Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CduEoeHNAMHV-JbVFNa7Ue1YYK0.roa
File: CduEoeHNAMHV-JbVFNa7Ue1YYK0.roa (raw, json)
Hash identifier: 1yVkWV+V1Vw3PLw45wRYC1uhWnpcrLSPhOQyy/5XnzQ=
Subject key identifier: 09:DB:84:A1:E1:CD:00:C1:D5:F8:96:D5:14:D6:BB:51:ED:58:60:AD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 50BA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CduEoeHNAMHV-JbVFNa7Ue1YYK0.roa
Signing time: Mon 06 May 2024 05:23:49 +0000
ROA not before: Mon 06 May 2024 05:23:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20666 (0x50ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 05:23:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=09DB84A1E1CD00C1D5F896D514D6BB51ED5860AD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:43:29:ca:27:21:95:3a:72:e9:04:96:52:95:
b5:00:15:c3:9f:60:47:33:aa:d6:0b:b3:2a:f6:7b:
5a:7a:f7:00:f2:cd:92:36:df:ef:e9:3d:77:a0:5d:
f2:4a:03:4a:e1:a2:df:b3:88:9b:40:18:f8:7f:cc:
7c:ae:51:9e:54:f6:9c:91:46:86:d0:4f:2c:03:2b:
db:79:12:4b:54:3c:07:97:a5:ce:8e:3d:c9:ca:72:
ba:8f:ea:2c:8c:06:80:a6:e1:2d:d0:5b:b9:bd:6c:
d7:39:56:3d:84:f9:b2:13:de:25:58:7a:f8:d8:66:
b4:f7:c6:fe:0a:c5:91:98:05:7d:3f:f2:9f:2f:86:
18:ec:11:19:15:e6:57:19:b8:60:51:d0:99:0a:e4:
55:2d:f5:15:5a:8b:56:13:c6:7c:e0:df:39:42:92:
f5:6d:2e:b2:fa:9b:a0:07:23:cb:ab:6f:9d:2a:1c:
3c:e6:79:ec:09:f6:de:2c:46:fd:09:5d:39:ca:f8:
e0:97:a0:1f:00:d4:db:07:8b:67:0b:b0:bb:2b:42:
9d:3d:74:6e:7a:8e:41:8c:e2:de:57:d2:f4:d6:01:
31:06:31:77:54:b1:9d:c0:b6:15:f7:33:2c:48:44:
81:e3:7c:8d:7b:e8:c9:f0:10:fe:f1:a5:ce:b8:91:
a3:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:DB:84:A1:E1:CD:00:C1:D5:F8:96:D5:14:D6:BB:51:ED:58:60:AD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CduEoeHNAMHV-JbVFNa7Ue1YYK0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
95:f3:8b:26:b7:89:ad:60:11:92:55:a9:d8:95:82:23:d7:73:
85:05:d5:70:d9:62:56:dc:c6:3c:d2:2b:70:e2:1b:b3:2f:f9:
d4:6a:14:42:60:6e:d6:af:ad:ee:87:f3:ba:17:a6:9c:85:92:
ad:cb:14:01:0d:b9:58:08:e8:df:8d:a5:f3:b6:07:4a:9b:57:
42:93:ac:85:a5:5e:98:b2:9b:03:b3:76:c1:21:2b:81:09:f7:
13:ad:eb:2c:89:63:f0:98:a0:97:42:ef:53:a4:2c:27:64:83:
c3:73:3e:76:32:b6:0d:61:40:06:d1:90:85:64:c9:3c:ec:a9:
82:bf:bd:19:fd:43:be:0c:61:84:b5:50:55:30:22:b2:31:33:
c2:d7:23:9b:39:c8:51:cf:d3:b6:5a:2c:66:fe:c1:71:23:ac:
81:5f:40:d9:ac:da:7c:46:4b:a8:dc:40:9c:1e:5f:a6:15:cb:
f1:e4:00:81:1d:55:19:6b:56:cf:81:e2:03:06:34:86:de:25:
65:e5:86:64:1e:d0:7c:25:9f:21:8c:fb:44:15:9d:ae:74:12:
9f:e2:c9:fe:97:23:8f:b5:a2:4d:97:e6:1b:ed:b8:63:1b:8a:
bf:e9:fa:f4:cf:93:3a:80:20:ca:9b:8a:45:e4:87:ee:0b:cc:
2a:a0:18:87
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICULowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYw
NTIzNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA5REI4NEExRTFDRDAw
QzFENUY4OTZENTE0RDZCQjUxRUQ1ODYwQUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDmQynKJyGVOnLpBJZSlbUAFcOfYEczqtYLsyr2e1p69wDyzZI2
3+/pPXegXfJKA0rhot+ziJtAGPh/zHyuUZ5U9pyRRobQTywDK9t5EktUPAeXpc6O
PcnKcrqP6iyMBoCm4S3QW7m9bNc5Vj2E+bIT3iVYevjYZrT3xv4KxZGYBX0/8p8v
hhjsERkV5lcZuGBR0JkK5FUt9RVai1YTxnzg3zlCkvVtLrL6m6AHI8urb50qHDzm
eewJ9t4sRv0JXTnK+OCXoB8A1NsHi2cLsLsrQp09dG56jkGM4t5X0vTWATEGMXdU
sZ3AthX3MyxIRIHjfI176MnwEP7xpc64kaN9AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUCduEoeHNAMHV+JbVFNa7Ue1YYK0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NkdUVvZUhOQU1IVi1K
YlZGTmE3VWUxWVlLMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAlfOLJreJrWARklWp2JWCI9dzhQXVcNli
VtzGPNIrcOIbsy/51GoUQmBu1q+t7ofzuhemnIWSrcsUAQ25WAjo342l87YHSptX
QpOshaVemLKbA7N2wSErgQn3E63rLIlj8Jigl0LvU6QsJ2SDw3M+djK2DWFABtGQ
hWTJPOypgr+9Gf1DvgxhhLVQVTAisjEzwtcjmznIUc/TtlosZv7BcSOsgV9A2aza
fEZLqNxAnB5fphXL8eQAgR1VGWtWz4HiAwY0ht4lZeWGZB7QfCWfIYz7RBWdrnQS
n+LJ/pcjj7WiTZfmG+24YxuKv+n69M+TOoAgypuKReSH7gvMKqAYhw==
-----END CERTIFICATE-----
Generated at Sat May 17 22:53:06 2025 by rpki-client