Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XskpoJ7z10wYObmLpIPeIK7nO84.roa
File: XskpoJ7z10wYObmLpIPeIK7nO84.roa (raw, json)
Hash identifier: hqO/gBLnB4yx77DUbhNRhV2H35206vMHQl250nkS+U4=
Subject key identifier: 5E:C9:29:A0:9E:F3:D7:4C:18:39:B9:8B:A4:83:DE:20:AE:E7:3B:CE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F1E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XskpoJ7z10wYObmLpIPeIK7nO84.roa
Signing time: Fri 12 Apr 2024 17:52:53 +0000
ROA not before: Fri 12 Apr 2024 17:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16158 (0x3f1e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 17:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5EC929A09EF3D74C1839B98BA483DE20AEE73BCE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:35:17:75:8b:6d:91:e7:03:70:be:a2:c0:f3:
b2:10:c6:69:0a:ae:47:b6:c5:dd:ec:cd:3e:b5:f2:
13:63:8a:6c:66:67:97:cd:1f:39:2e:d9:13:7b:42:
e7:5d:22:ff:40:43:ac:f4:58:be:5c:ef:25:ba:57:
3f:18:8a:33:cf:2d:9f:2c:23:53:73:58:7c:77:55:
c8:5e:a6:9e:e1:a5:dd:f2:c6:da:9f:6d:c9:9e:3c:
3d:2d:70:86:64:51:39:ca:d0:32:1f:7d:e3:d2:2a:
e0:6c:9c:0a:f2:58:c6:63:5d:30:04:a2:16:f7:63:
75:ed:21:76:36:48:08:fd:e0:a5:fb:8d:78:83:a9:
c8:b0:b7:60:12:aa:ba:0a:b4:93:24:52:8f:10:32:
30:02:50:b6:66:0e:27:da:f5:7b:a3:dc:d0:14:a8:
e9:11:2d:60:f4:cc:95:a2:42:e1:4b:2d:80:f9:88:
53:fb:83:2b:f2:46:3a:b4:c6:6c:6c:fb:81:03:99:
1a:57:66:12:db:2c:13:15:95:d5:00:d8:8b:79:68:
35:6e:1c:82:0a:84:74:be:6e:88:43:aa:9e:aa:26:
b1:f2:c4:fa:d1:5e:41:c7:0b:bf:ea:a8:47:cf:41:
1b:69:e1:d7:f1:3d:3e:c4:8e:a1:46:27:37:a6:2f:
19:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:C9:29:A0:9E:F3:D7:4C:18:39:B9:8B:A4:83:DE:20:AE:E7:3B:CE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XskpoJ7z10wYObmLpIPeIK7nO84.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
40:da:32:83:1a:19:c5:ab:5c:8d:2b:e7:08:04:de:94:90:d5:
d2:26:09:22:a0:b3:69:86:43:fd:6a:82:22:44:94:46:a1:4e:
3e:14:37:9d:9a:be:73:90:8b:ec:aa:9c:4d:6e:4f:08:c3:a5:
24:de:5d:f9:34:c3:fb:af:d0:e5:d3:7c:8a:dd:9d:ea:44:f9:
80:e5:87:cb:8e:10:37:51:53:bb:43:df:6a:48:7e:f6:34:75:
05:62:4a:d4:f1:5f:56:e0:8d:63:87:64:41:10:fa:1b:c2:82:
b3:be:39:c9:3e:2d:45:38:20:39:07:ea:31:4c:60:c1:06:95:
34:dc:b5:e0:a0:7d:d8:b5:5e:1b:2a:14:5c:24:b4:1b:a7:84:
10:dc:61:90:0e:60:21:29:c2:e0:3e:20:0b:93:e8:c6:c1:8a:
72:12:1c:87:11:50:f4:54:db:6c:fa:67:3b:9a:5e:30:19:f4:
73:f0:a6:50:7b:03:d0:dd:12:9d:ec:f5:e3:7c:5d:f3:96:a1:
4c:1e:bf:ab:37:99:3a:09:94:0b:fb:29:6d:fe:eb:c3:10:49:
df:e6:9a:48:fd:86:de:28:f9:f7:dd:59:a5:c1:de:99:16:1d:
61:f9:7b:74:9c:8c:81:dd:bc:d1:6c:68:19:45:db:7b:79:11:
7a:d7:e1:b0
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPx4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIx
NzUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVFQzkyOUEwOUVGM0Q3
NEMxODM5Qjk4QkE0ODNERTIwQUVFNzNCQ0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCyNRd1i22R5wNwvqLA87IQxmkKrke2xd3szT618hNjimxmZ5fN
Hzku2RN7QuddIv9AQ6z0WL5c7yW6Vz8YijPPLZ8sI1NzWHx3Vchepp7hpd3yxtqf
bcmePD0tcIZkUTnK0DIffePSKuBsnAryWMZjXTAEohb3Y3XtIXY2SAj94KX7jXiD
qciwt2ASqroKtJMkUo8QMjACULZmDifa9Xuj3NAUqOkRLWD0zJWiQuFLLYD5iFP7
gyvyRjq0xmxs+4EDmRpXZhLbLBMVldUA2It5aDVuHIIKhHS+bohDqp6qJrHyxPrR
XkHHC7/qqEfPQRtp4dfxPT7EjqFGJzemLxlxAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUXskpoJ7z10wYObmLpIPeIK7nO84wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hza3BvSjd6MTB3WU9i
bUxwSVBlSUs3bk84NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAQNoygxoZxatcjSvnCATelJDV0iYJIqCz
aYZD/WqCIkSURqFOPhQ3nZq+c5CL7KqcTW5PCMOlJN5d+TTD+6/Q5dN8it2d6kT5
gOWHy44QN1FTu0Pfakh+9jR1BWJK1PFfVuCNY4dkQRD6G8KCs745yT4tRTggOQfq
MUxgwQaVNNy14KB92LVeGyoUXCS0G6eEENxhkA5gISnC4D4gC5PoxsGKchIchxFQ
9FTbbPpnO5peMBn0c/CmUHsD0N0Snez143xd85ahTB6/qzeZOgmUC/spbf7rwxBJ
3+aaSP2G3ij5991ZpcHemRYdYfl7dJyMgd280WxoGUXbe3kRetfhsA==
-----END CERTIFICATE-----
Generated at Sun May 18 04:49:55 2025 by rpki-client