Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PgSkm4B73y-w_3-8YVNv_fS34jg.roa
File: PgSkm4B73y-w_3-8YVNv_fS34jg.roa (raw, json)
Hash identifier: /lxxul4lJH62uXr43MWTHY2LU1+iOHU8Prcciw4XMpE=
Subject key identifier: 3E:04:A4:9B:80:7B:DF:2F:B0:FF:7F:BC:61:53:6F:FD:F4:B7:E2:38
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B0E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PgSkm4B73y-w_3-8YVNv_fS34jg.roa
Signing time: Sun 07 Apr 2024 07:52:29 +0000
ROA not before: Sun 07 Apr 2024 07:52:29 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15118 (0x3b0e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 07:52:29 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3E04A49B807BDF2FB0FF7FBC61536FFDF4B7E238
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:d5:b1:c0:1f:71:ce:85:9d:51:5f:c6:8d:bc:
79:b1:78:50:14:0a:e9:fd:3c:df:a6:40:fc:04:13:
1c:36:41:d2:44:f9:cd:34:1e:5f:bc:79:eb:4a:ed:
1a:5a:89:4f:f7:f7:57:c6:36:5d:d0:73:f4:98:68:
28:04:15:e9:33:e8:60:60:97:78:78:c9:7a:4c:b0:
88:e7:a4:4a:3d:fc:4c:c6:81:b2:bc:48:67:6e:00:
58:76:9e:c5:67:88:ec:ba:84:8e:08:6b:dc:1a:02:
15:67:09:b9:34:2c:88:cd:fb:b8:09:8f:d9:5b:4c:
85:c4:be:43:c6:5c:dd:a6:49:51:5d:bb:f6:46:61:
01:ac:46:b4:07:48:91:6e:1f:17:ae:83:7b:67:fa:
bd:95:a8:c6:32:5a:77:f5:5e:a9:36:fa:ad:98:68:
3b:0d:3c:2f:52:0b:79:30:02:7c:f0:35:1d:9a:40:
4f:79:4e:91:c8:03:02:61:b8:57:44:87:28:bc:61:
94:bd:2e:0f:b2:93:6d:74:a2:4e:17:aa:0c:d4:60:
75:0f:64:bc:d8:06:34:e3:e1:e3:f9:a3:77:c9:57:
94:aa:65:8f:9e:d5:77:14:90:e6:15:9e:98:8a:17:
fb:36:d7:96:4c:ed:6b:93:3a:52:31:28:ea:03:18:
12:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:04:A4:9B:80:7B:DF:2F:B0:FF:7F:BC:61:53:6F:FD:F4:B7:E2:38
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PgSkm4B73y-w_3-8YVNv_fS34jg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
82:09:26:60:48:1f:f4:71:f6:d3:8f:a5:87:cf:78:70:05:65:
69:24:c6:87:ad:21:b0:24:59:9c:f2:5f:57:81:c3:55:86:af:
37:02:78:d4:7f:46:8c:7f:c4:09:dc:c9:06:19:66:84:7f:46:
f1:52:72:17:a8:79:6e:6f:69:ed:fa:90:8b:19:cb:13:26:59:
45:bf:09:4a:4c:a1:75:0c:5d:2d:13:ca:12:31:42:42:a6:41:
07:ac:3f:0a:3d:1a:f0:9d:21:dd:c2:68:f7:4b:41:06:a6:56:
1f:63:1c:45:15:29:b9:c3:84:d5:f8:c9:24:c2:57:6b:94:a6:
72:94:f9:b7:59:7d:bc:2e:8f:54:29:02:ed:83:35:07:39:22:
88:12:44:49:2c:39:c9:a8:8d:0e:31:7c:0c:f8:42:91:50:ef:
cb:f6:9e:37:2e:ad:75:0f:bb:0e:84:09:90:6f:66:93:ee:6d:
09:d4:32:aa:e8:b4:ed:e3:2e:4c:03:b8:6a:f6:b6:c0:0e:a9:
38:05:ab:58:00:cf:8c:4e:64:87:42:f6:01:b7:e5:6f:12:85:
ac:04:0f:75:db:f1:5e:b9:cc:11:ec:10:48:e5:25:39:ca:d2:
d1:4a:52:03:2f:d6:70:c8:9c:bd:79:a6:ab:1d:bb:ff:01:bd:
01:c3:73:14
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOw4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcw
NzUyMjlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNFMDRBNDlCODA3QkRG
MkZCMEZGN0ZCQzYxNTM2RkZERjRCN0UyMzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDR1bHAH3HOhZ1RX8aNvHmxeFAUCun9PN+mQPwEExw2QdJE+c00
Hl+8eetK7RpaiU/391fGNl3Qc/SYaCgEFekz6GBgl3h4yXpMsIjnpEo9/EzGgbK8
SGduAFh2nsVniOy6hI4Ia9waAhVnCbk0LIjN+7gJj9lbTIXEvkPGXN2mSVFdu/ZG
YQGsRrQHSJFuHxeug3tn+r2VqMYyWnf1Xqk2+q2YaDsNPC9SC3kwAnzwNR2aQE95
TpHIAwJhuFdEhyi8YZS9Lg+yk210ok4XqgzUYHUPZLzYBjTj4eP5o3fJV5SqZY+e
1XcUkOYVnpiKF/s215ZM7WuTOlIxKOoDGBK/AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUPgSkm4B73y+w/3+8YVNv/fS34jgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BnU2ttNEI3M3ktd18z
LThZVk52X2ZTMzRqZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAggkmYEgf9HH204+lh894cAVlaSTGh60h
sCRZnPJfV4HDVYavNwJ41H9GjH/ECdzJBhlmhH9G8VJyF6h5bm9p7fqQixnLEyZZ
Rb8JSkyhdQxdLRPKEjFCQqZBB6w/Cj0a8J0h3cJo90tBBqZWH2McRRUpucOE1fjJ
JMJXa5SmcpT5t1l9vC6PVCkC7YM1BzkiiBJESSw5yaiNDjF8DPhCkVDvy/aeNy6t
dQ+7DoQJkG9mk+5tCdQyqui07eMuTAO4ava2wA6pOAWrWADPjE5kh0L2AbflbxKF
rAQPddvxXrnMEewQSOUlOcrS0UpSAy/WcMicvXmmqx27/wG9AcNzFA==
-----END CERTIFICATE-----
Generated at Sat May 17 19:53:56 2025 by rpki-client