Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MURx5cQ81A4-U6r5D7XHk9yvDgY.roa
File: MURx5cQ81A4-U6r5D7XHk9yvDgY.roa (raw, json)
Hash identifier: c3/JEogMRluhiOUf+kZPPj1UFm7jG+vat3hJgzw9wKY=
Subject key identifier: 31:44:71:E5:C4:3C:D4:0E:3E:53:AA:F9:0F:B5:C7:93:DC:AF:0E:06
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57FE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MURx5cQ81A4-U6r5D7XHk9yvDgY.roa
Signing time: Wed 15 May 2024 21:54:15 +0000
ROA not before: Wed 15 May 2024 21:54:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22526 (0x57fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 21:54:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=314471E5C43CD40E3E53AAF90FB5C793DCAF0E06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:9c:f6:0c:52:82:ee:d0:90:f2:5b:69:1f:ce:
e6:18:6f:d8:09:cc:2d:f8:88:72:b4:b0:31:28:06:
b6:84:c5:35:c5:aa:04:c4:95:ec:e1:f5:1f:4e:23:
87:a2:5d:d6:59:6e:b5:25:a4:6d:ed:ac:81:1e:6c:
df:1f:c7:90:30:b5:1e:6f:53:36:2f:82:01:18:96:
3f:b5:b5:40:09:80:50:1e:0e:1d:e3:63:fd:8a:f8:
26:fc:94:d1:51:4c:f2:78:e2:69:d7:60:fa:71:54:
64:a8:96:fc:16:f5:ce:32:b8:46:d4:32:c4:a3:98:
3e:6a:00:49:ec:a9:12:0f:ef:29:9e:dc:f3:36:f5:
d0:a7:79:a3:83:da:86:a1:fb:cc:1d:53:5b:ea:b6:
92:3f:e3:57:4b:2b:77:aa:3a:d4:e2:bf:95:c2:ac:
8a:5b:0a:1b:6c:99:18:bb:1a:8b:58:94:0f:3d:c1:
75:d3:a9:1d:55:16:0f:d4:f9:90:bb:64:1d:22:27:
ed:26:4b:99:a0:d7:57:b5:12:43:7e:c8:ab:5e:96:
d8:3e:e2:fe:e6:e7:3a:3c:1d:b1:be:3f:32:1e:d6:
e0:f0:c1:cd:0d:ba:7c:3a:61:86:9e:65:0d:a8:94:
7d:6f:ae:8b:e1:31:4d:8e:f2:9d:6f:6b:fc:e7:dc:
70:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:44:71:E5:C4:3C:D4:0E:3E:53:AA:F9:0F:B5:C7:93:DC:AF:0E:06
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MURx5cQ81A4-U6r5D7XHk9yvDgY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9c:81:19:a0:9a:bd:86:a8:89:c7:62:a3:86:2e:7d:be:f1:b1:
83:a5:e7:52:ac:e2:92:39:60:fa:ce:67:6f:1e:23:c0:3d:04:
1e:13:e3:07:bf:f5:2a:dc:a0:a7:04:78:d8:a6:92:37:11:a5:
2a:27:22:8d:f5:4e:47:d3:c2:ff:ce:34:b0:ee:b5:19:20:29:
c5:b4:40:9f:a9:d2:d7:dc:49:f4:54:ad:8f:3e:0f:c2:81:bb:
d5:9d:36:f6:bb:af:48:b8:52:7d:45:98:eb:58:ad:4e:b1:ac:
22:4d:aa:20:37:31:f1:7e:f3:37:cc:c9:1f:dd:13:13:84:71:
13:96:0c:1d:b0:23:3d:e5:0b:b8:34:0c:13:eb:39:ee:9f:59:
f8:5f:72:6c:d4:9f:08:d0:a9:c3:9f:53:09:78:e7:6e:42:fd:
82:5a:d9:76:15:f8:22:ae:11:df:9e:b9:01:4d:40:df:49:19:
59:ef:c3:14:78:24:a6:50:d0:e8:e9:64:40:da:bd:ec:fa:a8:
8f:3e:50:4e:74:8e:48:b7:8a:1a:3b:92:74:d1:82:08:70:ca:
0d:5b:78:77:14:52:ab:65:e8:03:1a:5b:3b:c7:bf:b9:52:2d:
7e:d4:11:70:f5:47:e3:4a:9d:f3:42:17:b0:b1:cd:9d:7a:6e:
84:e8:d4:33
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICV/4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUy
MTU0MTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDMxNDQ3MUU1QzQzQ0Q0
MEUzRTUzQUFGOTBGQjVDNzkzRENBRjBFMDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+nPYMUoLu0JDyW2kfzuYYb9gJzC34iHK0sDEoBraExTXFqgTE
lezh9R9OI4eiXdZZbrUlpG3trIEebN8fx5AwtR5vUzYvggEYlj+1tUAJgFAeDh3j
Y/2K+Cb8lNFRTPJ44mnXYPpxVGSolvwW9c4yuEbUMsSjmD5qAEnsqRIP7yme3PM2
9dCneaOD2oah+8wdU1vqtpI/41dLK3eqOtTiv5XCrIpbChtsmRi7GotYlA89wXXT
qR1VFg/U+ZC7ZB0iJ+0mS5mg11e1EkN+yKteltg+4v7m5zo8HbG+PzIe1uDwwc0N
unw6YYaeZQ2olH1vrovhMU2O8p1va/zn3HCDAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUMURx5cQ81A4+U6r5D7XHk9yvDgYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01VUng1Y1E4MUE0LVU2
cjVEN1hIazl5dkRnWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAnIEZoJq9hqiJx2Kjhi59vvGxg6XnUqzi
kjlg+s5nbx4jwD0EHhPjB7/1KtygpwR42KaSNxGlKicijfVOR9PC/840sO61GSAp
xbRAn6nS19xJ9FStjz4PwoG71Z029ruvSLhSfUWY61itTrGsIk2qIDcx8X7zN8zJ
H90TE4RxE5YMHbAjPeULuDQME+s57p9Z+F9ybNSfCNCpw59TCXjnbkL9glrZdhX4
Iq4R3565AU1A30kZWe/DFHgkplDQ6OlkQNq97Pqojz5QTnSOSLeKGjuSdNGCCHDK
DVt4dxRSq2XoAxpbO8e/uVItftQRcPVH40qd80IXsLHNnXpuhOjUMw==
-----END CERTIFICATE-----
Generated at Sun May 18 16:43:29 2025 by rpki-client