Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8j6mEnE-jYMTYr7FnyjfVCYI1Gw.roa
File: 8j6mEnE-jYMTYr7FnyjfVCYI1Gw.roa (raw, json)
Hash identifier: 08fa56LjYsEvnTleeLRj8nhBEYSlkyDeY+SAnXc1SEc=
Subject key identifier: F2:3E:A6:12:71:3E:8D:83:13:62:BE:C5:9F:28:DF:54:26:08:D4:6C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C72
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8j6mEnE-jYMTYr7FnyjfVCYI1Gw.roa
Signing time: Tue 09 Apr 2024 04:22:35 +0000
ROA not before: Tue 09 Apr 2024 04:22:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15474 (0x3c72)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 04:22:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F23EA612713E8D831362BEC59F28DF542608D46C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:be:65:b6:0d:44:85:4d:02:a8:a8:7c:6d:fc:
40:c5:40:0d:28:f5:c6:9b:7d:80:76:18:8d:6c:e1:
1e:7a:02:4b:41:e6:17:eb:db:90:cc:08:b0:e7:65:
50:70:a5:82:d9:29:bd:98:ea:43:bb:f6:e9:72:b7:
87:66:a2:9d:4b:43:39:44:87:9b:5f:56:94:41:75:
55:e8:b0:0b:f8:84:d3:0d:c7:b0:f9:1c:64:63:e0:
4e:39:02:a9:22:d3:07:09:03:39:67:f2:8b:a9:e9:
38:5b:96:c1:30:77:a2:a4:de:47:11:91:cd:86:33:
bd:60:ee:de:6d:79:3b:89:32:8d:a5:dc:98:d6:19:
0f:10:ce:83:d0:89:3a:5c:9a:61:1f:16:66:22:5c:
13:36:75:11:de:b0:7f:e4:02:12:fd:9b:d0:03:e8:
dd:1f:bf:d7:33:56:aa:b0:9c:63:7f:ca:48:41:32:
83:cb:41:9b:4a:b8:95:f4:b8:01:4e:04:ee:15:da:
1d:1c:78:6c:84:19:c9:64:c4:39:c7:84:ed:ac:6b:
95:15:8d:8a:61:38:a8:85:8c:61:8e:7f:3b:59:04:
57:90:d8:f8:49:20:c8:84:d5:ca:e7:e9:02:aa:b1:
0f:3c:b0:19:72:3e:98:d9:b4:6b:f7:0d:61:a2:54:
8f:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:3E:A6:12:71:3E:8D:83:13:62:BE:C5:9F:28:DF:54:26:08:D4:6C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8j6mEnE-jYMTYr7FnyjfVCYI1Gw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4e:d9:4b:cb:4a:8c:e4:70:33:7a:46:99:d0:e0:1c:f4:76:55:
9e:88:2e:ff:ad:d9:4c:6f:75:36:cb:c4:9e:0f:65:97:63:73:
f6:70:04:b2:3c:42:a4:2a:ed:b4:d9:83:a8:66:e8:62:96:ff:
08:b6:06:6c:8e:82:b2:3e:0f:c9:3f:2d:78:66:93:c8:be:44:
69:53:cc:fb:d9:6b:b9:96:61:3d:17:8c:3f:35:3d:a0:7a:85:
99:ef:a5:9e:96:03:75:17:ed:74:56:92:9b:24:09:f0:f0:4e:
e4:db:9a:b1:23:82:f4:d7:ae:11:ae:8e:22:35:41:0a:53:6d:
3d:55:b1:82:40:9e:a5:2e:9a:fb:81:ff:ae:cb:9b:f6:e9:ad:
b6:ac:60:c5:2a:01:67:f0:db:79:a4:a0:dd:05:4a:76:35:62:
68:41:89:91:a9:f2:8d:86:27:42:72:b7:aa:de:5a:2f:9b:ca:
7d:7e:70:42:76:32:34:ae:4a:24:c3:11:11:2b:b4:9a:42:0a:
27:22:44:ac:79:03:7b:7f:3f:b4:7f:49:89:ff:69:ef:15:c6:
d2:48:cc:ae:ce:a6:18:8d:26:3a:85:65:0b:4a:27:d0:29:91:
75:50:90:55:11:75:e0:24:c3:6f:71:9b:2d:c8:07:48:fb:d2:
78:ca:fa:24
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPHIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkw
NDIyMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEYyM0VBNjEyNzEzRThE
ODMxMzYyQkVDNTlGMjhERjU0MjYwOEQ0NkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4vmW2DUSFTQKoqHxt/EDFQA0o9cabfYB2GI1s4R56AktB5hfr
25DMCLDnZVBwpYLZKb2Y6kO79ulyt4dmop1LQzlEh5tfVpRBdVXosAv4hNMNx7D5
HGRj4E45Aqki0wcJAzln8oup6ThblsEwd6Kk3kcRkc2GM71g7t5teTuJMo2l3JjW
GQ8QzoPQiTpcmmEfFmYiXBM2dRHesH/kAhL9m9AD6N0fv9czVqqwnGN/ykhBMoPL
QZtKuJX0uAFOBO4V2h0ceGyEGclkxDnHhO2sa5UVjYphOKiFjGGOfztZBFeQ2PhJ
IMiE1crn6QKqsQ88sBlyPpjZtGv3DWGiVI8bAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU8j6mEnE+jYMTYr7FnyjfVCYI1GwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhqNm1FbkUtallNVFly
N0ZueWpmVkNZSTFHdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEATtlLy0qM5HAzekaZ0OAc9HZVnogu/63Z
TG91NsvEng9ll2Nz9nAEsjxCpCrttNmDqGboYpb/CLYGbI6Csj4PyT8teGaTyL5E
aVPM+9lruZZhPReMPzU9oHqFme+lnpYDdRftdFaSmyQJ8PBO5NuasSOC9NeuEa6O
IjVBClNtPVWxgkCepS6a+4H/rsub9umttqxgxSoBZ/DbeaSg3QVKdjViaEGJkany
jYYnQnK3qt5aL5vKfX5wQnYyNK5KJMMRESu0mkIKJyJErHkDe38/tH9Jif9p7xXG
0kjMrs6mGI0mOoVlC0on0CmRdVCQVRF14CTDb3GbLcgHSPvSeMr6JA==
-----END CERTIFICATE-----
Generated at Sun May 18 02:01:38 2025 by rpki-client