Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7-ffW8Rar_iPKzQkOJgVpn3z4jY.roa
File: 7-ffW8Rar_iPKzQkOJgVpn3z4jY.roa (raw, json)
Hash identifier: OTrCu3PYkbFWn8Okf7n2MjdYz2+ZHmXf4XQBbo8xbWQ=
Subject key identifier: EF:E7:DF:5B:C4:5A:AF:F8:8F:2B:34:24:38:98:15:A6:7D:F3:E2:36
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3CB6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7-ffW8Rar_iPKzQkOJgVpn3z4jY.roa
Signing time: Tue 09 Apr 2024 12:52:41 +0000
ROA not before: Tue 09 Apr 2024 12:52:41 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15542 (0x3cb6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 12:52:41 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EFE7DF5BC45AAFF88F2B3424389815A67DF3E236
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:9b:1a:ce:0b:52:62:db:62:60:68:46:f7:2c:
a4:07:a6:e6:5e:fb:a2:22:56:65:21:b8:3c:19:ee:
74:d3:de:2a:ee:e8:1a:f6:05:14:49:02:79:57:f8:
1e:99:d4:b6:8c:46:c1:d5:76:63:8c:db:4c:59:00:
d6:26:2c:6b:2b:cc:09:70:bf:1e:2c:8d:4f:b5:a7:
43:99:3f:01:91:47:9b:72:8e:0c:b2:e2:4f:a0:e2:
99:48:73:04:43:64:ae:4b:72:66:e9:f4:5f:7b:24:
e2:44:5d:b5:e1:dd:4e:55:88:51:9d:6d:10:5a:3e:
de:4a:c7:d0:59:a4:27:28:43:d4:9f:15:03:cf:51:
73:72:67:30:c6:9c:c1:1b:0f:7e:c5:9d:a9:aa:99:
be:b4:e1:11:67:2d:fd:2c:92:45:42:1e:55:73:c1:
a8:cc:2d:47:9d:ff:82:9d:83:8d:c6:a6:0f:bc:80:
d1:a3:36:58:a6:c0:2f:38:87:c5:84:49:5d:7f:66:
02:3f:2f:7a:29:ae:80:ff:3f:91:e4:4e:8f:f4:42:
39:33:20:c0:5f:98:25:0b:55:61:1f:17:58:34:f9:
b2:9e:7f:5b:da:45:cb:4e:59:6e:6f:aa:c8:90:e3:
8e:af:1e:f4:69:b6:eb:ba:11:65:0f:84:a3:e4:4b:
43:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:E7:DF:5B:C4:5A:AF:F8:8F:2B:34:24:38:98:15:A6:7D:F3:E2:36
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7-ffW8Rar_iPKzQkOJgVpn3z4jY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2e:7b:e2:36:41:52:4a:2a:af:b6:6d:78:3c:38:2c:24:71:ae:
73:46:90:48:21:b2:11:44:5d:d0:57:0b:ca:13:d1:56:13:92:
89:bc:2e:3d:16:65:41:fb:e5:3b:04:1d:87:45:ca:7d:b2:05:
51:87:85:95:ed:a5:ef:67:d3:71:46:7f:b1:c8:53:a1:25:06:
54:79:8a:a3:a6:dd:37:a6:86:99:9d:aa:4a:1e:27:5c:a3:b1:
44:3e:b3:da:a9:40:f9:f4:85:80:00:7c:42:f6:50:ee:dd:06:
10:70:79:b5:94:96:1f:6f:f6:03:28:8d:d8:7d:f2:8c:6e:97:
a1:8a:0e:78:b7:ee:3b:48:e7:3a:a0:86:0a:c7:80:22:69:ce:
ae:30:e0:6d:8f:3d:54:12:ea:6d:1e:c4:9e:50:05:57:f6:12:
27:a3:36:94:94:40:c8:c0:05:7b:6f:0a:04:77:b9:78:17:40:
08:61:09:38:3c:2a:e9:40:87:48:2f:c1:34:5f:ff:c2:fd:83:
5e:94:d9:21:1b:b5:c0:05:4f:b5:76:67:44:43:65:88:2e:66:
5c:81:a9:bd:3f:43:e1:93:97:bf:09:97:40:14:18:93:e8:67:
c0:93:f3:fd:45:a1:e2:d6:04:91:b5:bb:9f:1a:c7:e8:46:80:
58:08:ea:63
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPLYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkx
MjUyNDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVGRTdERjVCQzQ1QUFG
Rjg4RjJCMzQyNDM4OTgxNUE2N0RGM0UyMzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKmxrOC1Ji22JgaEb3LKQHpuZe+6IiVmUhuDwZ7nTT3iru6Br2
BRRJAnlX+B6Z1LaMRsHVdmOM20xZANYmLGsrzAlwvx4sjU+1p0OZPwGRR5tyjgyy
4k+g4plIcwRDZK5Lcmbp9F97JOJEXbXh3U5ViFGdbRBaPt5Kx9BZpCcoQ9SfFQPP
UXNyZzDGnMEbD37Fnamqmb604RFnLf0skkVCHlVzwajMLUed/4Kdg43Gpg+8gNGj
NlimwC84h8WESV1/ZgI/L3oproD/P5HkTo/0QjkzIMBfmCULVWEfF1g0+bKef1va
RctOWW5vqsiQ446vHvRptuu6EWUPhKPkS0ObAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU7+ffW8Rar/iPKzQkOJgVpn3z4jYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzctZmZXOFJhcl9pUEt6
UWtPSmdWcG4zejRqWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEALnviNkFSSiqvtm14PDgsJHGuc0aQSCGy
EURd0FcLyhPRVhOSibwuPRZlQfvlOwQdh0XKfbIFUYeFle2l72fTcUZ/schToSUG
VHmKo6bdN6aGmZ2qSh4nXKOxRD6z2qlA+fSFgAB8QvZQ7t0GEHB5tZSWH2/2AyiN
2H3yjG6XoYoOeLfuO0jnOqCGCseAImnOrjDgbY89VBLqbR7EnlAFV/YSJ6M2lJRA
yMAFe28KBHe5eBdACGEJODwq6UCHSC/BNF//wv2DXpTZIRu1wAVPtXZnRENliC5m
XIGpvT9D4ZOXvwmXQBQYk+hnwJPz/UWh4tYEkbW7nxrH6EaAWAjqYw==
-----END CERTIFICATE-----
Generated at Sat May 17 22:44:55 2025 by rpki-client