d2:eb:fd:ad:50:a0:c9:37:67:49:53:ba:55:51:
94:96:29:52:8b:af:d2:32:89:fd:3b:16:04:9e:1e:
0f:4a:e6:aa:a8:32:84:41:a7:e4:45:87:76:5b:b2:
bd:5b:48:48:e4:8e:5d:f9:9f:a5:ea:9f:2a:13:f5:
ee:6d:0b:c1:97:61:cb:6b:7d:c3:4c:0e:10:61:6b:
1a:8c:6d:e4:ac:aa:30:ec:7b:4f:00:d6:3c:36:14:
88:89:08:fa:de:e9:4b:42:d0:0d:b0:cd:90:32:f9:
01:9f:a4:b7:21:be:f7:54:0b:e0:28:88:8c:0e:77:
2b:37:ed:1a:a3:5f:94:2c:41:34:ee:52:46:d2:1c:
b4:c5:2a:0a:2f:a4:cc:fa:61:d6:a5:fa:a1:a1:95:
cc:7b:12:38:10:25:43:a9:74:a0:1b:0d:ae:2f:24:
82:86:1c:d3:7b:69:1a:4f:a4:d9:d6:3d:cc:3e:f2:
f4:bc:39:8d:e4:06:ab:5a:0c:0e:f1:70:7e:1f:0c:
22:a8:8d:27:98:6a:24:41:72:1a:3c:4b:15:b6:2f:
01:86:a0:41:ef:03:ce:dd:94:36:55:2d:1b:f1:f7:
7a:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:73:79:AC:51:9C:F9:08:0D:5B:BB:08:F6:18:57:9F:D9:81:00:D4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5XN5rFGc-QgNW7sI9hhXn9mBANQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3f:d6:02:3f:e6:6b:f2:9c:b9:8e:84:87:12:a2:04:56:72:fc:
35:95:ba:9c:26:71:69:f4:6f:17:43:bd:32:df:6c:73:66:69:
ef:7c:b3:da:4b:8d:61:3a:8a:93:92:22:95:89:b2:1f:b3:2c:
9b:13:5c:97:cb:bb:7f:be:74:f2:48:8c:b4:f8:60:37:9f:5c:
4e:5e:75:06:5c:b4:16:8a:da:c5:4e:18:1f:f9:3d:2e:09:f7:
b3:e2:ac:e8:a6:87:41:57:d4:c0:a0:5b:75:b2:64:5f:93:e8:
26:39:b6:34:1c:b2:4e:8d:db:a6:e9:26:fd:1e:ce:64:f4:69:
52:fa:78:de:67:a4:5e:73:2e:41:b2:6a:4e:77:e1:d5:d7:56:
9c:94:61:be:ab:86:10:a8:b3:fa:42:61:87:a2:2f:6e:b3:25:
99:99:eb:ee:6c:1d:33:0f:c2:ab:16:d5:20:81:a8:fc:d4:9a:
78:10:09:24:86:4d:b4:b3:04:a0:1c:00:81:9f:d5:b1:05:91:
05:90:3c:9b:b5:c3:86:b0:74:a5:ee:94:82:9e:54:65:da:ff:
b2:03:d3:72:e9:fd:14:0a:e2:3e:87:21:42:91:d8:05:1a:71:
ea:5c:c1:2f:c5:25:41:c1:2c:26:5d:1e:d2:7e:62:ce:1d:52:
b4:2d:1d:b7
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICU0IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDkx
NDI0MDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU1NzM3OUFDNTE5Q0Y5
MDgwRDVCQkIwOEY2MTg1NzlGRDk4MTAwRDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD312K/43Ij2Qgf7ktZPY0tN+3RU46Yn3x1kzCg8+DS6/2tUKDJ
N2dJU7pVUZSWKVKLr9Iyif07FgSeHg9K5qqoMoRBp+RFh3Zbsr1bSEjkjl35n6Xq
nyoT9e5tC8GXYctrfcNMDhBhaxqMbeSsqjDse08A1jw2FIiJCPre6UtC0A2wzZAy
+QGfpLchvvdUC+AoiIwOdys37RqjX5QsQTTuUkbSHLTFKgovpMz6Ydal+qGhlcx7
EjgQJUOpdKAbDa4vJIKGHNN7aRpPpNnWPcw+8vS8OY3kBqtaDA7xcH4fDCKojSeY
aiRBcho8SxW2LwGGoEHvA87dlDZVLRvx93qnAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU5XN5rFGc+QgNW7sI9hhXn9mBANQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzVYTjVyRkdjLVFnTlc3
c0k5aGhYbjltQkFOUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAP9YCP+Zr8py5joSHEqIEVnL8NZW6nCZx
afRvF0O9Mt9sc2Zp73yz2kuNYTqKk5IilYmyH7MsmxNcl8u7f7508kiMtPhgN59c
Tl51Bly0ForaxU4YH/k9Lgn3s+Ks6KaHQVfUwKBbdbJkX5PoJjm2NByyTo3bpukm
/R7OZPRpUvp43mekXnMuQbJqTnfh1ddWnJRhvquGEKiz+kJhh6IvbrMlmZnr7mwd
Mw/CqxbVIIGo/NSaeBAJJIZNtLMEoBwAgZ/VsQWRBZA8m7XDhrB0pe6Ugp5UZdr/
sgPTcun9FAriPochQpHYBRpx6lzBL8UlQcEsJl0e0n5izh1StC0dtw==
-----END CERTIFICATE-----
Generated at Sat May 17 23:59:35 2025 by rpki-client