Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/TrWZoLJ9pF3nJsaIh5mdhLR93QA.roa
File: TrWZoLJ9pF3nJsaIh5mdhLR93QA.roa (raw, json)
Hash identifier: trLt7uvGXv+6exBh1jAEZ+2I5bsH816yrDPpuGoPa7Y=
Subject key identifier: 4E:B5:99:A0:B2:7D:A4:5D:E7:26:C6:88:87:99:9D:84:B4:7D:DD:00
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4AB6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TrWZoLJ9pF3nJsaIh5mdhLR93QA.roa
Signing time: Sun 28 Apr 2024 04:53:25 +0000
ROA not before: Sun 28 Apr 2024 04:53:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19126 (0x4ab6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 04:53:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4EB599A0B27DA45DE726C68887999D84B47DDD00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:8f:90:8d:e4:f2:d4:9c:41:42:66:e8:32:83:
88:df:de:0f:50:f1:47:c8:7b:1f:53:c6:cd:ce:28:
c3:1d:f7:a1:b5:29:b3:29:e8:c5:ef:fc:7c:ba:60:
80:38:91:6d:f4:18:be:79:b6:4e:24:04:00:9b:f6:
47:be:a0:5f:e5:44:ee:77:60:02:ca:b4:b6:bd:74:
ef:66:d6:08:b5:d7:9e:a1:c3:9b:25:99:8b:87:34:
88:90:45:f2:a9:85:c1:c8:10:2d:28:bf:ea:17:19:
b7:1b:9a:56:dd:60:19:bd:4f:0c:c5:74:fd:c1:94:
e2:ee:84:49:63:e2:c4:99:92:83:28:fe:39:aa:05:
9e:a9:3c:fa:93:9f:8a:38:f7:39:03:93:26:f1:d5:
9a:6b:61:71:e1:e7:9d:ef:2e:00:10:0f:7a:42:69:
eb:8e:5b:35:5e:be:10:3d:85:01:0f:2a:77:f1:7b:
9b:f9:44:de:9a:82:b2:6e:5b:c0:29:aa:f9:17:a9:
37:0c:db:8a:52:6b:f7:f5:1d:71:70:7f:ff:00:03:
49:a9:af:44:f3:d0:81:05:79:ad:5f:6f:32:c9:7c:
48:c0:c9:33:47:1c:75:bd:c8:20:db:1e:53:27:31:
c3:27:cb:69:19:39:50:11:7e:b5:a7:37:18:9f:f6:
0c:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:B5:99:A0:B2:7D:A4:5D:E7:26:C6:88:87:99:9D:84:B4:7D:DD:00
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TrWZoLJ9pF3nJsaIh5mdhLR93QA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2b:41:5e:3d:1f:f4:dd:55:55:6e:1e:7f:cd:a1:bc:fa:74:4f:
75:63:dd:b0:a2:0e:47:af:b6:6e:23:d2:eb:6b:46:bc:55:f1:
c2:56:5d:5f:ef:95:de:08:ed:2a:1d:ea:c2:8a:63:83:ce:cf:
68:2e:87:b2:99:4b:cd:69:ef:23:d3:89:75:16:5c:db:2b:9d:
a2:9f:3a:3d:0d:fe:b9:04:79:bf:3f:cc:f8:35:46:7d:62:be:
40:ad:d1:c0:04:23:44:91:af:73:a7:8a:8d:8a:37:b1:b4:3c:
96:40:b4:20:ac:04:3f:4b:95:40:a1:91:a4:ad:7e:31:05:a7:
2b:20:15:27:ef:e7:41:3a:ed:71:58:61:64:a3:50:73:ec:8f:
54:52:d3:69:8d:b5:16:b2:6b:a6:07:be:80:d7:33:a0:c7:74:
2e:9c:71:fa:7c:da:af:56:72:cf:1a:a1:86:b2:fa:04:e3:af:
9c:03:89:71:62:1e:0c:b8:d2:b8:b1:de:8b:c9:8b:c1:2d:97:
97:47:17:c1:19:37:27:78:fd:44:29:9c:a3:e4:d4:f7:a8:10:
67:20:a8:60:78:47:23:bd:e6:13:62:2a:e9:6a:44:a7:1b:20:
a3:97:19:5c:b9:7d:02:4c:1f:fd:ad:ac:c7:fa:6b:45:30:6c:
4d:ec:c3:14
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSrYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgw
NDUzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRFQjU5OUEwQjI3REE0
NURFNzI2QzY4ODg3OTk5RDg0QjQ3REREMDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1j5CN5PLUnEFCZugyg4jf3g9Q8UfIex9Txs3OKMMd96G1KbMp
6MXv/Hy6YIA4kW30GL55tk4kBACb9ke+oF/lRO53YALKtLa9dO9m1gi1156hw5sl
mYuHNIiQRfKphcHIEC0ov+oXGbcbmlbdYBm9TwzFdP3BlOLuhElj4sSZkoMo/jmq
BZ6pPPqTn4o49zkDkybx1ZprYXHh553vLgAQD3pCaeuOWzVevhA9hQEPKnfxe5v5
RN6agrJuW8ApqvkXqTcM24pSa/f1HXFwf/8AA0mpr0Tz0IEFea1fbzLJfEjAyTNH
HHW9yCDbHlMnMcMny2kZOVARfrWnNxif9gwbAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUTrWZoLJ9pF3nJsaIh5mdhLR93QAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1RyV1pvTEo5cEYzbkpz
YUloNW1kaExSOTNRQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAK0FePR/03VVVbh5/zaG8+nRPdWPdsKIO
R6+2biPS62tGvFXxwlZdX++V3gjtKh3qwopjg87PaC6HsplLzWnvI9OJdRZc2yud
op86PQ3+uQR5vz/M+DVGfWK+QK3RwAQjRJGvc6eKjYo3sbQ8lkC0IKwEP0uVQKGR
pK1+MQWnKyAVJ+/nQTrtcVhhZKNQc+yPVFLTaY21FrJrpge+gNczoMd0Lpxx+nza
r1ZyzxqhhrL6BOOvnAOJcWIeDLjSuLHei8mLwS2Xl0cXwRk3J3j9RCmco+TU96gQ
ZyCoYHhHI73mE2Iq6WpEpxsgo5cZXLl9Akwf/a2sx/prRTBsTezDFA==
-----END CERTIFICATE-----
Generated at Sat May 17 19:41:12 2025 by rpki-client