Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PqCQaf-fCFbzuw5r6rvh2LO2GU4.roa
File: PqCQaf-fCFbzuw5r6rvh2LO2GU4.roa (raw, json)
Hash identifier: 4TCl1s4sJklUX8UH4PPfsED9XKoRXE63FwAjLKZ6+V4=
Subject key identifier: 3E:A0:90:69:FF:9F:08:56:F3:BB:0E:6B:EA:BB:E1:D8:B3:B6:19:4E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B4E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PqCQaf-fCFbzuw5r6rvh2LO2GU4.roa
Signing time: Sun 07 Apr 2024 15:52:33 +0000
ROA not before: Sun 07 Apr 2024 15:52:33 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15182 (0x3b4e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 15:52:33 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3EA09069FF9F0856F3BB0E6BEABBE1D8B3B6194E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:95:cb:1f:4e:8b:ed:ac:96:50:b3:ef:3e:c7:
94:61:f6:31:d3:16:03:9e:e7:27:06:49:b7:ec:24:
d9:07:d1:ff:77:e8:07:cb:8c:51:2c:7e:59:f7:e7:
fa:48:20:6e:ad:1f:b3:b5:d1:ab:ac:c0:f0:e6:13:
b6:de:ff:62:83:87:b7:1f:1f:3e:c1:cf:a1:6f:11:
00:75:a0:4a:28:a1:cf:49:db:1d:39:3a:b0:e5:d3:
76:dc:a6:f6:cc:f9:a1:8a:7d:25:c6:aa:f4:b2:1e:
12:66:a7:d2:d2:f9:78:d4:c6:91:71:fe:a4:e6:e5:
c0:38:65:b4:82:68:e4:5e:b0:5f:6e:35:61:a8:a3:
3c:42:30:98:d3:45:ec:f5:d6:67:d6:b5:5f:2c:4a:
ba:7d:dd:4c:58:0d:6d:71:de:4f:0f:43:11:4f:70:
ac:90:b3:25:70:3c:ac:6b:aa:68:22:e9:4f:6c:45:
81:b7:e1:03:3a:f1:e4:36:8f:d9:86:3d:79:28:61:
3b:43:d3:af:04:bb:10:7b:8d:6f:60:df:3b:dc:8e:
8e:ee:74:96:8e:78:63:fd:a3:cd:92:b8:28:8c:08:
79:98:f2:a5:4c:14:44:91:91:c6:0b:6f:1c:9d:b3:
82:ee:31:d5:37:62:75:33:5e:2c:88:5d:91:4f:71:
fc:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:A0:90:69:FF:9F:08:56:F3:BB:0E:6B:EA:BB:E1:D8:B3:B6:19:4E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PqCQaf-fCFbzuw5r6rvh2LO2GU4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
62:a3:c8:3a:f5:29:2f:c5:b0:cf:4c:55:80:45:69:6b:12:cf:
60:e6:d2:d7:83:15:b7:c5:c5:e4:83:dc:f9:e8:3b:73:ec:12:
50:31:66:3b:ce:71:90:30:e2:6f:9b:2a:b6:bc:bf:17:8b:0e:
1b:4b:d4:10:75:ab:d5:68:89:a4:84:3c:a1:45:6a:ff:98:6e:
93:d3:d3:90:e3:fd:6b:b7:6a:4d:09:b1:08:05:50:42:a5:34:
6e:08:f5:e3:33:9d:9e:65:b9:24:d2:58:54:32:a8:aa:86:56:
e1:3f:cf:ea:7e:50:94:6a:53:a6:c1:40:0d:aa:eb:03:6c:ce:
d4:1f:c8:d2:4d:d5:9a:da:9e:cb:4a:91:17:f3:7f:1e:86:1e:
c3:1b:d2:0b:b2:99:f0:13:c7:d0:f3:e0:d7:2e:bc:ee:9d:5d:
23:52:16:1b:10:b4:51:9e:b2:b9:fd:f0:03:aa:63:92:93:89:
ba:26:0b:e1:f4:32:98:13:91:26:f6:4c:25:03:ab:74:ba:83:
08:b7:e4:1f:14:0a:01:fe:03:eb:7b:19:26:d0:92:ca:28:c0:
75:a4:05:2b:ae:d5:eb:58:8c:3a:25:70:53:9c:63:0d:bf:0d:
56:92:d8:f1:25:69:46:b4:30:31:fb:25:9b:85:82:9a:e8:56:
6a:59:e6:21
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICO04wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcx
NTUyMzNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNFQTA5MDY5RkY5RjA4
NTZGM0JCMEU2QkVBQkJFMUQ4QjNCNjE5NEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwlcsfTovtrJZQs+8+x5Rh9jHTFgOe5ycGSbfsJNkH0f936AfL
jFEsfln35/pIIG6tH7O10auswPDmE7be/2KDh7cfHz7Bz6FvEQB1oEoooc9J2x05
OrDl03bcpvbM+aGKfSXGqvSyHhJmp9LS+XjUxpFx/qTm5cA4ZbSCaOResF9uNWGo
ozxCMJjTRez11mfWtV8sSrp93UxYDW1x3k8PQxFPcKyQsyVwPKxrqmgi6U9sRYG3
4QM68eQ2j9mGPXkoYTtD068EuxB7jW9g3zvcjo7udJaOeGP9o82SuCiMCHmY8qVM
FESRkcYLbxyds4LuMdU3YnUzXiyIXZFPcfyNAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUPqCQaf+fCFbzuw5r6rvh2LO2GU4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BxQ1FhZi1mQ0ZienV3
NXI2cnZoMkxPMkdVNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAYqPIOvUpL8Wwz0xVgEVpaxLPYObS14MV
t8XF5IPc+eg7c+wSUDFmO85xkDDib5sqtry/F4sOG0vUEHWr1WiJpIQ8oUVq/5hu
k9PTkOP9a7dqTQmxCAVQQqU0bgj14zOdnmW5JNJYVDKoqoZW4T/P6n5QlGpTpsFA
DarrA2zO1B/I0k3Vmtqey0qRF/N/HoYewxvSC7KZ8BPH0PPg1y687p1dI1IWGxC0
UZ6yuf3wA6pjkpOJuiYL4fQymBORJvZMJQOrdLqDCLfkHxQKAf4D63sZJtCSyijA
daQFK67V61iMOiVwU5xjDb8NVpLY8SVpRrQwMfslm4WCmuhWalnmIQ==
-----END CERTIFICATE-----
Generated at Sat May 17 22:40:21 2025 by rpki-client