Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/I5DpSnV7g4_d7ofIcQhYC7qzdXI.roa
File: I5DpSnV7g4_d7ofIcQhYC7qzdXI.roa (raw, json)
Hash identifier: Cyvc2wl4bdh6MUkkcH2Ezc9Q041J2T3tGDgYHwM7esw=
Subject key identifier: 23:90:E9:4A:75:7B:83:8F:DD:EE:87:C8:71:08:58:0B:BA:B3:75:72
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 503A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I5DpSnV7g4_d7ofIcQhYC7qzdXI.roa
Signing time: Sun 05 May 2024 13:24:01 +0000
ROA not before: Sun 05 May 2024 13:24:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20538 (0x503a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 13:24:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2390E94A757B838FDDEE87C87108580BBAB37572
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:fd:ea:b1:14:7b:8f:81:bd:85:f7:af:0e:eb:
8c:ed:2c:07:6d:02:7b:6e:04:2d:ee:9e:67:78:d1:
7e:a4:2e:25:fd:b6:96:f6:e6:c4:35:3f:b8:15:3c:
ae:82:71:f7:c9:c4:b8:af:99:90:27:64:af:a6:95:
2d:58:4f:b6:b0:b8:4e:34:d5:51:7d:d7:44:4b:b0:
29:67:41:8a:5c:c7:b3:21:64:d6:67:77:b4:93:49:
06:4b:a2:a9:61:e1:73:39:93:7b:e0:4e:14:42:ee:
6c:25:a9:1d:3b:78:db:f1:0a:d3:b9:66:33:99:68:
b8:f9:d2:03:53:db:24:b9:ad:62:de:dc:21:bd:e4:
e6:d3:ca:75:65:40:53:a5:43:f3:96:ef:02:c7:67:
f2:69:29:ce:4f:53:25:38:c3:c1:22:76:68:8b:e1:
49:3d:4f:46:15:e0:f5:07:d4:95:66:01:a3:81:7d:
ad:d1:d1:7b:69:ab:29:f0:4e:31:2e:97:67:e2:3c:
51:3b:45:dc:66:7b:5a:fa:d4:e0:13:7b:5b:03:70:
1a:5e:a5:e4:4d:4b:73:4e:c7:58:13:ab:d6:3f:b7:
bd:e9:48:57:11:24:c5:dd:dd:3b:0a:55:33:fc:a9:
fb:a9:37:51:d3:be:2b:c5:aa:ed:8b:25:94:4f:ce:
ec:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:90:E9:4A:75:7B:83:8F:DD:EE:87:C8:71:08:58:0B:BA:B3:75:72
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I5DpSnV7g4_d7ofIcQhYC7qzdXI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
52:88:f4:31:51:2c:25:a6:4d:54:b5:c3:46:2b:b7:7a:d5:0a:
78:d1:35:2d:66:99:57:94:ca:aa:f8:d7:f8:26:c5:cb:44:d4:
59:59:c4:b3:f5:d2:f9:4e:a3:3a:31:e1:12:b2:7f:06:75:a2:
57:07:fe:75:74:55:3f:33:81:4f:34:71:a4:87:cf:a9:4b:60:
83:4f:ef:81:8e:5d:63:0f:04:dd:ac:53:a5:b9:31:8c:95:2d:
69:e4:8f:4d:de:66:1e:f0:72:bd:b4:b9:15:72:a7:7e:fe:8e:
dd:b9:55:a8:08:2b:46:c1:39:a4:d3:a6:b2:85:03:3d:15:ac:
71:f5:b6:63:84:c2:df:fd:db:7f:f7:87:ae:70:79:e0:27:b9:
53:f4:09:d4:60:b0:89:0e:c4:fa:7e:87:f5:f5:6c:ff:2a:5d:
49:a7:99:06:7c:ab:35:41:77:cd:74:91:6f:b2:cd:7e:0e:58:
21:81:8f:b9:18:46:d5:2c:59:3a:0d:c5:5e:dd:a7:66:9c:43:
90:b8:4a:95:f8:ef:32:c3:f3:db:5a:f9:ea:f5:22:b9:b5:34:
57:bd:c4:92:91:99:b9:7a:5c:c6:47:e1:0d:81:94:c6:f5:41:
65:0d:85:73:07:c5:a3:09:45:d9:ab:fa:66:44:99:2c:68:e9:
ea:d9:7a:16
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICUDowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUx
MzI0MDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIzOTBFOTRBNzU3Qjgz
OEZEREVFODdDODcxMDg1ODBCQkFCMzc1NzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDB/eqxFHuPgb2F968O64ztLAdtAntuBC3unmd40X6kLiX9tpb2
5sQ1P7gVPK6CcffJxLivmZAnZK+mlS1YT7awuE401VF910RLsClnQYpcx7MhZNZn
d7STSQZLoqlh4XM5k3vgThRC7mwlqR07eNvxCtO5ZjOZaLj50gNT2yS5rWLe3CG9
5ObTynVlQFOlQ/OW7wLHZ/JpKc5PUyU4w8EidmiL4Uk9T0YV4PUH1JVmAaOBfa3R
0XtpqynwTjEul2fiPFE7Rdxme1r61OATe1sDcBpepeRNS3NOx1gTq9Y/t73pSFcR
JMXd3TsKVTP8qfupN1HTvivFqu2LJZRPzuz7AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUI5DpSnV7g4/d7ofIcQhYC7qzdXIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0k1RHBTblY3ZzRfZDdv
ZkljUWhZQzdxemRYSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAUoj0MVEsJaZNVLXDRiu3etUKeNE1LWaZ
V5TKqvjX+CbFy0TUWVnEs/XS+U6jOjHhErJ/BnWiVwf+dXRVPzOBTzRxpIfPqUtg
g0/vgY5dYw8E3axTpbkxjJUtaeSPTd5mHvByvbS5FXKnfv6O3blVqAgrRsE5pNOm
soUDPRWscfW2Y4TC3/3bf/eHrnB54Ce5U/QJ1GCwiQ7E+n6H9fVs/ypdSaeZBnyr
NUF3zXSRb7LNfg5YIYGPuRhG1SxZOg3FXt2nZpxDkLhKlfjvMsPz21r56vUiubU0
V73EkpGZuXpcxkfhDYGUxvVBZQ2FcwfFowlF2av6ZkSZLGjp6tl6Fg==
-----END CERTIFICATE-----
Generated at Sat May 17 23:18:00 2025 by rpki-client