Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/IXpPZLY7QamGc1Yc4bDNr5-PgZY.roa
File: IXpPZLY7QamGc1Yc4bDNr5-PgZY.roa (raw, json)
Hash identifier: BbhifL+XFcmGZ2ys1vus/dcPWTsrMKnLzT/kZTsigEE=
Subject key identifier: 21:7A:4F:64:B6:3B:41:A9:86:73:56:1C:E1:B0:CD:AF:9F:8F:81:96
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DBA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IXpPZLY7QamGc1Yc4bDNr5-PgZY.roa
Signing time: Thu 02 May 2024 05:23:42 +0000
ROA not before: Thu 02 May 2024 05:23:42 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19898 (0x4dba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 05:23:42 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=217A4F64B63B41A98673561CE1B0CDAF9F8F8196
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:6f:a0:d6:3c:40:cb:fd:8c:b0:7e:f1:09:92:
15:a7:9b:94:5f:4e:c2:09:4b:2b:fb:c1:85:1a:12:
83:68:87:92:dd:cc:c3:67:41:69:1f:68:db:4e:65:
4c:d7:df:7f:09:1c:95:77:af:3c:d9:5c:31:59:1d:
1a:8f:44:d7:21:01:92:1c:3b:92:18:3b:6a:c3:ec:
6c:5f:53:50:7c:c7:b7:b9:ab:02:1e:40:f6:fe:c6:
3a:98:0f:c3:44:95:ee:5d:83:f3:2d:ca:c9:9f:44:
31:42:72:2e:32:b9:ce:27:81:d4:6c:47:36:8b:ea:
c9:b2:fe:fd:f8:56:93:39:b8:30:be:1f:8c:e9:51:
4f:87:1c:e2:3c:37:f7:da:0f:7f:87:e9:23:55:c6:
01:6b:c8:8a:6b:e5:7d:1f:31:40:d8:4f:79:65:eb:
14:a1:7c:41:e5:35:2f:5a:77:e5:07:f3:8e:f2:7d:
39:a4:5e:a2:d4:99:c2:df:79:b0:dc:f0:fe:b1:3d:
a8:8c:61:93:e1:0b:09:1e:8c:be:69:f0:01:de:15:
7e:f3:83:8c:59:c8:21:5b:db:b9:62:2e:45:48:02:
85:47:1d:af:91:92:1e:c5:bc:83:66:d0:a9:32:7b:
70:a0:47:59:96:23:1b:75:ed:34:7d:16:76:67:12:
57:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:7A:4F:64:B6:3B:41:A9:86:73:56:1C:E1:B0:CD:AF:9F:8F:81:96
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IXpPZLY7QamGc1Yc4bDNr5-PgZY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
04:97:12:a1:23:6b:09:eb:03:e5:db:a2:d2:f4:c1:7c:7d:cb:
79:c8:71:04:01:c0:50:fa:41:7d:40:c8:ae:a4:05:51:8b:91:
ca:d9:4e:e1:ae:0c:9e:32:67:40:4c:47:e3:80:3a:3f:a2:6b:
5b:1f:65:84:f6:71:08:62:34:b0:c6:fd:ed:3a:05:01:da:0c:
19:ff:73:1d:7a:d6:7a:46:cf:c6:d8:26:af:2f:37:72:32:9f:
e5:1b:11:c4:2a:a6:a6:27:f3:07:f4:08:16:82:51:f8:42:28:
a4:7d:c9:cf:9d:a9:e7:a6:2c:04:94:02:ae:bf:d3:8f:0e:1b:
76:34:77:9a:5c:81:89:32:a8:37:b0:58:bc:a4:6e:a2:c1:6c:
ff:25:92:c1:59:20:9d:1f:09:29:38:97:f7:d8:e3:8e:b7:9d:
30:12:71:d0:6b:77:b3:bf:60:f2:05:4d:97:0c:70:cb:82:58:
a8:0b:68:c2:a4:2c:c5:9e:ad:73:4f:39:7d:18:cd:08:67:30:
e2:f2:e8:52:f2:33:ba:18:6e:a2:4d:38:d0:65:59:cd:78:23:
34:7a:d2:4a:cb:37:c7:1e:90:90:95:48:a2:0a:e3:cd:d0:a4:
e8:4a:02:6c:6f:af:51:17:72:ca:8a:31:e2:12:f5:32:8c:c9:
5f:30:b6:28
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTbowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
NTIzNDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIxN0E0RjY0QjYzQjQx
QTk4NjczNTYxQ0UxQjBDREFGOUY4RjgxOTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSb6DWPEDL/YywfvEJkhWnm5RfTsIJSyv7wYUaEoNoh5LdzMNn
QWkfaNtOZUzX338JHJV3rzzZXDFZHRqPRNchAZIcO5IYO2rD7GxfU1B8x7e5qwIe
QPb+xjqYD8NEle5dg/MtysmfRDFCci4yuc4ngdRsRzaL6smy/v34VpM5uDC+H4zp
UU+HHOI8N/faD3+H6SNVxgFryIpr5X0fMUDYT3ll6xShfEHlNS9ad+UH847yfTmk
XqLUmcLfebDc8P6xPaiMYZPhCwkejL5p8AHeFX7zg4xZyCFb27liLkVIAoVHHa+R
kh7FvINm0Kkye3CgR1mWIxt17TR9FnZnElcdAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUIXpPZLY7QamGc1Yc4bDNr5+PgZYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0lYcFBaTFk3UWFtR2Mx
WWM0YkROcjUtUGdaWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEABJcSoSNrCesD5dui0vTBfH3LechxBAHA
UPpBfUDIrqQFUYuRytlO4a4MnjJnQExH44A6P6JrWx9lhPZxCGI0sMb97ToFAdoM
Gf9zHXrWekbPxtgmry83cjKf5RsRxCqmpifzB/QIFoJR+EIopH3Jz52p56YsBJQC
rr/Tjw4bdjR3mlyBiTKoN7BYvKRuosFs/yWSwVkgnR8JKTiX99jjjredMBJx0Gt3
s79g8gVNlwxwy4JYqAtowqQsxZ6tc085fRjNCGcw4vLoUvIzuhhuok040GVZzXgj
NHrSSss3xx6QkJVIogrjzdCk6EoCbG+vURdyyoox4hL1MozJXzC2KA==
-----END CERTIFICATE-----
Generated at Sat May 17 21:28:10 2025 by rpki-client