Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GE1TNFT82Al1E4tmwJ5FwLqoIG0.roa
File: GE1TNFT82Al1E4tmwJ5FwLqoIG0.roa (raw, json)
Hash identifier: BIoYvHHlFy3WdZ4egQUIZg77aGyXsqFV5+gyN5mptsg=
Subject key identifier: 18:4D:53:34:54:FC:D8:09:75:13:8B:66:C0:9E:45:C0:BA:A8:20:6D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54F6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GE1TNFT82Al1E4tmwJ5FwLqoIG0.roa
Signing time: Sat 11 May 2024 20:54:11 +0000
ROA not before: Sat 11 May 2024 20:54:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21750 (0x54f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 20:54:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=184D533454FCD80975138B66C09E45C0BAA8206D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:c6:90:e9:06:ec:bc:eb:49:ec:db:28:44:59:
5e:57:a6:c6:72:8a:42:0e:96:91:5c:f5:cb:0f:cf:
45:ea:ee:54:10:5a:20:fa:20:f5:d0:66:58:2b:9b:
76:bf:54:4d:29:34:7c:62:84:4d:0f:84:c7:0a:7a:
67:84:6e:2b:bd:fe:18:05:d3:cd:ca:a6:3b:2d:50:
7b:29:92:a2:41:4e:67:85:36:03:77:7e:63:ae:a4:
0d:6d:09:1c:30:b4:96:03:9d:2a:c2:5a:25:23:27:
f9:ae:7b:2a:47:48:50:ce:05:ca:e6:c7:d7:db:39:
e4:26:40:fd:ff:db:0f:07:87:c3:0a:ba:4a:d9:07:
6d:5f:84:be:e4:d1:1c:d0:19:39:08:4a:36:bf:b2:
59:b7:ce:94:8e:d5:fd:a0:16:30:f1:01:c5:ff:b0:
2c:32:fe:e4:3d:ac:b6:f5:33:26:b7:00:cf:f9:0b:
78:4e:aa:c3:d3:6f:df:fa:b0:4d:68:c5:74:ac:eb:
01:dd:41:6f:34:43:a0:81:74:f6:b4:5e:7e:50:ae:
fd:8c:71:89:24:42:0f:2b:e0:30:04:1a:fb:a8:17:
f7:f1:e6:72:c1:d4:dc:87:72:11:72:1e:f6:d4:2f:
cb:6c:a4:02:fe:1d:a4:bf:72:c9:19:7e:21:6c:da:
fe:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:4D:53:34:54:FC:D8:09:75:13:8B:66:C0:9E:45:C0:BA:A8:20:6D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GE1TNFT82Al1E4tmwJ5FwLqoIG0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
39:2a:9c:97:3a:0e:bc:6d:93:5a:42:eb:3f:37:2e:b6:75:72:
48:55:23:71:c6:ce:a0:4b:df:1b:89:fb:e5:33:ff:38:ec:7c:
43:69:86:01:ef:39:99:b3:59:dd:0a:7b:48:4a:70:92:e9:f3:
02:fa:86:36:d7:f0:f1:ae:db:c1:52:9c:18:09:19:1f:82:2d:
58:fa:03:b5:c8:af:57:46:8d:07:ca:4d:53:3b:91:38:bc:d9:
40:e5:92:c3:3b:41:02:1a:b8:56:b4:c4:2c:85:0c:fd:13:ba:
08:bf:d8:8f:9e:90:27:5a:3f:f8:dd:74:1e:67:9f:37:78:bc:
8d:9d:b9:da:31:38:af:6d:66:8e:29:5e:f2:e7:a7:c8:16:bf:
15:98:51:8b:91:b8:c9:59:5b:0a:9b:5e:ae:89:4d:f6:c2:7c:
a3:4d:20:47:8c:88:19:82:64:05:a9:b6:7a:fb:6c:83:62:38:
ff:fb:c8:94:26:46:5d:d2:87:b5:a2:65:00:4f:88:f5:9a:c7:
a4:35:b9:87:b4:53:e4:05:18:92:5a:8a:c4:9c:db:51:e3:c5:
0d:01:99:53:5d:1a:54:4a:ed:58:49:60:d0:d9:d3:12:e1:95:
5c:cb:15:c9:d4:93:ef:cd:8b:45:a9:f1:80:a6:30:5c:41:12:
5b:3c:2d:b4
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVPYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEy
MDU0MTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE4NEQ1MzM0NTRGQ0Q4
MDk3NTEzOEI2NkMwOUU0NUMwQkFBODIwNkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9xpDpBuy860ns2yhEWV5XpsZyikIOlpFc9csPz0Xq7lQQWiD6
IPXQZlgrm3a/VE0pNHxihE0PhMcKemeEbiu9/hgF083KpjstUHspkqJBTmeFNgN3
fmOupA1tCRwwtJYDnSrCWiUjJ/mueypHSFDOBcrmx9fbOeQmQP3/2w8Hh8MKukrZ
B21fhL7k0RzQGTkISja/slm3zpSO1f2gFjDxAcX/sCwy/uQ9rLb1Mya3AM/5C3hO
qsPTb9/6sE1oxXSs6wHdQW80Q6CBdPa0Xn5Qrv2McYkkQg8r4DAEGvuoF/fx5nLB
1NyHchFyHvbUL8tspAL+HaS/cskZfiFs2v6hAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUGE1TNFT82Al1E4tmwJ5FwLqoIG0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dFMVRORlQ4MkFsMUU0
dG13SjVGd0xxb0lHMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAOSqclzoOvG2TWkLrPzcutnVySFUjccbO
oEvfG4n75TP/OOx8Q2mGAe85mbNZ3Qp7SEpwkunzAvqGNtfw8a7bwVKcGAkZH4It
WPoDtcivV0aNB8pNUzuROLzZQOWSwztBAhq4VrTELIUM/RO6CL/Yj56QJ1o/+N10
HmefN3i8jZ252jE4r21mjile8uenyBa/FZhRi5G4yVlbCpterolN9sJ8o00gR4yI
GYJkBam2evtsg2I4//vIlCZGXdKHtaJlAE+I9ZrHpDW5h7RT5AUYklqKxJzbUePF
DQGZU10aVErtWElg0NnTEuGVXMsVydST782LRanxgKYwXEESWzwttA==
-----END CERTIFICATE-----
Generated at Sun May 18 01:58:46 2025 by rpki-client