Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Kugw7qSgeW_pMKb0mrrkIAZsyxw.roa
File:                     Kugw7qSgeW_pMKb0mrrkIAZsyxw.roa (raw, json)
Hash identifier:          9kurxN9lGAlnzT3ozkRhDH3b7azl2AjLELhkPFi5Kps=
Subject key identifier:   2A:E8:30:EE:A4:A0:79:6F:E9:30:A6:F4:9A:BA:E4:20:06:6C:CB:1C
Certificate issuer:       /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial:       3A1E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Kugw7qSgeW_pMKb0mrrkIAZsyxw.roa
Signing time:             Sat 06 Apr 2024 01:52:25 +0000
ROA not before:           Sat 06 Apr 2024 01:52:25 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     24426
IP address blocks:        43.236.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14878 (0x3a1e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
        Validity
            Not Before: Apr  6 01:52:25 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=2AE830EEA4A0796FE930A6F49ABAE420066CCB1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5f:bf:ac:0f:e0:43:b3:a3:00:3c:fc:14:c0:
                    c2:a3:32:37:9e:82:7e:60:95:6d:31:cb:37:6d:e2:
                    d2:7e:ad:e9:53:48:ef:72:54:be:b0:1d:22:ac:62:
                    ea:22:9b:fb:8b:42:a5:ec:94:a0:61:1b:8b:9f:70:
                    06:38:bb:97:8c:a7:b5:74:b7:df:90:1f:e5:2e:d6:
                    47:ae:be:b1:b2:f6:0e:ff:fb:75:d8:7c:ea:a0:85:
                    c8:bd:15:6d:a1:65:eb:cf:1a:5b:50:b5:95:c9:9f:
                    39:55:1f:b5:1b:04:9c:ef:d2:0d:63:0c:e7:2c:14:
                    a9:8a:2d:ef:11:f5:07:4e:e4:f8:b2:9b:a2:db:6a:
                    86:51:ba:32:49:2f:84:e0:28:3e:19:45:5a:9f:4b:
                    31:a8:ce:52:97:54:e8:bc:39:9f:93:8d:2b:86:f4:
                    95:87:af:fc:3f:fd:90:81:d6:2f:06:ef:b5:a3:46:
                    9b:05:82:e0:35:ae:98:a2:17:a8:43:2b:d4:64:14:
                    ec:41:25:62:17:d3:bc:6c:fa:69:10:49:f1:05:4b:
                    c1:21:35:e2:a7:29:f5:11:80:5f:cb:4f:d1:6e:9c:
                    00:7a:2b:90:ac:7f:1f:4a:79:3c:45:83:ec:9d:9e:
                    31:5b:e4:0d:43:1d:d2:2f:1e:5c:bf:49:ce:57:ea:
                    59:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:E8:30:EE:A4:A0:79:6F:E9:30:A6:F4:9A:BA:E4:20:06:6C:CB:1C
            X509v3 Authority Key Identifier:
                keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Kugw7qSgeW_pMKb0mrrkIAZsyxw.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.236.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         96:d0:d9:97:4d:1e:78:b9:ea:bb:31:63:8e:3b:4e:29:27:a3:
         10:fa:f9:07:f6:c0:84:64:4e:3e:ca:12:3e:7c:63:a5:ed:6d:
         c9:35:c3:27:18:cd:a4:29:e3:8d:fb:0e:e8:4a:b1:00:50:2d:
         79:f2:4d:e4:0f:50:35:15:b9:8c:79:49:99:6d:0c:18:67:88:
         06:c1:13:b1:16:39:ea:6c:a3:3d:4f:07:49:44:e3:2a:df:f8:
         b0:6f:ce:2d:66:e5:d8:1d:fe:62:95:07:d0:8f:41:4e:c8:1c:
         1f:e7:7a:62:d6:1f:97:95:ba:6d:f2:ea:a2:78:e0:8d:dd:49:
         05:f3:4a:e8:7e:94:f9:5e:33:ef:75:fb:41:20:3a:d9:a0:46:
         e6:9e:12:61:34:db:6d:0f:0b:5e:f8:7f:b1:1e:a2:ab:11:40:
         49:e2:00:bc:de:d0:17:d9:64:63:c4:d5:62:25:da:bf:d9:43:
         57:5b:05:c2:f7:04:5b:52:1d:49:29:86:77:5c:d8:b2:a8:aa:
         f3:38:ca:79:50:3e:26:73:94:f4:6f:52:c3:ae:e3:68:41:cc:
         5d:d0:47:b8:2c:f0:a3:e5:fd:59:fc:b4:15:82:8d:72:0e:71:
         b4:ec:9a:98:92:c2:03:c9:70:f5:74:58:6c:89:bf:2e:4a:64:
         61:9b:33:48
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOh4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDYw
MTUyMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDJBRTgzMEVFQTRBMDc5
NkZFOTMwQTZGNDlBQkFFNDIwMDY2Q0NCMUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqX7+sD+BDs6MAPPwUwMKjMjeegn5glW0xyzdt4tJ+relTSO9y
VL6wHSKsYuoim/uLQqXslKBhG4ufcAY4u5eMp7V0t9+QH+Uu1keuvrGy9g7/+3XY
fOqghci9FW2hZevPGltQtZXJnzlVH7UbBJzv0g1jDOcsFKmKLe8R9QdO5Piym6Lb
aoZRujJJL4TgKD4ZRVqfSzGozlKXVOi8OZ+TjSuG9JWHr/w//ZCB1i8G77WjRpsF
guA1rpiiF6hDK9RkFOxBJWIX07xs+mkQSfEFS8EhNeKnKfURgF/LT9FunAB6K5Cs
fx9KeTxFg+ydnjFb5A1DHdIvHly/Sc5X6lnhAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUKugw7qSgeW/pMKb0mrrkIAZsyxwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0t1Z3c3cVNnZVdfcE1L
YjBtcnJrSUFac3l4dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAltDZl00eeLnquzFjjjtOKSejEPr5B/bA
hGROPsoSPnxjpe1tyTXDJxjNpCnjjfsO6EqxAFAtefJN5A9QNRW5jHlJmW0MGGeI
BsETsRY56myjPU8HSUTjKt/4sG/OLWbl2B3+YpUH0I9BTsgcH+d6YtYfl5W6bfLq
onjgjd1JBfNK6H6U+V4z73X7QSA62aBG5p4SYTTbbQ8LXvh/sR6iqxFASeIAvN7Q
F9lkY8TVYiXav9lDV1sFwvcEW1IdSSmGd1zYsqiq8zjKeVA+JnOU9G9Sw67jaEHM
XdBHuCzwo+X9Wfy0FYKNcg5xtOyamJLCA8lw9XRYbIm/LkpkYZszSA==
-----END CERTIFICATE-----
Generated at Sat May 17 21:42:44 2025 by rpki-client