Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/T_PPDxIm7k93vN1P2ygRGuauO14.roa
File: T_PPDxIm7k93vN1P2ygRGuauO14.roa (raw, json)
Hash identifier: nslKaytr3OdTSZwmBUnn9ZkzhxDtbNuTvsyRr/H7BAY=
Subject key identifier: 4F:F3:CF:0F:12:26:EE:4F:77:BC:DD:4F:DB:28:11:1A:E6:AE:3B:5E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 47A6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/T_PPDxIm7k93vN1P2ygRGuauO14.roa
Signing time: Wed 24 Apr 2024 02:53:15 +0000
ROA not before: Wed 24 Apr 2024 02:53:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18342 (0x47a6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 02:53:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4FF3CF0F1226EE4F77BCDD4FDB28111AE6AE3B5E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:c7:9e:28:89:83:cd:8f:8f:ab:12:a4:f7:6d:
08:32:e6:d4:af:b2:5e:20:ab:71:72:82:b6:0b:89:
ef:e2:73:37:5b:62:04:7b:3e:3a:27:7d:58:99:d5:
e4:80:10:8d:f5:87:f6:fb:c8:34:b3:b3:dd:7f:e8:
c7:39:4f:19:e1:b7:ad:4a:24:f0:57:46:6c:0f:ea:
1e:07:cb:99:6e:44:a0:1e:b4:15:17:8a:29:8a:ac:
a4:50:63:27:4d:85:12:a5:df:14:d1:87:d6:8c:d4:
d2:32:1e:5e:15:d5:0f:f0:2b:a2:e1:e2:9b:1c:b3:
dd:50:76:05:34:86:67:d3:43:5a:70:78:1b:31:c9:
07:50:95:c4:66:ba:de:25:30:61:54:c9:9e:15:51:
30:fe:30:d0:a9:2d:d3:0a:de:e4:b1:b0:fc:b2:c6:
84:84:7e:35:d8:3d:61:c9:bd:24:89:6e:4b:e5:b5:
3a:cc:17:f4:2c:a2:73:68:66:7a:79:e0:70:dd:91:
3e:1b:b7:7a:0e:67:95:96:b2:cc:d0:65:b8:cc:2b:
a9:8f:15:8f:03:3e:da:52:8b:3a:f6:37:d8:42:21:
a1:c3:af:ad:97:b6:88:27:3a:b8:ad:5f:da:90:f3:
a4:d2:d8:a1:4a:fc:08:b5:75:a0:0f:a3:48:b8:10:
5a:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:F3:CF:0F:12:26:EE:4F:77:BC:DD:4F:DB:28:11:1A:E6:AE:3B:5E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/T_PPDxIm7k93vN1P2ygRGuauO14.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
20:ae:55:f4:68:7e:e1:ae:ac:de:4d:79:1b:12:c4:57:52:8f:
11:ec:22:e6:7e:33:73:88:70:a4:71:d7:fc:18:e1:9b:34:85:
a9:b9:2d:d8:46:9c:26:01:3c:61:cb:bd:86:85:c9:15:4b:0d:
e0:01:60:36:2f:0b:9a:09:90:af:ec:7d:84:08:6f:4e:42:ad:
58:3f:df:bf:06:01:b3:f1:b6:10:47:b7:f3:5e:9f:2a:2c:95:
1d:80:13:b0:6c:b9:a4:e2:ab:ae:12:7e:82:78:9f:cf:ab:e6:
ba:cf:f6:c3:ea:d0:e9:c2:7b:80:84:d5:73:5e:8c:e2:ee:c0:
27:49:f2:30:2e:d0:b6:8e:e6:3b:88:22:34:30:90:62:77:48:
1f:f6:87:c5:bc:96:e3:6c:1b:a0:00:9e:53:01:37:10:80:19:
cd:d9:b0:eb:19:2a:ba:ce:8f:8b:a6:43:27:79:e8:74:44:7e:
c9:81:cc:28:4b:2b:7a:c3:e6:15:bb:ab:7d:e9:2e:7c:8c:4e:
d2:85:61:49:fb:9f:9f:cc:5c:e9:45:b3:60:f7:18:04:6e:ff:
dc:d9:22:b5:ff:23:09:e5:96:95:18:ad:fd:23:f6:83:27:cc:
2b:ee:77:81:94:3c:1e:74:2c:a8:e5:f0:ea:8c:4d:8a:30:c5:
71:a1:bf:6d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICR6YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQw
MjUzMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRGRjNDRjBGMTIyNkVF
NEY3N0JDREQ0RkRCMjgxMTFBRTZBRTNCNUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCZx54oiYPNj4+rEqT3bQgy5tSvsl4gq3FygrYLie/iczdbYgR7
PjonfViZ1eSAEI31h/b7yDSzs91/6Mc5Txnht61KJPBXRmwP6h4Hy5luRKAetBUX
iimKrKRQYydNhRKl3xTRh9aM1NIyHl4V1Q/wK6Lh4pscs91QdgU0hmfTQ1pweBsx
yQdQlcRmut4lMGFUyZ4VUTD+MNCpLdMK3uSxsPyyxoSEfjXYPWHJvSSJbkvltTrM
F/QsonNoZnp54HDdkT4bt3oOZ5WWsszQZbjMK6mPFY8DPtpSizr2N9hCIaHDr62X
tognOritX9qQ86TS2KFK/Ai1daAPo0i4EFp5AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUT/PPDxIm7k93vN1P2ygRGuauO14wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1RfUFBEeEltN2s5M3ZO
MVAyeWdSR3VhdU8xNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAIK5V9Gh+4a6s3k15GxLEV1KPEewi5n4z
c4hwpHHX/BjhmzSFqbkt2EacJgE8Ycu9hoXJFUsN4AFgNi8LmgmQr+x9hAhvTkKt
WD/fvwYBs/G2EEe3816fKiyVHYATsGy5pOKrrhJ+gnifz6vmus/2w+rQ6cJ7gITV
c16M4u7AJ0nyMC7Qto7mO4giNDCQYndIH/aHxbyW42wboACeUwE3EIAZzdmw6xkq
us6Pi6ZDJ3nodER+yYHMKEsresPmFburfekufIxO0oVhSfufn8xc6UWzYPcYBG7/
3Nkitf8jCeWWlRit/SP2gyfMK+53gZQ8HnQsqOXw6oxNijDFcaG/bQ==
-----END CERTIFICATE-----
Generated at Sat May 17 23:15:50 2025 by rpki-client