Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BCdED3AReWOksSvPfr3Oxz4qIVQ.roa
File: BCdED3AReWOksSvPfr3Oxz4qIVQ.roa (raw, json)
Hash identifier: Hffo8mO8V6eXsp7s+sHPiSALvz84DMJogHR9ML8Pztk=
Subject key identifier: 04:27:44:0F:70:11:79:63:A4:B1:2B:CF:7E:BD:CE:C7:3E:2A:21:54
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C56
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BCdED3AReWOksSvPfr3Oxz4qIVQ.roa
Signing time: Tue 09 Apr 2024 00:52:35 +0000
ROA not before: Tue 09 Apr 2024 00:52:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15446 (0x3c56)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 00:52:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0427440F70117963A4B12BCF7EBDCEC73E2A2154
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:56:60:14:04:39:70:70:a0:82:91:81:b7:fe:
54:ce:ea:40:9e:2f:05:c7:35:59:12:32:2c:2a:53:
11:2d:0b:b5:37:70:7a:ee:0a:e2:1b:17:97:8a:79:
d9:88:d1:05:04:32:05:e8:50:7c:b5:74:73:10:03:
00:9b:43:c5:29:ad:73:bd:7f:9a:d5:8e:ad:7a:3d:
ab:58:52:83:fc:ee:82:58:4a:87:fa:eb:f2:36:c8:
df:2d:83:d7:1f:9e:ec:d0:09:1b:7f:e7:e0:8b:54:
c7:a0:95:aa:5c:41:b2:5f:3f:94:ce:53:fb:86:9e:
d7:f2:5b:a4:76:92:a4:da:d4:3d:da:4a:33:c4:a3:
26:8e:2c:53:e4:27:14:31:f5:d4:d1:47:7d:ec:5f:
57:4b:cf:ba:d6:24:84:bd:c8:43:62:08:e6:70:ea:
74:da:7a:ce:1b:43:f0:24:11:81:ad:dc:3a:d0:38:
2a:dc:27:30:4f:ca:40:e0:21:9d:3a:de:79:cc:c1:
1c:d7:fb:8a:6e:bc:e1:89:b6:c1:69:f7:ad:8c:05:
73:d7:24:5e:04:a8:dc:99:6a:8b:29:55:94:e4:5c:
9c:73:99:b8:da:b4:0b:f3:46:68:60:a1:87:3d:f9:
3b:c8:65:47:ca:12:49:cc:dc:4d:3d:bf:e2:00:dd:
b6:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:27:44:0F:70:11:79:63:A4:B1:2B:CF:7E:BD:CE:C7:3E:2A:21:54
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BCdED3AReWOksSvPfr3Oxz4qIVQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
58:5f:10:fe:b1:17:db:da:13:ac:e2:87:f3:aa:af:8e:9c:3f:
d7:fe:a2:b5:69:43:39:8b:55:30:8d:59:ce:ba:f5:ac:79:81:
fc:77:0b:42:e8:17:0f:c7:70:cf:47:e3:d4:99:59:2b:06:fc:
33:fd:58:bc:3f:dd:53:8a:93:a2:44:c8:6b:e9:d4:e7:98:b2:
6a:a5:19:0b:b5:30:75:9b:67:35:e8:c4:4e:17:6d:36:ce:af:
35:f4:aa:67:07:e6:d9:71:98:e7:a0:b7:0b:e0:cc:84:f0:a3:
d2:b7:8d:76:b5:4e:19:68:c5:41:20:c4:2a:e6:e7:b2:ee:45:
04:ad:c1:be:72:51:4a:da:17:10:f2:32:57:23:14:a0:96:87:
ec:3c:2f:5e:e8:01:93:06:78:cb:f4:d6:27:d8:f8:8d:a3:07:
11:90:11:ef:af:e2:bb:97:5e:af:08:f9:a3:7b:2e:f8:10:dc:
15:59:b2:70:76:e3:f0:14:71:a3:8f:83:21:0e:89:0b:fd:8b:
73:1b:98:0e:d2:ef:79:d1:59:00:0e:74:96:32:5f:d6:15:c5:
20:ed:9a:0e:95:2c:e4:c2:b3:a4:28:93:5c:5e:df:83:d6:20:
b5:eb:03:d2:45:79:ae:68:45:89:a1:6b:d5:03:94:05:a9:a2:
aa:30:87:02
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPFYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkw
MDUyMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA0Mjc0NDBGNzAxMTc5
NjNBNEIxMkJDRjdFQkRDRUM3M0UyQTIxNTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0VmAUBDlwcKCCkYG3/lTO6kCeLwXHNVkSMiwqUxEtC7U3cHru
CuIbF5eKedmI0QUEMgXoUHy1dHMQAwCbQ8UprXO9f5rVjq16PatYUoP87oJYSof6
6/I2yN8tg9cfnuzQCRt/5+CLVMeglapcQbJfP5TOU/uGntfyW6R2kqTa1D3aSjPE
oyaOLFPkJxQx9dTRR33sX1dLz7rWJIS9yENiCOZw6nTaes4bQ/AkEYGt3DrQOCrc
JzBPykDgIZ063nnMwRzX+4puvOGJtsFp962MBXPXJF4EqNyZaospVZTkXJxzmbja
tAvzRmhgoYc9+TvIZUfKEknM3E09v+IA3baRAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUBCdED3AReWOksSvPfr3Oxz4qIVQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JDZEVEM0FSZVdPa3NT
dlBmcjNPeHo0cUlWUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAWF8Q/rEX29oTrOKH86qvjpw/1/6itWlD
OYtVMI1Zzrr1rHmB/HcLQugXD8dwz0fj1JlZKwb8M/1YvD/dU4qTokTIa+nU55iy
aqUZC7UwdZtnNejEThdtNs6vNfSqZwfm2XGY56C3C+DMhPCj0reNdrVOGWjFQSDE
Kubnsu5FBK3BvnJRStoXEPIyVyMUoJaH7DwvXugBkwZ4y/TWJ9j4jaMHEZAR76/i
u5derwj5o3su+BDcFVmycHbj8BRxo4+DIQ6JC/2LcxuYDtLvedFZAA50ljJf1hXF
IO2aDpUs5MKzpCiTXF7fg9YgtesD0kV5rmhFiaFr1QOUBamiqjCHAg==
-----END CERTIFICATE-----
Generated at Sun May 18 03:07:38 2025 by rpki-client