Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/A30X5pcnl1Lw4Zp5BW1oLxIlNjs.roa
File: A30X5pcnl1Lw4Zp5BW1oLxIlNjs.roa (raw, json)
Hash identifier: oyPLNpOtLYl1OKoKpGz70P+WlOjnOTD6NQ91Q+blcws=
Subject key identifier: 03:7D:17:E6:97:27:97:52:F0:E1:9A:79:05:6D:68:2F:12:25:36:3B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 56F6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/A30X5pcnl1Lw4Zp5BW1oLxIlNjs.roa
Signing time: Tue 14 May 2024 12:54:28 +0000
ROA not before: Tue 14 May 2024 12:54:28 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22262 (0x56f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 12:54:28 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=037D17E697279752F0E19A79056D682F1225363B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:a2:0d:f6:0d:56:11:51:f3:f0:9a:b2:93:b0:
10:0e:0f:cd:5f:a7:21:e1:81:8d:08:3e:bf:5d:90:
a4:fe:71:2f:1c:8c:f2:f0:c4:1f:36:9b:a3:57:82:
88:fa:b7:4a:95:d8:5c:3f:47:e5:31:6b:56:93:86:
59:22:4d:95:de:ee:85:4a:5e:61:3c:79:c7:a6:c2:
bc:16:cc:45:13:f8:0b:be:64:9e:ed:62:16:28:e6:
96:71:65:e2:5f:8e:2e:d7:c5:c1:5f:c4:e4:2c:73:
d2:c8:c0:7d:87:1a:e3:95:60:3d:7c:7f:8d:4a:a9:
8e:c9:9b:81:3e:bb:87:91:07:3f:97:0f:3d:ec:72:
34:56:b6:4e:c7:cd:a4:c9:8c:6a:12:2f:de:79:1e:
54:ac:80:41:f0:3d:71:ec:2b:2d:f0:cb:ec:54:45:
bf:7d:a4:e1:64:19:68:71:e8:85:d1:e7:9d:f8:d7:
ff:72:e4:87:f9:9f:9b:ea:17:e1:54:be:12:d0:e0:
1c:ff:46:21:d2:d7:f3:2f:38:66:b2:c1:a3:a9:9a:
10:77:5c:17:0f:83:79:a6:10:fa:01:37:2b:30:4e:
3b:9e:cd:ab:fa:53:a5:c9:a3:8b:e5:c0:75:9f:e6:
10:31:fa:10:e0:9f:51:c4:33:0b:d5:15:be:cf:9f:
a0:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:7D:17:E6:97:27:97:52:F0:E1:9A:79:05:6D:68:2F:12:25:36:3B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/A30X5pcnl1Lw4Zp5BW1oLxIlNjs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
52:93:65:f1:d4:d3:52:ef:bd:80:9f:ec:8a:82:0b:cc:3e:55:
8c:d4:3e:12:d0:4b:cc:fd:31:be:10:a6:47:a0:b5:72:c5:ec:
17:61:a2:64:ec:3c:68:7a:70:e6:f0:d6:b9:d3:18:cb:d9:85:
70:e3:76:ef:e0:1f:c3:97:17:6f:44:fc:6f:48:a5:79:70:1b:
aa:c0:ce:e0:54:af:df:a3:18:c2:54:ae:2d:73:21:dd:aa:22:
a7:f9:29:39:f1:3c:e6:6e:97:56:fa:e4:e0:a3:8b:4d:a1:8b:
37:19:25:db:6d:40:bf:ae:3b:ae:de:67:ae:fb:16:70:d3:f1:
e8:0c:61:6e:a9:b4:ad:d0:c5:d6:b3:3d:1c:91:53:b3:eb:64:
25:f0:25:61:11:51:63:4f:65:9b:57:d1:4d:6f:d1:2d:d8:2b:
63:ee:47:9a:6c:ba:55:03:92:de:a0:ac:44:42:fb:82:6b:c1:
5b:0f:2f:45:ec:f1:21:ba:1d:70:31:84:be:1f:90:8e:4e:13:
b9:31:e1:96:dc:45:60:7f:cf:73:63:4a:0f:74:b8:d8:54:a6:
c6:6b:79:fa:f5:22:6d:8b:4f:72:36:7e:f9:0a:c9:de:d7:99:
13:3a:8c:19:01:83:ef:48:31:eb:37:db:3d:18:bc:34:ba:80:
b0:a0:b2:c8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVvYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQx
MjU0MjhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAzN0QxN0U2OTcyNzk3
NTJGMEUxOUE3OTA1NkQ2ODJGMTIyNTM2M0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClog32DVYRUfPwmrKTsBAOD81fpyHhgY0IPr9dkKT+cS8cjPLw
xB82m6NXgoj6t0qV2Fw/R+Uxa1aThlkiTZXe7oVKXmE8ecemwrwWzEUT+Au+ZJ7t
YhYo5pZxZeJfji7XxcFfxOQsc9LIwH2HGuOVYD18f41KqY7Jm4E+u4eRBz+XDz3s
cjRWtk7HzaTJjGoSL955HlSsgEHwPXHsKy3wy+xURb99pOFkGWhx6IXR55341/9y
5If5n5vqF+FUvhLQ4Bz/RiHS1/MvOGaywaOpmhB3XBcPg3mmEPoBNyswTjuezav6
U6XJo4vlwHWf5hAx+hDgn1HEMwvVFb7Pn6ARAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUA30X5pcnl1Lw4Zp5BW1oLxIlNjswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0EzMFg1cGNubDFMdzRa
cDVCVzFvTHhJbE5qcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAUpNl8dTTUu+9gJ/sioILzD5VjNQ+EtBL
zP0xvhCmR6C1csXsF2GiZOw8aHpw5vDWudMYy9mFcON27+Afw5cXb0T8b0ileXAb
qsDO4FSv36MYwlSuLXMh3aoip/kpOfE85m6XVvrk4KOLTaGLNxkl221Av647rt5n
rvsWcNPx6Axhbqm0rdDF1rM9HJFTs+tkJfAlYRFRY09lm1fRTW/RLdgrY+5Hmmy6
VQOS3qCsREL7gmvBWw8vRezxIbodcDGEvh+Qjk4TuTHhltxFYH/Pc2NKD3S42FSm
xmt5+vUibYtPcjZ++QrJ3teZEzqMGQGD70gx6zfbPRi8NLqAsKCyyA==
-----END CERTIFICATE-----
Generated at Sat May 17 19:35:34 2025 by rpki-client