Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/IQjU61JcqYzVbzImiHoSgzPC14o.roa
File: IQjU61JcqYzVbzImiHoSgzPC14o.roa (raw, json)
Hash identifier: hET4BDQ8z3LaPAY+oCX9SVW9kcV9ez/XO2Z7CrOHMFw=
Subject key identifier: 21:08:D4:EB:52:5C:A9:8C:D5:6F:32:26:88:7A:12:83:33:C2:D7:8A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 355E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IQjU61JcqYzVbzImiHoSgzPC14o.roa
Signing time: Sat 30 Mar 2024 17:52:16 +0000
ROA not before: Sat 30 Mar 2024 17:52:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13662 (0x355e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 17:52:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2108D4EB525CA98CD56F3226887A128333C2D78A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:8d:ac:15:fa:24:55:b3:76:0a:0f:58:3d:6c:
6e:e2:33:de:54:18:d9:1a:21:7a:6e:2b:61:06:af:
f9:9d:ba:27:ba:2f:04:b6:a8:08:6f:44:ee:f3:5d:
f7:2a:b1:02:31:d8:4f:df:58:96:11:7f:4e:d6:af:
21:a9:de:ce:b9:9c:36:87:2a:0d:25:f5:4f:75:de:
3c:53:94:85:34:a3:cb:7a:b8:a5:dc:6e:83:64:ef:
2d:cc:b8:19:a7:46:4f:2e:46:d3:cc:2d:8b:ef:2d:
e1:88:19:29:ea:d4:f1:19:e8:86:ad:b8:ab:40:20:
31:c7:0c:d9:a4:13:b2:a3:5a:e1:c2:b0:31:56:1c:
99:3f:63:0f:82:88:89:12:8c:bc:7a:c6:b4:46:87:
cb:5b:2a:8f:ef:92:81:b7:ee:be:50:0b:d8:8a:02:
57:1e:1e:a0:73:81:5a:20:d1:d8:f6:7c:f7:8d:b6:
8f:0c:e8:29:14:9a:39:9e:f8:09:7c:2f:78:90:94:
da:6f:8c:f1:db:61:b2:5c:7d:91:f6:3a:f5:2c:28:
0e:68:99:53:01:2e:be:e5:b6:20:94:1a:dc:f5:6c:
04:d6:57:d7:b7:b4:05:67:5b:60:83:59:3f:95:ba:
ec:dc:12:f5:f5:d4:ee:01:d0:96:da:70:b1:38:d9:
c3:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:08:D4:EB:52:5C:A9:8C:D5:6F:32:26:88:7A:12:83:33:C2:D7:8A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IQjU61JcqYzVbzImiHoSgzPC14o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4f:70:6a:a2:42:bc:42:69:f5:d5:45:7e:ac:09:91:34:28:58:
ed:98:09:63:f3:fd:b1:19:26:ac:b2:4e:0a:e1:0b:a8:f1:b4:
d7:c2:74:5b:1d:c4:56:7b:91:70:3c:c0:71:34:57:14:c8:de:
ad:38:7a:24:43:29:fe:32:59:b7:fb:2a:25:ed:5d:b6:3d:c7:
27:36:97:fd:01:23:ec:da:31:00:4c:3e:e1:af:0c:d5:19:f1:
3b:c8:a4:3d:70:f6:6c:2c:f3:67:21:3f:8b:88:49:58:a7:70:
29:5a:d9:cd:e7:d9:1d:fb:cb:b6:60:84:d9:12:91:22:96:d9:
de:9d:01:b3:9c:41:84:be:43:1c:63:0d:f5:72:f8:fa:09:e1:
4c:10:27:31:a8:72:5b:9e:e1:b9:8a:0a:bb:70:87:eb:63:74:
7e:31:bb:15:74:4a:80:41:5b:4b:b8:af:1c:78:f4:2e:b3:12:
3f:c6:45:29:b2:ee:78:f7:6a:48:b0:e3:0c:71:04:78:a2:fd:
19:e7:21:cc:e3:7f:64:e6:47:d9:c5:96:af:7c:61:3c:5d:9e:
03:2a:4e:00:81:23:a0:78:a2:29:03:90:dc:76:98:99:99:bc:
4e:51:00:df:2f:a8:e7:22:58:74:8c:d1:fc:5b:78:b4:40:19:
04:74:50:95
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNV4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAx
NzUyMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIxMDhENEVCNTI1Q0E5
OENENTZGMzIyNjg4N0ExMjgzMzNDMkQ3OEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+jawV+iRVs3YKD1g9bG7iM95UGNkaIXpuK2EGr/mduie6LwS2
qAhvRO7zXfcqsQIx2E/fWJYRf07WryGp3s65nDaHKg0l9U913jxTlIU0o8t6uKXc
boNk7y3MuBmnRk8uRtPMLYvvLeGIGSnq1PEZ6IatuKtAIDHHDNmkE7KjWuHCsDFW
HJk/Yw+CiIkSjLx6xrRGh8tbKo/vkoG37r5QC9iKAlceHqBzgVog0dj2fPeNto8M
6CkUmjme+Al8L3iQlNpvjPHbYbJcfZH2OvUsKA5omVMBLr7ltiCUGtz1bATWV9e3
tAVnW2CDWT+VuuzcEvX11O4B0JbacLE42cMPAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUIQjU61JcqYzVbzImiHoSgzPC14owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0lRalU2MUpjcVl6VmJ6
SW1pSG9TZ3pQQzE0by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAT3BqokK8Qmn11UV+rAmRNChY7ZgJY/P9
sRkmrLJOCuELqPG018J0Wx3EVnuRcDzAcTRXFMjerTh6JEMp/jJZt/sqJe1dtj3H
JzaX/QEj7NoxAEw+4a8M1RnxO8ikPXD2bCzzZyE/i4hJWKdwKVrZzefZHfvLtmCE
2RKRIpbZ3p0Bs5xBhL5DHGMN9XL4+gnhTBAnMahyW57huYoKu3CH62N0fjG7FXRK
gEFbS7ivHHj0LrMSP8ZFKbLuePdqSLDjDHEEeKL9GechzON/ZOZH2cWWr3xhPF2e
AypOAIEjoHiiKQOQ3HaYmZm8TlEA3y+o5yJYdIzR/Ft4tEAZBHRQlQ==
-----END CERTIFICATE-----
Generated at Sat May 17 21:30:16 2025 by rpki-client