Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/96WxeHX1yZKD2xxX6hhMQDeMhIQ.roa
File: 96WxeHX1yZKD2xxX6hhMQDeMhIQ.roa (raw, json)
Hash identifier: dz9Q5NoGJpMy9mIu24BIRmU4Qn/4FAndOP19hAbhjQY=
Subject key identifier: F7:A5:B1:78:75:F5:C9:92:83:DB:1C:57:EA:18:4C:40:37:8C:84:84
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4012
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/96WxeHX1yZKD2xxX6hhMQDeMhIQ.roa
Signing time: Sun 14 Apr 2024 00:22:56 +0000
ROA not before: Sun 14 Apr 2024 00:22:56 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16402 (0x4012)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 00:22:56 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F7A5B17875F5C99283DB1C57EA184C40378C8484
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:ea:92:8d:9d:9d:2c:25:1c:ce:bc:6c:23:c4:
d4:0d:f3:73:7c:0a:7d:00:98:35:38:1a:05:d2:ab:
39:21:eb:8f:b2:c9:a8:c7:19:d5:0a:ff:03:bd:e6:
e8:fc:dc:0f:db:65:10:7d:4f:d9:68:fe:38:20:08:
89:45:fa:e2:4a:cb:93:41:fa:d5:9e:ab:69:15:01:
04:f6:69:dc:d9:16:98:e0:ad:e8:83:52:b1:d5:7b:
c3:0c:af:3d:b4:bc:bc:b0:eb:79:a1:f9:70:55:c9:
e1:97:25:d7:2d:f6:8d:24:28:e1:e1:55:d3:a2:83:
03:e6:18:5c:d9:1b:24:a5:1c:02:68:9b:a6:b7:96:
62:3b:6d:8c:a2:e9:38:fb:1f:9c:8b:bf:31:44:e8:
72:df:9e:17:24:db:2f:e9:74:78:ce:0c:b1:32:66:
a4:e1:20:28:51:da:c9:ab:3a:1d:3e:8d:00:f4:ef:
1b:ae:e2:c7:7e:fb:52:36:2c:c8:e8:db:ad:35:42:
3d:dc:76:9b:86:a3:e2:7f:52:8f:c9:0b:d3:09:dd:
d1:42:ba:49:2f:e6:aa:dd:56:21:f8:a8:12:93:cd:
67:77:ba:59:96:bb:b1:0c:15:8b:b5:bc:c3:5f:64:
fd:28:a3:3e:3e:c0:3c:19:d0:38:1f:09:5d:a1:28:
19:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:A5:B1:78:75:F5:C9:92:83:DB:1C:57:EA:18:4C:40:37:8C:84:84
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/96WxeHX1yZKD2xxX6hhMQDeMhIQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
88:f3:a6:50:84:d2:18:e2:96:d5:03:98:91:fc:49:bb:2c:2f:
31:69:8a:b5:a7:c1:38:de:4c:ab:d8:4d:e2:12:76:43:29:5c:
54:79:1a:4c:9f:47:2e:5f:58:e5:a7:0b:e1:b9:0b:7c:8e:00:
d3:89:e2:1c:e5:9c:eb:00:b9:6f:a9:23:54:e9:6a:c1:18:f5:
f7:87:07:a6:2e:f6:c1:18:10:9f:79:5c:d6:36:a0:71:99:db:
5e:60:b7:fe:52:de:ba:fc:70:17:46:cf:69:7c:33:07:62:7d:
23:08:aa:8f:b5:5b:5a:81:c2:8e:38:14:3b:04:23:f1:d7:b4:
36:e0:37:33:97:b4:42:df:0c:df:e3:a6:e8:6e:c1:bd:64:51:
79:02:08:4e:50:e5:ba:f3:f0:71:3f:d2:d3:f5:ba:69:5c:2b:
ed:79:c2:e9:f4:7c:35:06:3e:3d:82:16:01:2e:6b:f1:eb:00:
ec:eb:cb:30:e2:c1:72:4a:a9:86:38:3f:ae:d9:04:ab:c1:49:
c0:34:9f:a2:9f:19:54:a4:77:89:ac:7e:21:2e:7a:cb:00:85:
2a:cb:98:42:8b:e1:bf:13:07:a9:93:f2:79:ac:51:20:fb:d1:
70:4c:28:18:2b:9e:68:ff:f2:83:6c:74:cb:d9:61:d5:89:7d:
df:4a:13:a2
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQBIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQw
MDIyNTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY3QTVCMTc4NzVGNUM5
OTI4M0RCMUM1N0VBMTg0QzQwMzc4Qzg0ODQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC46pKNnZ0sJRzOvGwjxNQN83N8Cn0AmDU4GgXSqzkh64+yyajH
GdUK/wO95uj83A/bZRB9T9lo/jggCIlF+uJKy5NB+tWeq2kVAQT2adzZFpjgreiD
UrHVe8MMrz20vLyw63mh+XBVyeGXJdct9o0kKOHhVdOigwPmGFzZGySlHAJom6a3
lmI7bYyi6Tj7H5yLvzFE6HLfnhck2y/pdHjODLEyZqThIChR2smrOh0+jQD07xuu
4sd++1I2LMjo2601Qj3cdpuGo+J/Uo/JC9MJ3dFCukkv5qrdViH4qBKTzWd3ulmW
u7EMFYu1vMNfZP0ooz4+wDwZ0DgfCV2hKBk7AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU96WxeHX1yZKD2xxX6hhMQDeMhIQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Lzk2V3hlSFgxeVpLRDJ4
eFg2aGhNUURlTWhJUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAiPOmUITSGOKW1QOYkfxJuywvMWmKtafB
ON5Mq9hN4hJ2QylcVHkaTJ9HLl9Y5acL4bkLfI4A04niHOWc6wC5b6kjVOlqwRj1
94cHpi72wRgQn3lc1jagcZnbXmC3/lLeuvxwF0bPaXwzB2J9Iwiqj7VbWoHCjjgU
OwQj8de0NuA3M5e0Qt8M3+Om6G7BvWRReQIITlDluvPwcT/S0/W6aVwr7XnC6fR8
NQY+PYIWAS5r8esA7OvLMOLBckqphjg/rtkEq8FJwDSfop8ZVKR3iax+IS56ywCF
KsuYQovhvxMHqZPyeaxRIPvRcEwoGCueaP/yg2x0y9lh1Yl930oTog==
-----END CERTIFICATE-----
Generated at Sun May 18 10:04:43 2025 by rpki-client