Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GoUSftay0b0xBpEsva4SrM_avec.roa
File: GoUSftay0b0xBpEsva4SrM_avec.roa (raw, json)
Hash identifier: WV0XZYJeqPGyCsiB+cpOxyg1hp5csDm7daLDQtHtSJY=
Subject key identifier: 1A:85:12:7E:D6:B2:D1:BD:31:06:91:2C:BD:AE:12:AC:CF:DA:BD:E7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5652
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GoUSftay0b0xBpEsva4SrM_avec.roa
Signing time: Mon 13 May 2024 16:24:07 +0000
ROA not before: Mon 13 May 2024 16:24:07 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22098 (0x5652)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 16:24:07 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1A85127ED6B2D1BD3106912CBDAE12ACCFDABDE7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:59:f7:8b:5d:9b:43:74:f4:02:36:6f:9b:9e:
ae:41:0a:f9:86:bc:23:bc:62:cc:f0:74:99:ec:07:
7a:f4:be:d7:29:e0:f6:64:fc:f9:de:62:22:e7:39:
a3:00:13:ff:40:6d:b9:70:9d:70:b6:c0:c7:a0:fa:
39:c3:5a:6c:6b:a4:c0:5a:60:62:e5:ec:ba:a8:bd:
ba:6a:f9:99:b8:8f:ca:a3:6a:f4:29:52:8e:48:e7:
64:d5:eb:0a:c9:fe:d6:0f:5f:f2:c7:3b:cf:2b:68:
9d:17:a0:66:e2:15:43:de:f9:f1:ac:37:fc:5a:7a:
80:62:1b:d5:4e:54:4d:02:19:ca:27:26:6d:c6:62:
15:f3:30:4b:9e:bb:ab:45:38:00:92:bc:ee:ed:e7:
98:8c:2a:2e:37:b7:ec:fc:f3:2f:fc:1d:da:bf:29:
b8:2f:3a:60:a2:2b:61:af:27:a7:9e:9e:5f:bd:90:
ba:e1:2a:9a:16:13:ff:0e:34:3c:ff:c7:45:1f:02:
70:ba:a3:6c:b2:ca:f6:7a:87:a5:19:fe:a2:c0:0d:
d6:ca:f4:24:15:51:d0:23:d8:41:9d:98:e6:22:ea:
ee:60:12:bd:13:61:cb:4d:b0:2f:90:a2:60:68:1b:
0c:b4:ba:2d:57:7d:dc:cd:82:f3:dc:47:4b:12:08:
a1:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:85:12:7E:D6:B2:D1:BD:31:06:91:2C:BD:AE:12:AC:CF:DA:BD:E7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GoUSftay0b0xBpEsva4SrM_avec.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
92:ec:cd:58:a3:52:18:7c:7d:37:4d:ef:04:59:e4:fb:8b:4c:
a4:39:67:50:6a:07:f5:3d:3a:46:db:25:5d:c5:b1:6a:cc:37:
07:e9:a0:6a:1b:e5:e7:39:ec:d0:bf:a6:8b:79:c0:00:02:a9:
d3:3a:bc:c4:49:3e:82:72:84:71:6f:18:ff:bc:76:fc:7e:5c:
40:1d:82:37:91:40:b9:52:22:10:0b:6f:25:e2:02:64:37:bf:
73:87:7b:39:2f:ac:64:79:6f:a6:95:e8:f7:b9:3c:93:f2:43:
79:3c:a8:12:d7:66:86:01:69:22:bb:e9:3a:bc:47:b5:9f:89:
b3:fa:02:ab:c4:82:d4:8a:71:de:be:cb:47:33:37:27:a0:fa:
64:81:c3:96:ab:d4:ab:e4:4b:42:cc:6d:1d:a9:e9:c3:56:20:
fd:5d:7c:c9:ac:ad:16:3c:64:c1:25:8f:63:e7:95:b6:fc:25:
33:fb:06:95:7a:1a:e9:bf:39:90:8b:d3:8d:d4:63:2e:47:39:
10:92:b1:c0:4b:81:4a:ec:06:05:16:92:a4:06:8c:2c:f0:3f:
27:e8:d2:51:48:12:f5:2d:0e:3d:4a:9e:0a:b2:21:db:30:46:
ef:c8:52:b9:60:47:36:14:02:76:66:b0:3f:f5:6e:4f:ab:6f:
2c:91:23:82
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVlIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMx
NjI0MDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFBODUxMjdFRDZCMkQx
QkQzMTA2OTEyQ0JEQUUxMkFDQ0ZEQUJERTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5WfeLXZtDdPQCNm+bnq5BCvmGvCO8YszwdJnsB3r0vtcp4PZk
/PneYiLnOaMAE/9AbblwnXC2wMeg+jnDWmxrpMBaYGLl7Lqovbpq+Zm4j8qjavQp
Uo5I52TV6wrJ/tYPX/LHO88raJ0XoGbiFUPe+fGsN/xaeoBiG9VOVE0CGconJm3G
YhXzMEueu6tFOACSvO7t55iMKi43t+z88y/8Hdq/KbgvOmCiK2GvJ6eenl+9kLrh
KpoWE/8ONDz/x0UfAnC6o2yyyvZ6h6UZ/qLADdbK9CQVUdAj2EGdmOYi6u5gEr0T
YctNsC+QomBoGwy0ui1XfdzNgvPcR0sSCKGxAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUGoUSftay0b0xBpEsva4SrM/avecwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dvVVNmdGF5MGIweEJw
RXN2YTRTck1fYXZlYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAkuzNWKNSGHx9N03vBFnk+4tMpDlnUGoH
9T06RtslXcWxasw3B+mgahvl5zns0L+mi3nAAAKp0zq8xEk+gnKEcW8Y/7x2/H5c
QB2CN5FAuVIiEAtvJeICZDe/c4d7OS+sZHlvppXo97k8k/JDeTyoEtdmhgFpIrvp
OrxHtZ+Js/oCq8SC1Ipx3r7LRzM3J6D6ZIHDlqvUq+RLQsxtHanpw1Yg/V18yayt
FjxkwSWPY+eVtvwlM/sGlXoa6b85kIvTjdRjLkc5EJKxwEuBSuwGBRaSpAaMLPA/
J+jSUUgS9S0OPUqeCrIh2zBG78hSuWBHNhQCdmawP/VuT6tvLJEjgg==
-----END CERTIFICATE-----
Generated at Sat May 17 19:44:42 2025 by rpki-client