Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AOxcO6dOLkjFfT7705fK35GQxA4.roa
File: AOxcO6dOLkjFfT7705fK35GQxA4.roa (raw, json)
Hash identifier: QiZF26M+jh+bUHfouzfdW45a0jHqzOascMjysUhkbPw=
Subject key identifier: 00:EC:5C:3B:A7:4E:2E:48:C5:7D:3E:FB:D3:97:CA:DF:91:90:C4:0E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4FBA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AOxcO6dOLkjFfT7705fK35GQxA4.roa
Signing time: Sat 04 May 2024 21:23:48 +0000
ROA not before: Sat 04 May 2024 21:23:48 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20410 (0x4fba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 4 21:23:48 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=00EC5C3BA74E2E48C57D3EFBD397CADF9190C40E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:23:d1:8b:58:b6:24:26:d9:eb:10:7e:ee:76:
96:cd:16:b7:d6:3b:b3:f6:75:00:76:3e:23:d6:af:
be:3b:da:2d:40:f8:66:ee:c7:1f:2f:cc:fa:43:71:
37:66:82:94:4b:01:ed:ee:2f:13:46:37:a7:d5:8d:
de:47:a7:ab:5a:1c:f9:84:0d:44:1a:6a:c8:ce:7f:
0d:2d:28:5b:81:0c:75:e1:9f:14:38:8a:b0:60:10:
f6:95:af:68:a6:08:37:3f:10:27:03:4b:5c:55:33:
ca:43:9e:5a:4a:fc:cb:c8:4c:1e:90:37:77:49:11:
52:85:3c:54:97:0e:12:a6:82:d7:95:0d:8e:d7:34:
59:fb:01:1a:e3:36:42:4f:ac:8e:cf:a2:76:23:89:
16:6a:64:0f:b6:ce:a7:4f:a6:3f:e2:46:08:fc:30:
3a:b4:fe:d7:cb:37:c4:86:be:ea:8b:8f:3f:42:aa:
1e:21:65:11:06:d7:92:13:93:1f:96:94:98:79:4f:
92:08:34:92:11:18:1f:d2:ba:1b:1a:2a:6b:e9:13:
33:1e:47:5d:0f:9c:7b:d2:3b:50:37:52:a0:7d:ae:
00:0f:3b:a5:5c:da:ed:ee:02:c3:2e:a1:8f:71:37:
30:bf:66:d8:54:be:40:e5:53:ed:d9:10:7e:db:03:
1e:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:EC:5C:3B:A7:4E:2E:48:C5:7D:3E:FB:D3:97:CA:DF:91:90:C4:0E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AOxcO6dOLkjFfT7705fK35GQxA4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a2:fd:ca:38:e4:a2:26:10:1f:32:2b:5b:23:82:ea:ed:28:eb:
19:b8:6b:9b:0d:f9:a2:1c:f9:84:4b:4b:e1:19:bf:85:cc:97:
09:d9:b3:e5:0a:b5:35:a7:dd:e5:2e:d4:28:45:d9:3b:56:4a:
39:15:d3:c4:de:f4:0a:49:fa:6e:79:6d:6b:b8:2a:96:81:49:
8b:8c:43:8f:79:af:dc:d2:23:ee:a4:1e:0f:c7:1e:62:8a:6c:
b8:e7:e3:13:c3:61:d0:c3:2b:a4:01:6b:c4:c2:39:d3:19:8b:
d4:e6:6b:49:05:9a:0c:3a:98:43:e2:61:0d:e8:8b:15:29:06:
1e:51:39:6f:56:a2:d8:ea:a0:2d:ef:46:71:6a:32:bd:a8:1d:
3f:49:e5:70:a9:12:b2:2f:42:38:3e:30:d8:bb:21:ca:f8:c6:
65:e3:d4:53:5a:6e:35:6f:0b:02:56:66:75:3a:fb:49:1e:1a:
35:04:4a:a5:12:e8:fe:be:dc:14:44:cb:c4:6d:64:3f:3a:67:
12:60:80:02:75:1d:ef:56:4f:a5:7c:14:6b:ed:65:12:1f:cf:
69:0e:5d:6c:68:5f:a1:24:d3:08:33:20:c8:1d:70:fe:90:0b:
df:ef:ef:ef:61:cb:57:f1:3d:53:ef:53:b1:e9:0b:66:db:06:
9a:45:ca:88
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICT7owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDQy
MTIzNDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAwRUM1QzNCQTc0RTJF
NDhDNTdEM0VGQkQzOTdDQURGOTE5MEM0MEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1I9GLWLYkJtnrEH7udpbNFrfWO7P2dQB2PiPWr7472i1A+Gbu
xx8vzPpDcTdmgpRLAe3uLxNGN6fVjd5Hp6taHPmEDUQaasjOfw0tKFuBDHXhnxQ4
irBgEPaVr2imCDc/ECcDS1xVM8pDnlpK/MvITB6QN3dJEVKFPFSXDhKmgteVDY7X
NFn7ARrjNkJPrI7PonYjiRZqZA+2zqdPpj/iRgj8MDq0/tfLN8SGvuqLjz9Cqh4h
ZREG15ITkx+WlJh5T5IINJIRGB/SuhsaKmvpEzMeR10PnHvSO1A3UqB9rgAPO6Vc
2u3uAsMuoY9xNzC/ZthUvkDlU+3ZEH7bAx6FAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUAOxcO6dOLkjFfT7705fK35GQxA4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FPeGNPNmRPTGtqRmZU
NzcwNWZLMzVHUXhBNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAov3KOOSiJhAfMitbI4Lq7SjrGbhrmw35
ohz5hEtL4Rm/hcyXCdmz5Qq1Nafd5S7UKEXZO1ZKORXTxN70Ckn6bnlta7gqloFJ
i4xDj3mv3NIj7qQeD8ceYopsuOfjE8Nh0MMrpAFrxMI50xmL1OZrSQWaDDqYQ+Jh
DeiLFSkGHlE5b1ai2OqgLe9GcWoyvagdP0nlcKkSsi9COD4w2LshyvjGZePUU1pu
NW8LAlZmdTr7SR4aNQRKpRLo/r7cFETLxG1kPzpnEmCAAnUd71ZPpXwUa+1lEh/P
aQ5dbGhfoSTTCDMgyB1w/pAL3+/v72HLV/E9U+9TsekLZtsGmkXKiA==
-----END CERTIFICATE-----
Generated at Sat May 17 23:40:52 2025 by rpki-client