Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Q8l1_LGEIzoRr-IfAWsgE3FG-GA.roa
File: Q8l1_LGEIzoRr-IfAWsgE3FG-GA.roa (raw, json)
Hash identifier: 7Mp9M6AsXI3D3fwlf1H8b7OawCRFeBOe7U5gtix38jE=
Subject key identifier: 43:C9:75:FC:B1:84:23:3A:11:AF:E2:1F:01:6B:20:13:71:46:F8:60
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4D06
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q8l1_LGEIzoRr-IfAWsgE3FG-GA.roa
Signing time: Wed 01 May 2024 06:53:36 +0000
ROA not before: Wed 01 May 2024 06:53:36 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19718 (0x4d06)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 06:53:36 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=43C975FCB184233A11AFE21F016B20137146F860
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:b9:c2:ab:4e:df:a1:e2:a5:52:15:d6:96:bb:
e0:4f:ff:30:4b:c1:63:c9:80:be:f3:01:e6:0f:e3:
f2:cc:5f:1f:c0:4b:7a:4d:6d:37:95:c4:46:72:0f:
18:17:aa:82:c1:4b:d2:ab:64:1b:2f:57:1e:30:7b:
8c:cb:ae:72:82:90:a2:b2:99:8c:bd:18:72:44:14:
25:13:ef:41:cd:b3:a6:d4:11:56:cc:02:75:a7:99:
c5:9e:74:ad:72:9d:6f:da:e4:63:ed:67:e2:11:31:
6b:97:8b:10:27:73:62:07:8d:e4:e9:26:01:ba:fd:
86:ea:93:d8:fa:a5:9e:d9:ed:1b:2f:4d:6e:1a:14:
59:77:f2:ca:3a:be:f1:ed:a1:96:58:66:2f:e8:f8:
25:a8:1f:61:7d:19:0d:31:07:76:78:46:2d:70:c2:
25:9c:6d:75:88:06:3a:49:05:d8:8a:2d:4b:7d:7e:
57:21:3c:d0:1f:08:89:f6:e9:20:89:11:13:64:f4:
0a:89:7c:36:06:ab:c6:78:e0:98:7c:b7:19:d1:98:
fc:ae:4f:33:1c:5b:21:f2:20:f5:de:f2:86:d6:e9:
f6:b2:8f:af:06:90:49:7d:b7:ce:f4:08:c6:fe:34:
17:b7:96:7b:8e:65:62:1d:dc:8d:59:ab:46:66:47:
95:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:C9:75:FC:B1:84:23:3A:11:AF:E2:1F:01:6B:20:13:71:46:F8:60
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q8l1_LGEIzoRr-IfAWsgE3FG-GA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4e:36:15:94:29:a4:ce:bc:be:64:b8:91:b3:83:81:5e:75:48:
a4:36:8e:6e:e1:52:d1:a7:ae:8f:8c:83:62:d5:d9:ad:ef:6c:
a8:ab:b2:79:be:4d:3f:62:c3:23:05:84:73:c8:cc:06:a4:cb:
7a:1b:23:eb:49:cb:2a:1d:23:0f:b1:18:1a:a4:af:4e:4e:7e:
84:11:b4:55:ac:73:37:2d:d5:56:ac:89:ef:3e:a7:4b:60:d4:
0a:25:d0:c0:3d:e2:ad:13:d9:9a:82:d7:73:d6:f0:a5:a6:7c:
43:5e:7b:f7:8c:bd:54:9f:73:5a:0e:41:83:db:96:4f:19:bd:
fb:28:dc:04:ed:70:7d:44:6c:19:09:6d:4e:24:b9:1c:88:8f:
45:ae:dd:17:26:25:7a:f2:78:5a:6e:c0:11:13:8e:60:85:fd:
92:f2:83:91:ad:08:c6:a1:e3:4c:76:b3:1f:fe:2a:72:40:dd:
9a:0a:b4:53:b3:95:9a:a7:6b:b2:57:11:6e:05:6a:f7:26:70:
ac:21:84:7e:00:15:73:5b:29:63:10:7a:d2:87:57:a5:33:09:
bd:a5:f6:eb:6e:bc:74:da:de:ac:23:15:e9:c5:80:7f:0e:f1:
08:97:71:fb:ba:ce:e9:06:d2:41:20:42:6a:ea:f0:e1:93:b3:
e4:a9:02:ac
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTQYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEw
NjUzMzZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQzQzk3NUZDQjE4NDIz
M0ExMUFGRTIxRjAxNkIyMDEzNzE0NkY4NjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxucKrTt+h4qVSFdaWu+BP/zBLwWPJgL7zAeYP4/LMXx/AS3pN
bTeVxEZyDxgXqoLBS9KrZBsvVx4we4zLrnKCkKKymYy9GHJEFCUT70HNs6bUEVbM
AnWnmcWedK1ynW/a5GPtZ+IRMWuXixAnc2IHjeTpJgG6/Ybqk9j6pZ7Z7RsvTW4a
FFl38so6vvHtoZZYZi/o+CWoH2F9GQ0xB3Z4Ri1wwiWcbXWIBjpJBdiKLUt9flch
PNAfCIn26SCJERNk9AqJfDYGq8Z44Jh8txnRmPyuTzMcWyHyIPXe8obW6fayj68G
kEl9t870CMb+NBe3lnuOZWId3I1Zq0ZmR5UZAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUQ8l1/LGEIzoRr+IfAWsgE3FG+GAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1E4bDFfTEdFSXpvUnIt
SWZBV3NnRTNGRy1HQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEATjYVlCmkzry+ZLiRs4OBXnVIpDaObuFS
0aeuj4yDYtXZre9sqKuyeb5NP2LDIwWEc8jMBqTLehsj60nLKh0jD7EYGqSvTk5+
hBG0VaxzNy3VVqyJ7z6nS2DUCiXQwD3irRPZmoLXc9bwpaZ8Q15794y9VJ9zWg5B
g9uWTxm9+yjcBO1wfURsGQltTiS5HIiPRa7dFyYlevJ4Wm7AEROOYIX9kvKDka0I
xqHjTHazH/4qckDdmgq0U7OVmqdrslcRbgVq9yZwrCGEfgAVc1spYxB60odXpTMJ
vaX26268dNrerCMV6cWAfw7xCJdx+7rO6QbSQSBCaurw4ZOz5KkCrA==
-----END CERTIFICATE-----
Generated at Sat May 17 19:41:23 2025 by rpki-client