Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KF3Vl6fAhvBaKEXck26RZKgmk14.roa
File: KF3Vl6fAhvBaKEXck26RZKgmk14.roa (raw, json)
Hash identifier: KUTEctk6jAPcuularovZpOB8p2FAoblbnl4CKFS6NZA=
Subject key identifier: 28:5D:D5:97:A7:C0:86:F0:5A:28:45:DC:93:6E:91:64:A8:26:93:5E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4ED6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KF3Vl6fAhvBaKEXck26RZKgmk14.roa
Signing time: Fri 03 May 2024 16:53:47 +0000
ROA not before: Fri 03 May 2024 16:53:47 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20182 (0x4ed6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 16:53:47 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=285DD597A7C086F05A2845DC936E9164A826935E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:bb:6f:59:27:d0:b1:8d:f4:20:8d:79:df:24:
ef:6d:8f:9b:c9:46:f9:af:83:90:2d:29:8d:99:f4:
e8:1d:5b:23:97:78:84:34:2a:34:59:82:f9:41:01:
4b:2d:f1:01:2c:17:c2:cd:73:83:a5:f5:3a:e1:f7:
f1:07:06:13:18:e0:d5:0b:f5:bc:d4:23:9c:fc:2e:
5b:96:8c:1d:3c:6d:c2:0a:3b:5c:8f:22:3d:2f:e4:
d1:0b:7c:8d:bb:53:d2:16:4c:61:45:fb:4c:6c:c0:
be:29:bc:52:9a:e6:b5:22:2a:80:4f:43:72:12:32:
4b:ed:b7:78:db:97:76:3c:23:67:ff:42:39:0a:9e:
b5:78:67:5f:f0:57:e9:6d:5a:b4:88:3b:46:c0:3b:
c7:e1:38:cb:bc:a6:96:1b:30:37:69:96:ee:3d:36:
cb:fd:f2:4a:78:44:e0:52:28:bf:af:d8:50:92:d1:
ca:f6:be:ac:59:c8:54:ba:33:28:eb:99:24:a1:1c:
07:f1:9a:47:4f:60:fc:11:f9:a8:a0:f1:b9:1a:f2:
e0:ab:62:ea:7c:42:0b:ad:c0:81:a2:01:0e:93:e0:
b8:d0:89:a9:c3:aa:75:80:67:09:a1:32:e8:93:66:
3c:20:fd:ca:78:dd:e4:ca:93:f6:6a:87:5c:98:77:
52:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:5D:D5:97:A7:C0:86:F0:5A:28:45:DC:93:6E:91:64:A8:26:93:5E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KF3Vl6fAhvBaKEXck26RZKgmk14.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
10:8e:7e:5d:18:c7:2a:28:5e:a9:7e:05:f7:33:68:16:70:d8:
56:d6:ad:81:0d:a3:f5:6a:0e:ce:dc:87:a4:62:be:20:4f:e5:
8f:9c:54:79:52:10:83:ec:44:54:23:a0:c8:d1:96:21:b9:91:
96:9a:45:4b:34:8b:ec:fb:b1:92:22:59:96:89:1e:24:ff:39:
a0:33:6d:09:f9:70:7f:50:61:f0:dc:ea:1e:b1:4e:eb:18:66:
e7:80:91:33:3b:92:7f:22:d5:6e:0d:9e:52:b3:c6:16:01:3a:
85:97:2e:8d:90:af:ca:a1:cb:c7:17:a5:ff:bc:56:16:e3:d2:
f1:d0:be:7a:29:13:20:28:f9:56:e4:6a:74:b2:61:ca:3e:1d:
be:4c:13:cf:cc:51:1f:37:0d:3e:44:a1:4c:f6:51:d0:f5:1b:
2b:54:52:52:62:31:af:1f:a6:b3:30:c7:df:0b:00:53:fc:fa:
38:89:a9:98:3b:47:3f:f5:d3:79:e6:e8:4c:e2:4a:c8:cf:86:
0a:60:e9:92:8c:40:95:8b:c1:c9:6c:36:3a:85:aa:e6:b7:11:
99:fd:1e:5e:06:22:fa:8d:b3:2b:a3:0e:3b:56:76:c0:13:48:
f4:c7:42:96:c6:58:7e:47:87:a1:1a:ef:c0:9e:25:7f:7a:87:
93:72:f7:31
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTtYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMx
NjUzNDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI4NURENTk3QTdDMDg2
RjA1QTI4NDVEQzkzNkU5MTY0QTgyNjkzNUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMu29ZJ9CxjfQgjXnfJO9tj5vJRvmvg5AtKY2Z9OgdWyOXeIQ0
KjRZgvlBAUst8QEsF8LNc4Ol9Trh9/EHBhMY4NUL9bzUI5z8LluWjB08bcIKO1yP
Ij0v5NELfI27U9IWTGFF+0xswL4pvFKa5rUiKoBPQ3ISMkvtt3jbl3Y8I2f/QjkK
nrV4Z1/wV+ltWrSIO0bAO8fhOMu8ppYbMDdplu49Nsv98kp4ROBSKL+v2FCS0cr2
vqxZyFS6MyjrmSShHAfxmkdPYPwR+aig8bka8uCrYup8QgutwIGiAQ6T4LjQianD
qnWAZwmhMuiTZjwg/cp43eTKk/Zqh1yYd1L3AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUKF3Vl6fAhvBaKEXck26RZKgmk14wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tGM1ZsNmZBaHZCYUtF
WGNrMjZSWktnbWsxNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAEI5+XRjHKiheqX4F9zNoFnDYVtatgQ2j
9WoOztyHpGK+IE/lj5xUeVIQg+xEVCOgyNGWIbmRlppFSzSL7PuxkiJZlokeJP85
oDNtCflwf1Bh8NzqHrFO6xhm54CRMzuSfyLVbg2eUrPGFgE6hZcujZCvyqHLxxel
/7xWFuPS8dC+eikTICj5VuRqdLJhyj4dvkwTz8xRHzcNPkShTPZR0PUbK1RSUmIx
rx+mszDH3wsAU/z6OImpmDtHP/XTeeboTOJKyM+GCmDpkoxAlYvByWw2OoWq5rcR
mf0eXgYi+o2zK6MOO1Z2wBNI9MdClsZYfkeHoRrvwJ4lf3qHk3L3MQ==
-----END CERTIFICATE-----
Generated at Sun May 18 04:48:49 2025 by rpki-client