Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CEP0UcxVJ4BgtJGwLl3Tg-AfnEU.roa
File: CEP0UcxVJ4BgtJGwLl3Tg-AfnEU.roa (raw, json)
Hash identifier: IZcLmbQGbHpdvobhsEiKavJ7GH1avD0X3I/NCzwYQmI=
Subject key identifier: 08:43:F4:51:CC:55:27:80:60:B4:91:B0:2E:5D:D3:83:E0:1F:9C:45
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5466
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CEP0UcxVJ4BgtJGwLl3Tg-AfnEU.roa
Signing time: Sat 11 May 2024 02:54:03 +0000
ROA not before: Sat 11 May 2024 02:54:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21606 (0x5466)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 02:54:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0843F451CC55278060B491B02E5DD383E01F9C45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:72:7f:dd:c1:ec:7c:24:d7:f6:b8:c1:24:72:
ce:23:40:f8:c2:33:f1:a7:bc:06:12:95:c5:6b:98:
95:37:72:b5:8c:14:ee:95:62:a6:e8:e1:67:45:68:
39:7f:63:00:16:3f:92:b1:c3:22:61:92:12:8e:b0:
4e:51:83:bb:71:13:d9:a1:34:65:7c:db:3f:b3:59:
da:ad:f3:c7:23:94:d1:d8:e0:7f:ff:d1:d5:ac:e1:
ef:1c:b9:67:fa:c1:9b:1b:44:17:1d:52:fc:be:2b:
f5:02:a6:c6:ec:b1:30:68:e2:07:a4:e4:2b:e4:72:
23:df:8d:3a:52:59:a0:6e:bc:db:f4:39:94:a8:8f:
1c:fd:20:ce:32:ff:75:0e:d8:2a:99:43:23:12:3c:
2c:51:fb:1e:19:5a:64:37:f3:9e:98:ab:05:aa:91:
2e:96:a1:fd:0a:3b:52:c1:bc:4f:8c:cb:e5:ce:13:
fb:26:e7:f7:42:f2:de:37:12:10:6c:c6:5a:ba:c3:
6e:aa:1e:a6:7c:bb:b2:42:50:bd:c1:88:f6:1d:3e:
5d:3c:32:77:95:45:e1:6f:b4:da:08:33:fc:df:19:
16:5e:16:16:51:ec:83:75:39:46:3d:8f:c8:86:a9:
78:d7:d0:cc:73:f4:2f:92:f1:8f:82:e3:5d:f0:d6:
58:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:43:F4:51:CC:55:27:80:60:B4:91:B0:2E:5D:D3:83:E0:1F:9C:45
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CEP0UcxVJ4BgtJGwLl3Tg-AfnEU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6e:26:27:3d:10:3e:63:3f:9e:01:f3:74:78:29:4b:83:85:c4:
a3:69:3d:9b:52:29:3d:44:0c:3c:bf:66:7c:cb:84:1f:ec:54:
b3:18:66:44:44:b1:46:78:07:52:71:68:cb:23:b7:ca:f3:dd:
74:24:6b:e3:35:f7:4d:1f:c2:c9:26:5a:56:6a:b1:a6:25:10:
46:ac:f5:19:81:87:8b:18:0c:43:01:73:72:5d:d7:8a:f5:b3:
2f:15:76:c1:26:ab:89:54:5d:e4:0e:ba:93:5f:9d:1a:ef:42:
aa:46:e4:75:df:a4:ef:84:bb:64:87:74:12:c0:58:95:65:ff:
54:bf:4b:37:46:c2:5a:c8:65:19:96:f1:b8:d3:4c:dd:2b:eb:
2d:1a:47:b6:d5:27:51:a6:ba:68:f6:e8:d7:32:50:fb:21:6c:
0f:1b:2c:9d:ac:e9:1b:96:9d:33:10:94:9f:b4:98:bc:ca:17:
ae:ed:b9:1f:b6:09:ac:80:78:95:c8:61:10:13:03:7d:63:52:
79:8d:25:a5:1b:10:3a:5e:a0:93:8e:f7:f7:cd:85:81:e1:7c:
db:22:91:a8:12:6d:8d:a7:27:46:4f:0b:72:bc:37:21:32:73:
2a:46:4f:01:52:83:7b:8d:97:7a:1d:8d:91:bb:2b:29:99:4c:
8f:2b:12:81
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVGYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEw
MjU0MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA4NDNGNDUxQ0M1NTI3
ODA2MEI0OTFCMDJFNUREMzgzRTAxRjlDNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDcn/dwex8JNf2uMEkcs4jQPjCM/GnvAYSlcVrmJU3crWMFO6V
Yqbo4WdFaDl/YwAWP5KxwyJhkhKOsE5Rg7txE9mhNGV82z+zWdqt88cjlNHY4H//
0dWs4e8cuWf6wZsbRBcdUvy+K/UCpsbssTBo4gek5CvkciPfjTpSWaBuvNv0OZSo
jxz9IM4y/3UO2CqZQyMSPCxR+x4ZWmQ3856YqwWqkS6Wof0KO1LBvE+My+XOE/sm
5/dC8t43EhBsxlq6w26qHqZ8u7JCUL3BiPYdPl08MneVReFvtNoIM/zfGRZeFhZR
7IN1OUY9j8iGqXjX0Mxz9C+S8Y+C413w1liLAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUCEP0UcxVJ4BgtJGwLl3Tg+AfnEUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NFUDBVY3hWSjRCZ3RK
R3dMbDNUZy1BZm5FVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAbiYnPRA+Yz+eAfN0eClLg4XEo2k9m1Ip
PUQMPL9mfMuEH+xUsxhmRESxRngHUnFoyyO3yvPddCRr4zX3TR/CySZaVmqxpiUQ
Rqz1GYGHixgMQwFzcl3XivWzLxV2wSariVRd5A66k1+dGu9Cqkbkdd+k74S7ZId0
EsBYlWX/VL9LN0bCWshlGZbxuNNM3SvrLRpHttUnUaa6aPbo1zJQ+yFsDxssnazp
G5adMxCUn7SYvMoXru25H7YJrIB4lchhEBMDfWNSeY0lpRsQOl6gk473982FgeF8
2yKRqBJtjacnRk8Lcrw3ITJzKkZPAVKDe42Xeh2NkbsrKZlMjysSgQ==
-----END CERTIFICATE-----
Generated at Sat May 17 19:52:33 2025 by rpki-client