Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RlyGaWS53W7j__HlQ2sQc1d4DAA.roa
File: RlyGaWS53W7j__HlQ2sQc1d4DAA.roa (raw, json)
Hash identifier: RW0E7bi+zRRuspt37iRW4ya24FyTnpeMlOII0uKjSQ4=
Subject key identifier: 46:5C:86:69:64:B9:DD:6E:E3:FF:F1:E5:43:6B:10:73:57:78:0C:00
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4406
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RlyGaWS53W7j__HlQ2sQc1d4DAA.roa
Signing time: Fri 19 Apr 2024 06:53:10 +0000
ROA not before: Fri 19 Apr 2024 06:53:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17414 (0x4406)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 06:53:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=465C866964B9DD6EE3FFF1E5436B107357780C00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:c3:b0:41:d8:aa:e1:9f:fb:f0:13:e3:ce:b4:
40:58:e3:26:f5:1b:2b:a1:79:bb:42:07:82:bb:f2:
d5:21:28:80:31:7a:9a:07:88:e6:60:09:5b:a1:5d:
82:85:4c:2c:17:73:d2:a1:ad:65:25:f9:75:a7:f4:
47:ae:74:d1:06:cd:47:a4:32:9d:db:57:41:d2:55:
3e:a1:38:9e:bd:4c:1f:1a:05:12:24:81:e4:fa:e3:
b5:5f:01:ed:bd:d6:1c:43:84:d8:7a:01:65:3d:19:
4b:70:fa:0a:57:6c:c9:c9:f6:a9:e2:b9:c8:e6:c8:
5a:68:30:dd:e6:be:f3:15:1e:1e:72:2d:d6:cc:f5:
27:94:3f:d8:ad:f7:c1:b9:ab:6d:f5:5f:f4:11:c0:
4e:64:58:1b:8e:44:a9:80:0f:8a:0f:d5:2c:1e:91:
02:d7:59:ef:bc:31:31:62:bf:f1:08:f5:b2:a9:79:
bd:26:47:4a:d0:4f:b5:e6:db:f8:76:0c:d2:46:f6:
aa:e6:ef:0f:e7:34:12:b5:af:6b:a1:d2:3a:d5:ea:
c0:67:bf:91:ad:b8:bf:be:d0:9e:0d:b7:01:f8:3e:
13:18:4d:9a:3e:6f:0f:a2:2e:17:35:e7:0c:52:3c:
3c:26:6e:af:27:b0:0a:c8:c1:fd:a3:9b:7d:5b:20:
b3:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:5C:86:69:64:B9:DD:6E:E3:FF:F1:E5:43:6B:10:73:57:78:0C:00
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RlyGaWS53W7j__HlQ2sQc1d4DAA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
65:a3:1a:a7:27:a0:45:48:85:10:bb:f7:31:8c:84:35:6e:1d:
b1:7f:71:95:56:40:73:99:d0:cb:2f:4f:08:02:eb:46:b4:39:
93:e2:89:d7:eb:89:fd:89:50:9d:5b:ad:49:68:55:9f:7d:eb:
45:4e:d8:e1:a9:89:80:4c:d1:ef:2f:3a:63:ab:45:18:a6:94:
90:52:39:97:3e:b8:d4:74:97:a3:7f:05:1d:ab:24:e7:56:bc:
60:97:f7:ae:e5:86:25:d2:d5:b7:76:7c:1a:cf:ba:2c:4a:ac:
be:ae:70:24:d7:f0:e7:7a:d5:b7:06:16:85:69:ad:e5:db:81:
25:a5:f4:01:e4:f1:bb:3a:70:15:c5:6a:ed:c3:5e:75:d5:f7:
8e:7c:b3:e2:70:b4:40:5c:84:cd:ab:ea:85:c4:b7:de:ba:3f:
90:19:29:e1:84:05:0e:02:66:cf:91:14:69:a7:2a:6f:46:ae:
4d:c6:14:c1:34:9a:f7:89:4e:bc:62:05:03:ea:70:d0:e9:cc:
1d:16:88:4c:21:46:5d:28:b1:d5:d8:b1:ff:7a:68:de:a0:99:
93:cc:27:1c:6a:49:9d:a5:f1:66:51:ef:d6:12:22:bf:01:03:
cc:9e:09:46:15:8d:08:1f:82:22:a1:0e:6f:31:1f:0d:95:a9:
a9:69:7b:24
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRAYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkw
NjUzMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ2NUM4NjY5NjRCOURE
NkVFM0ZGRjFFNTQzNkIxMDczNTc3ODBDMDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/w7BB2Krhn/vwE+POtEBY4yb1GyuhebtCB4K78tUhKIAxepoH
iOZgCVuhXYKFTCwXc9KhrWUl+XWn9EeudNEGzUekMp3bV0HSVT6hOJ69TB8aBRIk
geT647VfAe291hxDhNh6AWU9GUtw+gpXbMnJ9qniucjmyFpoMN3mvvMVHh5yLdbM
9SeUP9it98G5q231X/QRwE5kWBuORKmAD4oP1SwekQLXWe+8MTFiv/EI9bKpeb0m
R0rQT7Xm2/h2DNJG9qrm7w/nNBK1r2uh0jrV6sBnv5GtuL++0J4NtwH4PhMYTZo+
bw+iLhc15wxSPDwmbq8nsArIwf2jm31bILMDAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQURlyGaWS53W7j//HlQ2sQc1d4DAAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JseUdhV1M1M1c3al9f
SGxRMnNRYzFkNERBQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAZaMapyegRUiFELv3MYyENW4dsX9xlVZA
c5nQyy9PCALrRrQ5k+KJ1+uJ/YlQnVutSWhVn33rRU7Y4amJgEzR7y86Y6tFGKaU
kFI5lz641HSXo38FHask51a8YJf3ruWGJdLVt3Z8Gs+6LEqsvq5wJNfw53rVtwYW
hWmt5duBJaX0AeTxuzpwFcVq7cNeddX3jnyz4nC0QFyEzavqhcS33ro/kBkp4YQF
DgJmz5EUaacqb0auTcYUwTSa94lOvGIFA+pw0OnMHRaITCFGXSix1dix/3po3qCZ
k8wnHGpJnaXxZlHv1hIivwEDzJ4JRhWNCB+CIqEObzEfDZWpqWl7JA==
-----END CERTIFICATE-----
Generated at Sat May 17 19:40:04 2025 by rpki-client