Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Vi41ma1sIw62n2m-DvRWlPZMz9g.roa
File: Vi41ma1sIw62n2m-DvRWlPZMz9g.roa (raw, json)
Hash identifier: B2fxSXI/MhpN+ejV+IKyJY755/r5CRmz1Z1LAu+KUX0=
Subject key identifier: 56:2E:35:99:AD:6C:23:0E:B6:9F:69:BE:0E:F4:56:94:F6:4C:CF:D8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54E2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Vi41ma1sIw62n2m-DvRWlPZMz9g.roa
Signing time: Sat 11 May 2024 18:24:03 +0000
ROA not before: Sat 11 May 2024 18:24:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21730 (0x54e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 18:24:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=562E3599AD6C230EB69F69BE0EF45694F64CCFD8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:91:8a:10:71:c0:f1:e2:6c:0a:07:72:11:74:
3a:8c:29:b7:6f:7c:f1:b5:09:a0:28:8f:3c:a6:29:
59:35:4a:72:17:0a:25:9b:f7:12:e5:9a:03:5e:7f:
09:90:3c:b4:25:41:fb:c5:e0:ad:50:a7:28:c3:3b:
96:bc:2d:36:b5:48:61:9e:5d:d1:65:a5:ba:9e:64:
36:bb:e3:f1:43:fb:d9:f9:ed:05:0a:be:be:0d:4e:
f5:ec:ef:b0:bd:da:88:96:71:23:62:c3:23:71:36:
bb:7d:f8:83:ba:09:a6:4f:e4:2f:85:2e:e4:d7:84:
52:76:ff:43:58:3f:a7:57:68:ce:41:28:9b:99:a2:
6a:13:3f:0a:a3:f6:24:28:37:5f:ae:44:f2:48:ec:
55:aa:9d:8a:c9:21:bb:72:cd:e4:59:09:38:97:da:
02:fd:aa:4f:a9:db:af:56:5e:9c:ce:32:47:5f:93:
39:ed:19:77:80:15:4d:ba:f5:33:b2:e5:dd:7e:94:
fe:1f:50:08:cd:55:ab:38:7a:5b:5c:13:21:9b:85:
a0:7a:36:27:01:96:47:e2:67:5c:14:19:9c:f1:2e:
8e:cd:19:98:4d:8a:f9:f0:f6:a5:98:f3:d3:ab:dc:
04:57:4b:05:11:9d:98:b4:0a:7e:e3:a2:df:68:63:
35:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:2E:35:99:AD:6C:23:0E:B6:9F:69:BE:0E:F4:56:94:F6:4C:CF:D8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Vi41ma1sIw62n2m-DvRWlPZMz9g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
34:ac:41:9c:e0:0f:5f:20:e8:8d:17:84:b7:88:14:6e:7c:b1:
5e:6f:1b:aa:38:d7:67:d2:6f:d0:87:3a:43:be:42:ec:bd:d1:
2a:ec:7a:b0:d4:ad:a4:9e:d2:c4:3e:2b:0a:94:50:df:21:47:
5d:71:cd:a5:91:37:a1:90:33:0e:a0:38:23:ad:37:51:b4:22:
58:eb:ed:86:c1:42:8b:0e:33:01:80:10:41:8f:76:47:ee:57:
c2:db:1a:f7:dd:a9:90:73:bd:c8:d6:ba:1a:0f:fb:a3:15:40:
72:30:91:cc:f1:e1:61:5b:6d:7e:b3:cb:4c:7e:96:85:75:a0:
78:59:08:81:a0:7c:77:3a:1d:f0:6c:59:a0:5b:1f:3b:30:56:
06:aa:5a:13:f9:16:89:f5:93:36:e2:ca:c7:72:62:ed:f0:35:
9a:f9:6f:e4:76:88:2f:fa:f8:09:21:66:9f:b6:76:ab:ff:a1:
7a:2c:0d:1e:c0:fd:ac:ec:17:dd:82:3d:0d:90:87:39:f6:07:
2d:c2:61:16:af:a7:f1:4b:32:25:41:70:1a:1c:56:2c:12:07:
25:97:4d:b2:2e:77:88:c2:c3:49:39:57:63:b5:ff:81:41:06:
5a:48:a3:ac:03:ad:8a:80:95:f0:37:8d:2f:7e:53:37:36:ff:
73:17:14:d2
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVOIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEx
ODI0MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU2MkUzNTk5QUQ2QzIz
MEVCNjlGNjlCRTBFRjQ1Njk0RjY0Q0NGRDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0kYoQccDx4mwKB3IRdDqMKbdvfPG1CaAojzymKVk1SnIXCiWb
9xLlmgNefwmQPLQlQfvF4K1QpyjDO5a8LTa1SGGeXdFlpbqeZDa74/FD+9n57QUK
vr4NTvXs77C92oiWcSNiwyNxNrt9+IO6CaZP5C+FLuTXhFJ2/0NYP6dXaM5BKJuZ
omoTPwqj9iQoN1+uRPJI7FWqnYrJIbtyzeRZCTiX2gL9qk+p269WXpzOMkdfkznt
GXeAFU269TOy5d1+lP4fUAjNVas4eltcEyGbhaB6NicBlkfiZ1wUGZzxLo7NGZhN
ivnw9qWY89Or3ARXSwURnZi0Cn7jot9oYzV7AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUVi41ma1sIw62n2m+DvRWlPZMz9gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1ZpNDFtYTFzSXc2Mm4y
bS1EdlJXbFBaTXo5Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEANKxBnOAPXyDojReEt4gUbnyxXm8bqjjX
Z9Jv0Ic6Q75C7L3RKux6sNStpJ7SxD4rCpRQ3yFHXXHNpZE3oZAzDqA4I603UbQi
WOvthsFCiw4zAYAQQY92R+5Xwtsa992pkHO9yNa6Gg/7oxVAcjCRzPHhYVttfrPL
TH6WhXWgeFkIgaB8dzod8GxZoFsfOzBWBqpaE/kWifWTNuLKx3Ji7fA1mvlv5HaI
L/r4CSFmn7Z2q/+heiwNHsD9rOwX3YI9DZCHOfYHLcJhFq+n8UsyJUFwGhxWLBIH
JZdNsi53iMLDSTlXY7X/gUEGWkijrAOtioCV8DeNL35TNzb/cxcU0g==
-----END CERTIFICATE-----
Generated at Sat May 17 19:49:56 2025 by rpki-client