Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/REXuVWrgLAkBPFpvOrp-SDB5X7c.roa
File: REXuVWrgLAkBPFpvOrp-SDB5X7c.roa (raw, json)
Hash identifier: NFQw5azYfMhMvlDprTdgkS5tv+wusKVHEg8NyaOobK0=
Subject key identifier: 44:45:EE:55:6A:E0:2C:09:01:3C:5A:6F:3A:BA:7E:48:30:79:5F:B7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 439A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/REXuVWrgLAkBPFpvOrp-SDB5X7c.roa
Signing time: Thu 18 Apr 2024 17:23:00 +0000
ROA not before: Thu 18 Apr 2024 17:23:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17306 (0x439a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 17:23:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4445EE556AE02C09013C5A6F3ABA7E4830795FB7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:0f:b2:08:a6:83:47:83:36:ef:36:27:bd:c9:
4d:6b:e3:06:16:a6:b7:03:bb:b3:35:e1:70:ab:0f:
44:8a:5c:67:5c:31:16:d7:40:e2:28:a0:3c:4d:8a:
a2:1d:80:0a:af:11:01:56:5c:fe:0c:7e:65:21:b2:
5b:bb:23:ad:5f:58:ee:63:fe:46:99:cc:47:53:20:
cd:96:da:71:8e:b1:c3:85:cb:bc:92:0b:79:18:be:
97:29:1a:fd:74:ee:95:bb:71:10:37:87:dc:d4:d0:
ff:6f:a5:0c:7e:59:0b:40:ca:2b:5c:eb:e2:86:9d:
65:de:65:82:bb:18:1c:3d:cd:72:99:1f:8a:a6:1b:
13:2c:a4:42:c6:b8:a8:f4:f2:00:df:54:70:71:be:
32:f3:79:d0:03:5f:f2:16:fa:c0:df:a6:f5:7a:65:
41:84:c2:9b:1f:e3:23:60:6e:06:61:22:f1:aa:72:
5e:4f:09:33:61:ce:bc:a9:f0:97:87:56:ef:ec:d4:
87:19:e4:64:ec:4e:6c:33:c9:8a:e1:f6:ca:4b:35:
82:55:44:72:cf:6b:ac:67:99:6c:8c:52:d5:1e:40:
55:70:d1:8c:29:06:c4:d3:c2:05:6e:2f:ce:06:28:
32:a5:29:7f:49:fa:9c:c5:7a:0f:4b:69:49:28:bf:
a0:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:45:EE:55:6A:E0:2C:09:01:3C:5A:6F:3A:BA:7E:48:30:79:5F:B7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/REXuVWrgLAkBPFpvOrp-SDB5X7c.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
96:1d:25:d3:3d:df:7f:b9:a1:d9:9e:2a:e4:7d:7b:82:cd:47:
09:f6:fb:88:cc:6d:4f:7e:c6:8f:f2:8c:49:59:f4:37:3b:45:
9d:27:7e:3d:2a:71:a1:ec:29:d6:bc:2d:a8:48:6f:0c:e6:77:
d4:90:25:d6:88:4b:86:6b:e9:2d:42:c6:ad:bd:32:4f:b4:c0:
6b:91:45:ce:6f:da:0a:a2:9d:40:00:92:de:20:8b:1f:31:9c:
f0:03:72:2f:81:85:41:87:f2:4f:5c:86:71:85:79:91:f2:64:
5f:59:ae:5e:33:0f:16:02:51:9e:66:e7:46:c8:e6:44:fd:16:
51:e0:d3:62:29:5f:73:c4:dc:a5:72:66:10:01:ea:96:6f:09:
c3:b5:8e:a2:54:b1:c0:40:92:2b:25:4c:d2:b5:c6:66:63:b3:
6f:3f:39:b6:c5:c6:53:35:59:a3:a0:26:d7:5d:1b:98:9d:c3:
65:e9:69:a9:6e:5b:82:66:9e:39:fb:10:de:d8:83:42:bb:27:
b6:86:97:1b:ae:4b:f5:ad:da:61:b4:8b:8f:c3:7b:9f:a4:19:
9b:61:b1:bf:5e:a0:f8:55:ea:8b:d9:9d:af:56:2d:65:d6:0e:
cc:dd:bd:47:da:72:27:f2:9a:5d:cf:39:24:b2:d3:39:66:e1:
c2:fc:70:40
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQ5owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgx
NzIzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ0NDVFRTU1NkFFMDJD
MDkwMTNDNUE2RjNBQkE3RTQ4MzA3OTVGQjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4D7IIpoNHgzbvNie9yU1r4wYWprcDu7M14XCrD0SKXGdcMRbX
QOIooDxNiqIdgAqvEQFWXP4MfmUhslu7I61fWO5j/kaZzEdTIM2W2nGOscOFy7yS
C3kYvpcpGv107pW7cRA3h9zU0P9vpQx+WQtAyitc6+KGnWXeZYK7GBw9zXKZH4qm
GxMspELGuKj08gDfVHBxvjLzedADX/IW+sDfpvV6ZUGEwpsf4yNgbgZhIvGqcl5P
CTNhzryp8JeHVu/s1IcZ5GTsTmwzyYrh9spLNYJVRHLPa6xnmWyMUtUeQFVw0Ywp
BsTTwgVuL84GKDKlKX9J+pzFeg9LaUkov6AdAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUREXuVWrgLAkBPFpvOrp+SDB5X7cwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JFWHVWV3JnTEFrQlBG
cHZPcnAtU0RCNVg3Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAlh0l0z3ff7mh2Z4q5H17gs1HCfb7iMxt
T37Gj/KMSVn0NztFnSd+PSpxoewp1rwtqEhvDOZ31JAl1ohLhmvpLULGrb0yT7TA
a5FFzm/aCqKdQACS3iCLHzGc8ANyL4GFQYfyT1yGcYV5kfJkX1muXjMPFgJRnmbn
RsjmRP0WUeDTYilfc8TcpXJmEAHqlm8Jw7WOolSxwECSKyVM0rXGZmOzbz85tsXG
UzVZo6Am110bmJ3DZelpqW5bgmaeOfsQ3tiDQrsntoaXG65L9a3aYbSLj8N7n6QZ
m2Gxv16g+FXqi9mdr1YtZdYOzN29R9pyJ/KaXc85JLLTOWbhwvxwQA==
-----END CERTIFICATE-----
Generated at Sat May 17 19:39:03 2025 by rpki-client