Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Y13ccr8lJZoz4QpdV2PU-JFibIA.roa
File: Y13ccr8lJZoz4QpdV2PU-JFibIA.roa (raw, json)
Hash identifier: fStS1aRrznzUtG+KFtUYsEx5EoKcn/UTZzlxADvtcms=
Subject key identifier: 63:5D:DC:72:BF:25:25:9A:33:E1:0A:5D:57:63:D4:F8:91:62:6C:80
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A1A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Y13ccr8lJZoz4QpdV2PU-JFibIA.roa
Signing time: Sat 27 Apr 2024 09:23:35 +0000
ROA not before: Sat 27 Apr 2024 09:23:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18970 (0x4a1a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 09:23:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=635DDC72BF25259A33E10A5D5763D4F891626C80
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:59:bf:aa:c8:d8:91:9d:85:dd:e8:20:f0:0d:
35:22:10:f2:cc:b7:af:fd:82:e5:ba:a6:0d:78:92:
40:84:bd:36:0b:b1:23:c6:a2:da:e8:f8:3e:07:52:
98:73:b3:b0:59:31:f2:d8:88:70:44:17:e5:6a:9b:
3a:d7:31:8a:f8:c4:38:40:0f:74:d5:89:40:48:9d:
e7:63:27:b6:53:e7:75:50:46:6b:f4:91:d0:9d:60:
f2:66:9b:09:62:26:66:68:e3:c2:d8:1e:ba:21:90:
52:e2:e6:eb:52:7b:71:d4:b4:dc:7d:94:6b:6e:4e:
e7:38:79:99:6b:92:a9:05:fb:c9:39:11:be:f8:78:
ba:51:55:71:ee:4f:30:bb:b7:69:e7:54:28:bd:3e:
11:17:3e:bd:e9:3a:ea:0f:c5:27:55:63:bb:ab:b8:
9c:17:91:4c:83:9c:f5:75:9d:7f:e7:cf:72:57:15:
3e:4c:1f:f1:5f:92:76:28:81:8c:1b:29:08:2a:af:
39:96:a4:36:1e:9e:a6:6f:60:e6:f3:e2:1e:58:43:
f5:ca:5a:18:7e:32:92:9d:55:cd:eb:ba:ca:06:86:
b9:82:5c:bd:05:71:07:7f:b7:ad:92:1c:97:89:61:
0e:0a:8a:68:78:a5:7f:ea:6f:04:98:ac:18:15:a1:
2c:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:5D:DC:72:BF:25:25:9A:33:E1:0A:5D:57:63:D4:F8:91:62:6C:80
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Y13ccr8lJZoz4QpdV2PU-JFibIA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b5:a4:32:9b:5a:f9:b5:77:e4:fc:7c:2d:bc:25:d0:b4:25:a4:
72:dd:66:7c:38:23:1c:77:26:a9:a3:88:7a:49:e0:b0:95:aa:
aa:f8:d8:ec:53:29:53:a6:42:b3:26:e7:b7:01:cd:db:08:d4:
9b:22:23:3f:ac:88:c9:1f:22:63:b2:57:20:6a:fe:af:f0:52:
73:9c:a6:ce:76:42:b5:ac:e7:4d:f8:85:21:cc:24:cf:26:fb:
c9:da:2a:b7:cc:83:1e:bc:f1:07:37:a5:2f:9d:4f:19:c7:26:
fc:64:81:dc:4e:68:11:a8:eb:e4:30:8a:dd:bc:08:a9:00:19:
21:a9:91:c3:a9:6d:f9:bb:9d:14:d0:02:9f:21:17:2c:53:a3:
4e:01:b1:29:8a:c4:7d:b1:09:29:fc:03:75:b6:e7:3c:47:94:
80:f1:49:cf:3f:9e:fd:df:a7:ef:f9:0d:82:dd:30:87:60:e9:
6f:dd:54:a1:cc:87:b5:e4:e9:a2:f3:00:b1:d0:f6:1c:b4:c7:
ec:89:e0:12:db:dc:91:e9:38:a5:20:7c:17:de:b6:b9:40:9f:
e3:ab:0d:57:31:cc:13:7e:4f:22:be:27:96:4a:26:eb:7b:af:
7e:e0:e7:27:aa:8e:92:0b:90:8d:ca:4b:cb:1e:7c:c2:2d:00:
b5:c6:0f:97
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICShowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcw
OTIzMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYzNUREQzcyQkYyNTI1
OUEzM0UxMEE1RDU3NjNENEY4OTE2MjZDODAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+Wb+qyNiRnYXd6CDwDTUiEPLMt6/9guW6pg14kkCEvTYLsSPG
otro+D4HUphzs7BZMfLYiHBEF+VqmzrXMYr4xDhAD3TViUBInedjJ7ZT53VQRmv0
kdCdYPJmmwliJmZo48LYHrohkFLi5utSe3HUtNx9lGtuTuc4eZlrkqkF+8k5Eb74
eLpRVXHuTzC7t2nnVCi9PhEXPr3pOuoPxSdVY7uruJwXkUyDnPV1nX/nz3JXFT5M
H/FfknYogYwbKQgqrzmWpDYenqZvYObz4h5YQ/XKWhh+MpKdVc3rusoGhrmCXL0F
cQd/t62SHJeJYQ4Kimh4pX/qbwSYrBgVoSwlAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUY13ccr8lJZoz4QpdV2PU+JFibIAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1kxM2NjcjhsSlpvejRR
cGRWMlBVLUpGaWJJQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAtaQym1r5tXfk/HwtvCXQtCWkct1mfDgj
HHcmqaOIekngsJWqqvjY7FMpU6ZCsybntwHN2wjUmyIjP6yIyR8iY7JXIGr+r/BS
c5ymznZCtaznTfiFIcwkzyb7ydoqt8yDHrzxBzelL51PGccm/GSB3E5oEajr5DCK
3bwIqQAZIamRw6lt+budFNACnyEXLFOjTgGxKYrEfbEJKfwDdbbnPEeUgPFJzz+e
/d+n7/kNgt0wh2Dpb91UocyHteTpovMAsdD2HLTH7IngEtvckek4pSB8F962uUCf
46sNVzHME35PIr4nlkom63uvfuDnJ6qOkguQjcpLyx58wi0AtcYPlw==
-----END CERTIFICATE-----
Generated at Sun May 18 02:03:02 2025 by rpki-client