Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/TTw42MGd7za1pRML6I9t1gxZleo.roa
File: TTw42MGd7za1pRML6I9t1gxZleo.roa (raw, json)
Hash identifier: tH1vQBcCUeN8PzOQdfGPZsMiXfBhb7t4BU9g7DESQHw=
Subject key identifier: 4D:3C:38:D8:C1:9D:EF:36:B5:A5:13:0B:E8:8F:6D:D6:0C:59:95:EA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A86
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TTw42MGd7za1pRML6I9t1gxZleo.roa
Signing time: Sat 27 Apr 2024 22:53:32 +0000
ROA not before: Sat 27 Apr 2024 22:53:32 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19078 (0x4a86)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 22:53:32 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4D3C38D8C19DEF36B5A5130BE88F6DD60C5995EA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:e8:53:df:02:29:f9:bc:d8:26:2b:00:55:8f:
6f:ce:49:b9:82:e5:cf:8b:8b:5d:66:7b:8e:98:65:
f5:c4:59:d8:27:67:cb:f6:cd:9e:be:2a:6e:85:75:
4c:16:3f:82:06:1f:ff:83:26:39:70:e4:68:01:6f:
90:14:82:27:ca:f2:bc:f1:dc:d1:e9:e5:6f:93:f9:
95:15:4f:32:48:f9:ae:7a:98:f1:d7:01:b3:d4:92:
49:11:9f:51:2a:cd:44:7e:da:15:98:94:b3:a1:06:
b4:4f:3b:ed:21:36:7e:84:5b:c7:fd:f3:46:91:3d:
60:53:99:2f:58:e2:3b:5a:b2:5f:5c:55:e8:82:67:
77:0e:08:6d:f9:be:03:36:5f:b3:a7:bb:81:42:ab:
f5:3c:ee:5d:87:a0:d1:f4:bd:9e:46:96:f2:d7:4c:
9b:bb:03:7e:2c:f2:03:66:2f:ea:15:5f:f1:9a:74:
5e:22:f4:c7:80:79:99:64:e9:7f:48:87:d4:bb:4e:
a6:6d:f4:09:ec:c1:ad:b6:87:15:78:ce:23:64:ad:
10:d8:77:05:11:2c:02:f3:e8:25:10:e1:e9:06:2b:
92:30:52:4f:18:3e:02:05:99:59:af:75:0f:69:47:
81:25:76:73:9b:7f:98:1f:a1:72:63:d9:29:2e:9c:
8c:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:3C:38:D8:C1:9D:EF:36:B5:A5:13:0B:E8:8F:6D:D6:0C:59:95:EA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TTw42MGd7za1pRML6I9t1gxZleo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3f:4a:30:73:a3:1b:72:56:7b:ac:7b:ff:26:54:6a:25:10:86:
68:77:b3:94:20:28:c5:dc:6a:22:10:dc:13:5a:c6:c3:34:b7:
5e:4d:96:8c:ba:cf:b5:97:5c:e7:c0:50:2b:a6:5d:23:23:4e:
fa:33:bc:7f:34:43:67:f5:f0:41:b6:ba:f2:df:58:82:5d:62:
a3:4d:cd:97:f9:a7:46:a6:b5:46:fd:1c:1f:a3:12:9a:2a:33:
9b:f8:79:9d:49:6a:7f:b5:18:aa:46:2c:c7:04:67:f4:5b:d0:
e8:15:b6:48:ce:bb:ae:23:e1:42:d8:15:96:9f:e1:64:ef:85:
f5:fa:f7:7a:35:ae:61:49:68:8f:1b:56:ae:bf:0a:e1:8f:d8:
0b:a4:f1:77:db:12:ea:e4:b2:f1:6b:79:14:f3:d8:10:ee:a2:
8a:6c:2c:67:f8:0a:2a:77:e8:31:03:7e:f9:92:47:48:a8:8a:
81:67:28:f5:60:84:51:3d:de:f7:64:05:dd:a4:53:02:fe:ad:
7c:99:4b:8e:b4:81:51:ce:be:38:8a:a2:16:3c:4a:dc:6f:74:
16:3f:28:d4:7b:d0:9d:9b:c1:a0:8e:c5:35:17:d0:03:1a:5a:
29:f2:2b:a9:f4:e7:f3:80:04:e4:8a:09:2e:f6:c4:fa:a5:23:
a5:ff:f7:b1
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSoYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcy
MjUzMzJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDREM0MzOEQ4QzE5REVG
MzZCNUE1MTMwQkU4OEY2REQ2MEM1OTk1RUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCc6FPfAin5vNgmKwBVj2/OSbmC5c+Li11me46YZfXEWdgnZ8v2
zZ6+Km6FdUwWP4IGH/+DJjlw5GgBb5AUgifK8rzx3NHp5W+T+ZUVTzJI+a56mPHX
AbPUkkkRn1EqzUR+2hWYlLOhBrRPO+0hNn6EW8f980aRPWBTmS9Y4jtasl9cVeiC
Z3cOCG35vgM2X7Onu4FCq/U87l2HoNH0vZ5GlvLXTJu7A34s8gNmL+oVX/GadF4i
9MeAeZlk6X9Ih9S7TqZt9Answa22hxV4ziNkrRDYdwURLALz6CUQ4ekGK5IwUk8Y
PgIFmVmvdQ9pR4EldnObf5gfoXJj2SkunIybAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUTTw42MGd7za1pRML6I9t1gxZleowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1RUdzQyTUdkN3phMXBS
TUw2STl0MWd4Wmxlby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAP0owc6MbclZ7rHv/JlRqJRCGaHezlCAo
xdxqIhDcE1rGwzS3Xk2WjLrPtZdc58BQK6ZdIyNO+jO8fzRDZ/XwQba68t9Ygl1i
o03Nl/mnRqa1Rv0cH6MSmiozm/h5nUlqf7UYqkYsxwRn9FvQ6BW2SM67riPhQtgV
lp/hZO+F9fr3ejWuYUlojxtWrr8K4Y/YC6Txd9sS6uSy8Wt5FPPYEO6iimwsZ/gK
KnfoMQN++ZJHSKiKgWco9WCEUT3e92QF3aRTAv6tfJlLjrSBUc6+OIqiFjxK3G90
Fj8o1HvQnZvBoI7FNRfQAxpaKfIrqfTn84AE5IoJLvbE+qUjpf/3sQ==
-----END CERTIFICATE-----
Generated at Sat May 17 20:00:45 2025 by rpki-client