Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XJlg6YhbyzerbKOnj-3ydQDZ_zc.roa
File: XJlg6YhbyzerbKOnj-3ydQDZ_zc.roa (raw, json)
Hash identifier: OHhHMkJZUykEyhLXQi1yWN8eG9vvXl4RtFzDfjyUF8k=
Subject key identifier: 5C:99:60:E9:88:5B:CB:37:AB:6C:A3:A7:8F:ED:F2:75:00:D9:FF:37
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 456A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XJlg6YhbyzerbKOnj-3ydQDZ_zc.roa
Signing time: Sun 21 Apr 2024 03:23:05 +0000
ROA not before: Sun 21 Apr 2024 03:23:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17770 (0x456a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 21 03:23:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5C9960E9885BCB37AB6CA3A78FEDF27500D9FF37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:04:83:d5:5e:d7:a6:8d:44:6a:69:64:03:ef:
2f:88:99:a3:ed:12:7b:72:9e:e7:a4:2c:a2:24:93:
b3:aa:23:6a:13:c5:fc:7a:a5:04:7b:fc:70:86:61:
cd:d8:70:9c:c3:ca:98:cc:ea:cd:1c:76:00:89:7e:
62:54:a2:98:80:c5:b1:92:cb:fc:1f:35:ca:ca:da:
ef:76:ae:7b:b5:0d:a2:35:1e:cc:c5:16:08:b6:f8:
f3:27:d8:6c:cf:33:0f:c5:c7:e1:28:25:45:e3:33:
dc:f0:a6:82:60:f0:3a:b4:a1:5c:20:51:d3:71:98:
94:92:ee:d6:32:e6:7b:5e:1e:d5:66:a0:91:17:6e:
20:a7:42:b3:9f:3a:8e:54:0f:41:fa:70:6a:bc:a2:
96:5e:5c:13:cd:4b:79:78:a2:d8:77:75:99:ee:14:
35:32:92:9b:98:15:cb:24:b1:0e:25:57:d2:5f:9e:
71:66:b9:1d:ba:d6:16:43:d7:c4:06:57:29:a2:1e:
3a:bc:10:fe:28:84:dd:5e:a9:49:67:e8:4c:d2:f3:
a7:66:87:2d:4c:88:29:6c:75:c1:a9:38:fd:b9:6d:
c7:20:09:47:fa:d2:54:90:47:16:40:ae:47:1d:48:
be:b4:e2:2a:28:fd:7a:c4:8d:c8:50:89:db:d8:e1:
22:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:99:60:E9:88:5B:CB:37:AB:6C:A3:A7:8F:ED:F2:75:00:D9:FF:37
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XJlg6YhbyzerbKOnj-3ydQDZ_zc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
44:8c:93:45:4c:d0:2a:68:38:c9:0c:2b:9d:55:57:a8:b5:83:
47:c6:bc:dd:3e:43:e3:9a:80:6b:77:43:61:a2:ae:5e:9d:6b:
fc:9b:46:5e:cb:39:71:ee:82:df:a2:d3:58:d9:bd:03:79:37:
35:aa:d8:74:ed:d5:7c:43:d4:9a:07:d8:4a:e4:4a:6a:20:b7:
67:2f:ad:d9:e7:dd:b3:cd:fc:57:d7:43:02:23:4e:3f:a1:fc:
f0:54:dd:32:cf:af:3b:58:ce:73:9d:a1:a8:15:cd:46:6b:e2:
a0:55:c6:71:43:c2:78:aa:6f:8c:ec:ed:8e:f7:63:94:f2:4c:
c3:55:95:92:6f:3f:88:84:c3:7d:df:f8:10:0f:3a:4d:ac:2f:
19:45:45:5d:9c:97:d8:9c:6f:5c:11:58:35:04:f7:c6:25:79:
fc:8d:41:0f:c8:2f:d1:18:90:f1:99:d7:30:35:cd:73:e8:b3:
10:03:36:ef:17:1c:2f:b3:c4:a7:30:bf:8e:bd:9b:51:7e:a0:
eb:a5:3c:94:cd:ba:00:8d:c1:43:c1:16:1b:26:2d:13:c0:a5:
fb:2d:7f:6c:98:81:12:eb:b1:d4:e8:9e:4d:31:db:45:5d:62:
8a:7b:2b:e9:d4:05:1c:12:c6:29:54:74:92:e2:be:6a:06:a8:
6b:bb:a5:04
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRWowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjEw
MzIzMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVDOTk2MEU5ODg1QkNC
MzdBQjZDQTNBNzhGRURGMjc1MDBEOUZGMzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYBIPVXtemjURqaWQD7y+ImaPtEntynuekLKIkk7OqI2oTxfx6
pQR7/HCGYc3YcJzDypjM6s0cdgCJfmJUopiAxbGSy/wfNcrK2u92rnu1DaI1HszF
Fgi2+PMn2GzPMw/Fx+EoJUXjM9zwpoJg8Dq0oVwgUdNxmJSS7tYy5nteHtVmoJEX
biCnQrOfOo5UD0H6cGq8opZeXBPNS3l4oth3dZnuFDUykpuYFcsksQ4lV9JfnnFm
uR261hZD18QGVymiHjq8EP4ohN1eqUln6EzS86dmhy1MiClsdcGpOP25bccgCUf6
0lSQRxZArkcdSL604ioo/XrEjchQidvY4SJBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUXJlg6YhbyzerbKOnj+3ydQDZ/zcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hKbGc2WWhieXplcmJL
T25qLTN5ZFFEWl96Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEARIyTRUzQKmg4yQwrnVVXqLWDR8a83T5D
45qAa3dDYaKuXp1r/JtGXss5ce6C36LTWNm9A3k3NarYdO3VfEPUmgfYSuRKaiC3
Zy+t2efds838V9dDAiNOP6H88FTdMs+vO1jOc52hqBXNRmvioFXGcUPCeKpvjOzt
jvdjlPJMw1WVkm8/iITDfd/4EA86TawvGUVFXZyX2JxvXBFYNQT3xiV5/I1BD8gv
0RiQ8ZnXMDXNc+izEAM27xccL7PEpzC/jr2bUX6g66U8lM26AI3BQ8EWGyYtE8Cl
+y1/bJiBEuux1OieTTHbRV1iinsr6dQFHBLGKVR0kuK+agaoa7ulBA==
-----END CERTIFICATE-----
Generated at Sun May 18 00:49:43 2025 by rpki-client