Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QaBCgALp3Oc4EPDTxueH_dZ6IEM.roa
File: QaBCgALp3Oc4EPDTxueH_dZ6IEM.roa (raw, json)
Hash identifier: Lkr0Zpv41O7JIgs9qdb8XXe1bPFq/9fKHqQiSloiGc8=
Subject key identifier: 41:A0:42:80:02:E9:DC:E7:38:10:F0:D3:C6:E7:87:FD:D6:7A:20:43
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4142
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QaBCgALp3Oc4EPDTxueH_dZ6IEM.roa
Signing time: Mon 15 Apr 2024 14:22:55 +0000
ROA not before: Mon 15 Apr 2024 14:22:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16706 (0x4142)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 14:22:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=41A0428002E9DCE73810F0D3C6E787FDD67A2043
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:81:ff:db:12:54:38:d0:7e:81:8d:84:86:b8:
5a:be:a9:1e:24:a2:cd:fe:84:60:12:b9:54:60:09:
19:a4:a3:47:46:82:73:a5:2d:51:d4:67:08:17:1a:
74:4e:d2:1b:97:47:b4:08:21:87:48:96:ae:e8:a9:
88:ec:f1:05:01:b6:df:4b:a8:29:27:55:71:8e:bc:
9e:07:c2:56:79:b0:c8:b4:82:78:83:83:ce:8a:bc:
47:d1:1d:d6:b4:6a:3f:b4:fd:cf:99:f8:f3:1e:71:
70:96:6f:6f:e1:dd:71:32:46:2a:24:c8:25:d4:86:
ff:a0:63:bb:89:69:1a:86:25:37:e8:16:a0:ab:af:
b8:67:4a:57:41:b4:0c:77:d3:dd:20:85:82:df:e2:
68:4d:39:3b:6b:8f:51:72:a9:98:42:5f:06:f5:de:
47:e3:69:b2:a6:c3:b2:20:0a:6e:a9:b6:48:5e:2d:
13:5d:67:14:24:10:70:d6:52:d1:cc:40:c7:73:cb:
82:19:52:5c:fa:2c:79:2b:f7:01:9f:d1:1c:c5:c5:
40:31:31:b2:e9:88:be:32:89:c8:31:3a:02:74:a4:
df:fb:04:b0:99:89:a8:ca:23:a6:4a:c5:2f:10:1a:
ac:3d:26:c9:72:e5:a2:d2:0b:27:15:05:a8:75:a5:
c3:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:A0:42:80:02:E9:DC:E7:38:10:F0:D3:C6:E7:87:FD:D6:7A:20:43
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QaBCgALp3Oc4EPDTxueH_dZ6IEM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6a:07:96:7a:38:e6:df:5d:bc:dc:bd:e5:ba:30:26:c5:53:90:
96:43:87:f4:43:fa:a0:ab:44:8b:ba:22:a8:9a:7e:c7:cb:f1:
16:21:b3:6c:09:78:29:22:0c:9d:c3:06:0d:33:63:55:be:ba:
55:9d:4f:db:43:73:ed:bc:51:a7:a4:e9:eb:5e:3d:f9:2c:33:
e4:1c:c9:76:0d:36:39:7f:a3:f6:21:f7:7f:b2:36:e5:6d:b1:
60:0c:e3:a3:3e:67:13:04:6c:91:85:b3:1b:38:6f:b2:84:0c:
2f:48:57:c2:3e:24:93:89:f3:43:43:38:64:36:f4:0b:61:b9:
dd:9c:c8:0c:2c:88:97:be:a3:a3:95:ee:23:1f:ee:7d:13:97:
b0:61:21:20:ac:d2:bc:4d:98:95:e1:19:05:bc:31:5d:a2:6c:
37:20:46:52:4b:08:63:81:a2:09:f7:cb:18:9c:17:d5:9e:53:
e2:bf:13:66:20:a6:d1:71:47:1e:21:0b:d7:70:7b:b8:f6:eb:
ff:a4:47:d0:56:a5:c8:6b:ea:cb:84:cb:89:93:84:12:e8:79:
be:c2:34:fa:5a:01:bc:63:70:bd:cc:31:1e:6d:de:69:7a:7f:
57:2b:e9:a6:cf:37:1b:e1:1c:7a:61:b6:1c:6e:ca:78:fb:c2:
cc:d6:09:65
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQUIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
NDIyNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQxQTA0MjgwMDJFOURD
RTczODEwRjBEM0M2RTc4N0ZERDY3QTIwNDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCygf/bElQ40H6BjYSGuFq+qR4kos3+hGASuVRgCRmko0dGgnOl
LVHUZwgXGnRO0huXR7QIIYdIlq7oqYjs8QUBtt9LqCknVXGOvJ4HwlZ5sMi0gniD
g86KvEfRHda0aj+0/c+Z+PMecXCWb2/h3XEyRiokyCXUhv+gY7uJaRqGJTfoFqCr
r7hnSldBtAx3090ghYLf4mhNOTtrj1FyqZhCXwb13kfjabKmw7IgCm6ptkheLRNd
ZxQkEHDWUtHMQMdzy4IZUlz6LHkr9wGf0RzFxUAxMbLpiL4yicgxOgJ0pN/7BLCZ
iajKI6ZKxS8QGqw9Jsly5aLSCycVBah1pcOXAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUQaBCgALp3Oc4EPDTxueH/dZ6IEMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FhQkNnQUxwM09jNEVQ
RFR4dWVIX2RaNklFTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAageWejjm31283L3lujAmxVOQlkOH9EP6
oKtEi7oiqJp+x8vxFiGzbAl4KSIMncMGDTNjVb66VZ1P20Nz7bxRp6Tp6149+Swz
5BzJdg02OX+j9iH3f7I25W2xYAzjoz5nEwRskYWzGzhvsoQML0hXwj4kk4nzQ0M4
ZDb0C2G53ZzIDCyIl76jo5XuIx/ufROXsGEhIKzSvE2YleEZBbwxXaJsNyBGUksI
Y4GiCffLGJwX1Z5T4r8TZiCm0XFHHiEL13B7uPbr/6RH0FalyGvqy4TLiZOEEuh5
vsI0+loBvGNwvcwxHm3eaXp/Vyvpps83G+EcemG2HG7KePvCzNYJZQ==
-----END CERTIFICATE-----
Generated at Sun May 18 02:05:06 2025 by rpki-client