Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8KPEbwfOH1TsRuTy4Cm_4xxS9Kg.roa
File: 8KPEbwfOH1TsRuTy4Cm_4xxS9Kg.roa (raw, json)
Hash identifier: zcMW68VxJt5RpAOh1ah3XSfU+buHCjZNKQoJZrxVOE4=
Subject key identifier: F0:A3:C4:6F:07:CE:1F:54:EC:46:E4:F2:E0:29:BF:E3:1C:52:F4:A8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 364A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8KPEbwfOH1TsRuTy4Cm_4xxS9Kg.roa
Signing time: Sun 31 Mar 2024 23:22:16 +0000
ROA not before: Sun 31 Mar 2024 23:22:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13898 (0x364a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 23:22:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F0A3C46F07CE1F54EC46E4F2E029BFE31C52F4A8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:2b:2a:47:f3:c0:16:7a:e1:a2:1d:38:c8:6d:
9a:62:72:ca:a3:a2:e0:28:5c:76:fa:4f:74:4a:4e:
a6:3c:ca:b0:83:7f:e6:82:96:5c:0c:36:eb:33:2b:
06:3a:ce:3a:e0:0a:4e:5b:f5:7d:48:87:f2:38:7c:
9d:8a:82:16:0b:81:d8:51:5d:11:08:02:a6:ca:c6:
98:b1:73:10:3f:0e:e3:26:57:41:28:58:d5:49:18:
47:35:0e:58:70:14:ce:54:92:db:49:19:5e:15:0a:
ea:9a:26:f3:15:6d:24:2e:cb:65:04:5f:7f:f2:26:
82:99:6a:77:b0:65:93:fe:79:a7:55:db:e0:e0:98:
8b:7e:94:55:0b:89:51:8a:70:94:4e:81:66:ed:4d:
c7:80:96:73:05:e6:1e:f9:fc:65:50:12:67:71:3a:
88:04:46:43:e6:df:a6:3b:c1:bc:eb:1c:bd:b7:0f:
f5:c4:5a:90:16:9c:c9:91:34:08:47:27:77:c0:43:
26:2a:cf:8d:c5:c5:5b:23:bb:14:51:e0:b7:87:75:
55:25:e5:2c:c6:5c:05:f3:ef:61:b9:90:b5:5d:1f:
35:c8:fc:53:7a:35:97:5c:08:7a:e6:d6:05:1d:a0:
6a:0c:9e:49:57:48:70:d7:23:aa:00:08:0a:28:9d:
8c:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:A3:C4:6F:07:CE:1F:54:EC:46:E4:F2:E0:29:BF:E3:1C:52:F4:A8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8KPEbwfOH1TsRuTy4Cm_4xxS9Kg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
50:23:14:8f:a4:49:ef:be:7e:a2:71:03:bd:db:68:42:0a:c1:
f1:99:64:42:ac:d2:df:ac:ce:9e:a0:83:26:da:f6:63:b1:9f:
a3:71:37:7f:1a:46:b4:28:a0:a9:84:6a:26:44:e7:0d:27:87:
5e:60:09:49:73:3e:4b:7a:0e:0c:5b:da:f7:e8:dd:a1:5f:07:
fd:e6:76:85:17:58:8f:ca:57:58:32:1b:d8:08:58:26:c9:54:
02:f7:d6:47:03:06:e9:2d:92:92:98:11:78:58:80:53:59:0c:
ed:e2:eb:a6:ec:04:e0:1f:7f:5b:26:f7:bb:85:96:9b:55:1d:
89:22:26:01:53:9e:dd:56:5b:19:a7:da:c0:e0:ae:6f:7e:c9:
ac:9e:8f:dc:31:b8:a0:d9:f0:ae:b7:bf:37:dc:df:82:f2:da:
ac:e3:69:a8:dd:c3:ba:54:07:67:54:16:e1:8c:2e:fb:29:10:
ce:d4:ce:85:38:2e:b9:b5:3d:ed:2c:ab:64:c7:21:85:bd:0d:
f4:fe:f1:02:42:54:d4:1e:50:05:55:2e:43:43:4c:d1:d6:6f:
7f:d6:d7:0c:75:c6:0f:2e:3f:5f:f3:d7:3c:f5:63:0c:a6:67:
c7:71:a4:c8:27:1b:22:95:6a:73:e5:9e:46:8a:c0:9f:2c:9b:
76:f5:ba:53
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNkowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEy
MzIyMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEYwQTNDNDZGMDdDRTFG
NTRFQzQ2RTRGMkUwMjlCRkUzMUM1MkY0QTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/KypH88AWeuGiHTjIbZpicsqjouAoXHb6T3RKTqY8yrCDf+aC
llwMNuszKwY6zjrgCk5b9X1Ih/I4fJ2KghYLgdhRXREIAqbKxpixcxA/DuMmV0Eo
WNVJGEc1DlhwFM5UkttJGV4VCuqaJvMVbSQuy2UEX3/yJoKZanewZZP+eadV2+Dg
mIt+lFULiVGKcJROgWbtTceAlnMF5h75/GVQEmdxOogERkPm36Y7wbzrHL23D/XE
WpAWnMmRNAhHJ3fAQyYqz43FxVsjuxRR4LeHdVUl5SzGXAXz72G5kLVdHzXI/FN6
NZdcCHrm1gUdoGoMnklXSHDXI6oACAoonYyxAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU8KPEbwfOH1TsRuTy4Cm/4xxS9KgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhLUEVid2ZPSDFUc1J1
VHk0Q21fNHh4UzlLZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAUCMUj6RJ775+onEDvdtoQgrB8ZlkQqzS
36zOnqCDJtr2Y7Gfo3E3fxpGtCigqYRqJkTnDSeHXmAJSXM+S3oODFva9+jdoV8H
/eZ2hRdYj8pXWDIb2AhYJslUAvfWRwMG6S2SkpgReFiAU1kM7eLrpuwE4B9/Wyb3
u4WWm1UdiSImAVOe3VZbGafawOCub37JrJ6P3DG4oNnwrre/N9zfgvLarONpqN3D
ulQHZ1QW4Ywu+ykQztTOhTguubU97SyrZMchhb0N9P7xAkJU1B5QBVUuQ0NM0dZv
f9bXDHXGDy4/X/PXPPVjDKZnx3GkyCcbIpVqc+WeRorAnyybdvW6Uw==
-----END CERTIFICATE-----
Generated at Sat May 17 21:03:53 2025 by rpki-client