Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/TnzAwqnm-FbBORgmNYHQDKkMVSw.roa
File: TnzAwqnm-FbBORgmNYHQDKkMVSw.roa (raw, json)
Hash identifier: Ncax3MDdcYoQjZp1ccBTHPYD0asWtbvdXilC2cwFpTU=
Subject key identifier: 4E:7C:C0:C2:A9:E6:F8:56:C1:39:18:26:35:81:D0:0C:A9:0C:55:2C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3596
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TnzAwqnm-FbBORgmNYHQDKkMVSw.roa
Signing time: Sun 31 Mar 2024 00:52:09 +0000
ROA not before: Sun 31 Mar 2024 00:52:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13718 (0x3596)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 00:52:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4E7CC0C2A9E6F856C13918263581D00CA90C552C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:1c:72:52:54:93:5c:dd:e6:1e:1f:7f:23:6c:
7f:90:53:3e:6a:5e:3a:43:bc:70:e6:6a:56:f3:56:
b1:6f:20:79:0b:17:af:be:e8:ac:01:fc:22:be:b3:
c4:16:ad:c5:9a:6a:1c:be:6b:88:4d:50:f0:80:fa:
b0:2c:df:24:ea:22:ef:fb:58:77:0f:a6:1c:c7:84:
2c:00:6b:65:10:01:7b:65:ca:11:80:09:51:64:b1:
94:48:3b:d7:fc:60:0a:8d:3e:b6:05:7a:93:26:fb:
29:19:38:f0:70:25:ca:91:b3:96:44:16:42:2a:7e:
44:15:87:a1:14:22:9b:5c:d8:d6:ef:b8:55:25:4e:
26:a2:3d:7c:cb:1b:a6:60:1f:f7:a5:d5:b6:e2:bc:
57:50:a7:a3:7b:ad:e2:65:ef:91:9c:84:bd:7a:4f:
7e:eb:db:2d:73:b7:45:33:fb:0c:aa:36:60:ff:a9:
2c:d5:31:3e:3f:89:16:08:d4:52:50:25:c9:3a:ce:
4c:0b:b0:db:a7:0f:9d:8f:dc:df:97:b1:f4:d9:1d:
45:16:78:cf:61:b0:7a:0f:77:9c:5f:87:42:ca:f6:
e9:2d:d4:cb:72:14:67:ca:6a:92:d7:e8:cb:bb:04:
2b:34:eb:c6:b2:5d:dd:3c:dd:0a:fb:5a:8d:4e:95:
0b:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:7C:C0:C2:A9:E6:F8:56:C1:39:18:26:35:81:D0:0C:A9:0C:55:2C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TnzAwqnm-FbBORgmNYHQDKkMVSw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
bc:91:d2:41:1f:10:66:e9:8f:a0:51:9d:2f:d8:36:56:ec:87:
6c:30:1a:7c:dd:e9:b8:e9:df:de:df:c2:23:00:aa:de:95:3f:
75:7a:f4:da:0a:ba:a2:38:96:6c:80:0a:85:5e:b2:ab:3f:f2:
3d:01:11:5c:ac:98:08:51:3a:3a:1e:3f:e0:85:8a:ec:08:cf:
c8:eb:33:28:5e:ed:0e:d8:24:c2:4f:a6:50:1d:1f:17:18:30:
68:33:62:18:53:35:1c:cd:32:7d:fa:b6:e1:9d:0f:86:da:8b:
f9:aa:56:71:bc:61:ac:19:6a:f5:25:68:23:00:c3:e6:61:b5:
ad:ea:65:6e:5c:6d:0c:f6:7a:f5:2f:c6:1a:9a:fd:c5:c2:a5:
30:c7:51:43:d3:60:16:35:6f:b8:16:5d:e5:73:07:ec:6a:3b:
52:c3:82:79:ba:6b:51:f9:dc:d9:a1:81:01:bf:ee:61:ab:b1:
0e:fc:c7:d7:07:d6:8c:41:7b:8e:f0:33:0c:50:23:e3:7b:49:
04:06:5f:a1:cf:fc:d8:f8:9b:97:d6:72:16:c1:f2:fe:f7:1a:
89:1c:2e:77:a8:46:be:72:97:31:9f:84:2f:b5:6f:7c:4f:7e:
e5:c6:f8:81:8c:af:0d:6c:e4:61:ab:2d:04:e0:89:00:eb:e0:
68:b0:c9:32
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNZYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
MDUyMDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRFN0NDMEMyQTlFNkY4
NTZDMTM5MTgyNjM1ODFEMDBDQTkwQzU1MkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDtHHJSVJNc3eYeH38jbH+QUz5qXjpDvHDmalbzVrFvIHkLF6++
6KwB/CK+s8QWrcWaahy+a4hNUPCA+rAs3yTqIu/7WHcPphzHhCwAa2UQAXtlyhGA
CVFksZRIO9f8YAqNPrYFepMm+ykZOPBwJcqRs5ZEFkIqfkQVh6EUIptc2NbvuFUl
TiaiPXzLG6ZgH/el1bbivFdQp6N7reJl75GchL16T37r2y1zt0Uz+wyqNmD/qSzV
MT4/iRYI1FJQJck6zkwLsNunD52P3N+XsfTZHUUWeM9hsHoPd5xfh0LK9ukt1Mty
FGfKapLX6Mu7BCs068ayXd083Qr7Wo1OlQtVAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUTnzAwqnm+FbBORgmNYHQDKkMVSwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1RuekF3cW5tLUZiQk9S
Z21OWUhRREtrTVZTdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAvJHSQR8QZumPoFGdL9g2VuyHbDAafN3p
uOnf3t/CIwCq3pU/dXr02gq6ojiWbIAKhV6yqz/yPQERXKyYCFE6Oh4/4IWK7AjP
yOszKF7tDtgkwk+mUB0fFxgwaDNiGFM1HM0yffq24Z0PhtqL+apWcbxhrBlq9SVo
IwDD5mG1replblxtDPZ69S/GGpr9xcKlMMdRQ9NgFjVvuBZd5XMH7Go7UsOCebpr
Ufnc2aGBAb/uYauxDvzH1wfWjEF7jvAzDFAj43tJBAZfoc/82Pibl9ZyFsHy/vca
iRwud6hGvnKXMZ+EL7VvfE9+5cb4gYyvDWzkYastBOCJAOvgaLDJMg==
-----END CERTIFICATE-----
Generated at Sun May 18 09:29:41 2025 by rpki-client