Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Rgfr5fYmghD5S7NxzUjwkN289ck.roa
File: Rgfr5fYmghD5S7NxzUjwkN289ck.roa (raw, json)
Hash identifier: yPAA+HM/l+hIfsZ1J7z3iP9772tQql0p3T8jDBbd4r8=
Subject key identifier: 46:07:EB:E5:F6:26:82:10:F9:4B:B3:71:CD:48:F0:90:DD:BC:F5:C9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4962
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Rgfr5fYmghD5S7NxzUjwkN289ck.roa
Signing time: Fri 26 Apr 2024 10:23:21 +0000
ROA not before: Fri 26 Apr 2024 10:23:21 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18786 (0x4962)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 26 10:23:21 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4607EBE5F6268210F94BB371CD48F090DDBCF5C9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:11:9e:05:2d:69:92:21:f6:6e:1f:ff:a8:5b:
74:8c:46:fd:78:a4:cd:c8:46:8e:06:8e:36:3b:c7:
ab:61:ad:22:7b:98:b3:12:bb:c4:e6:a3:8a:75:cb:
e0:4c:9c:40:9e:82:87:15:e8:42:2e:d7:3c:d5:07:
e0:22:9d:9d:76:5c:37:18:48:6b:bf:b0:21:96:30:
c5:b5:47:15:19:77:1d:f1:50:c2:e8:f2:04:a7:56:
c9:47:df:a5:f2:35:a3:6c:04:77:58:a2:5c:a2:a0:
7d:03:1b:01:bf:7d:91:e8:ea:18:f5:3f:72:4a:02:
69:1e:71:65:3c:57:ba:89:56:82:b8:0d:0f:e2:f4:
77:30:28:df:bc:ad:1f:e3:56:5e:c0:73:fa:de:16:
dd:82:10:d1:49:1f:90:e3:a1:67:df:fd:76:4c:03:
8f:66:c3:e3:30:fe:ae:b4:25:e2:a2:02:75:71:29:
4f:89:03:51:4e:51:b4:c4:57:a4:73:8a:a0:1f:ec:
af:43:22:15:81:3e:15:67:cf:35:50:f8:61:a3:2a:
d2:27:63:43:48:79:77:08:72:2e:d2:6e:ce:d7:7b:
6d:f3:d2:4c:55:02:74:99:3d:40:bb:e2:6c:2d:a1:
23:4d:01:0c:70:1a:35:cf:ca:0e:27:b4:14:f8:bf:
cd:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:07:EB:E5:F6:26:82:10:F9:4B:B3:71:CD:48:F0:90:DD:BC:F5:C9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Rgfr5fYmghD5S7NxzUjwkN289ck.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4d:8f:f0:cb:a1:4c:5c:b7:15:08:6d:cf:a5:bc:8d:f3:d7:28:
22:84:37:84:d1:0a:2d:d2:89:3a:34:00:ae:56:69:ea:8a:71:
2f:d0:dd:ae:ee:1e:c8:96:8a:3d:23:b7:8c:70:78:8c:f3:79:
2b:4a:27:32:48:90:de:12:c4:d1:41:06:af:c5:f8:8f:e2:dd:
d3:c4:00:a9:68:90:3a:47:3d:37:47:2a:4b:09:2f:ef:11:4d:
5b:09:6e:78:44:66:8b:1f:89:a9:7c:c9:6b:0b:b1:5b:54:e4:
37:e1:8f:93:f1:04:4d:bf:e4:d5:d7:7a:59:0a:a4:3b:a1:ce:
3a:80:d4:b4:35:dd:f2:f6:43:f4:7a:38:a3:ae:46:1b:3b:f7:
ae:dd:37:53:1f:82:c1:5f:23:65:2b:21:a5:d7:55:55:91:5f:
75:93:ff:bb:1e:de:de:dd:e5:20:d8:bf:dc:e4:dd:59:aa:8b:
d1:55:ef:eb:43:be:64:35:5b:5b:86:04:92:ac:b0:ba:70:05:
ed:c5:45:d4:9e:c3:92:a9:14:9f:dc:a9:b0:f0:6c:01:10:c5:
8a:6a:28:b2:dd:80:0f:a5:4b:4c:08:25:be:b5:2e:08:66:f4:
92:ae:53:97:5d:35:4d:c2:3b:6c:b3:c4:45:cb:22:91:72:95:
7e:8c:e7:c2
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSWIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjYx
MDIzMjFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ2MDdFQkU1RjYyNjgy
MTBGOTRCQjM3MUNENDhGMDkwRERCQ0Y1QzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9EZ4FLWmSIfZuH/+oW3SMRv14pM3IRo4GjjY7x6thrSJ7mLMS
u8Tmo4p1y+BMnECegocV6EIu1zzVB+AinZ12XDcYSGu/sCGWMMW1RxUZdx3xUMLo
8gSnVslH36XyNaNsBHdYolyioH0DGwG/fZHo6hj1P3JKAmkecWU8V7qJVoK4DQ/i
9HcwKN+8rR/jVl7Ac/reFt2CENFJH5DjoWff/XZMA49mw+Mw/q60JeKiAnVxKU+J
A1FOUbTEV6RziqAf7K9DIhWBPhVnzzVQ+GGjKtInY0NIeXcIci7Sbs7Xe23z0kxV
AnSZPUC74mwtoSNNAQxwGjXPyg4ntBT4v835AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQURgfr5fYmghD5S7NxzUjwkN289ckwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JnZnI1ZlltZ2hENVM3
Tnh6VWp3a04yODljay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEATY/wy6FMXLcVCG3PpbyN89coIoQ3hNEK
LdKJOjQArlZp6opxL9Ddru4eyJaKPSO3jHB4jPN5K0onMkiQ3hLE0UEGr8X4j+Ld
08QAqWiQOkc9N0cqSwkv7xFNWwlueERmix+JqXzJawuxW1TkN+GPk/EETb/k1dd6
WQqkO6HOOoDUtDXd8vZD9Ho4o65GGzv3rt03Ux+CwV8jZSshpddVVZFfdZP/ux7e
3t3lINi/3OTdWaqL0VXv60O+ZDVbW4YEkqywunAF7cVF1J7DkqkUn9ypsPBsARDF
imoost2AD6VLTAglvrUuCGb0kq5Tl101TcI7bLPERcsikXKVfoznwg==
-----END CERTIFICATE-----
Generated at Sat May 17 22:39:17 2025 by rpki-client