Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Y3FUREwZd_9DDX9tyiAVwsHYPbw.roa
File: Y3FUREwZd_9DDX9tyiAVwsHYPbw.roa (raw, json)
Hash identifier: 1iDLKwCcURfdJTofgA+AFSfSVWbl1xXjQ5ox3dDME4A=
Subject key identifier: 63:71:54:44:4C:19:77:FF:43:0D:7F:6D:CA:20:15:C2:C1:D8:3D:BC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DB2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Y3FUREwZd_9DDX9tyiAVwsHYPbw.roa
Signing time: Thu 02 May 2024 04:23:43 +0000
ROA not before: Thu 02 May 2024 04:23:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19890 (0x4db2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 04:23:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=637154444C1977FF430D7F6DCA2015C2C1D83DBC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:b1:1b:e8:b7:31:9e:bd:9b:1e:99:58:11:5d:
ff:b9:d3:c0:80:0a:33:c0:e3:78:5f:ae:86:00:a1:
9a:0d:33:f6:6f:7a:f7:f0:d8:fc:5e:33:45:76:c7:
df:e1:ff:13:dd:60:75:41:f2:72:3d:55:51:36:b3:
1f:77:4f:93:73:d6:82:86:0a:8c:3f:cd:5b:32:e1:
65:e3:99:22:45:d6:86:a8:95:b7:ed:42:ca:33:98:
30:e3:9a:23:15:e0:69:a8:55:85:a3:ea:ea:81:1c:
9b:a9:a3:76:e3:f0:4c:af:37:51:d4:85:3c:93:93:
a7:83:a4:1f:5e:98:fb:aa:ab:da:c1:87:43:a8:32:
5e:b4:fc:41:f2:58:bd:ef:78:59:23:39:69:8a:05:
3f:f0:59:0f:78:9b:45:9a:d3:23:3b:a8:46:cd:63:
68:f4:ca:38:1d:a2:1d:d7:8e:9f:d9:1c:43:58:95:
4b:93:c8:11:2d:76:94:26:e7:f2:44:4e:33:e7:0c:
a2:37:ba:04:55:e3:db:53:d8:64:db:0b:bf:8b:be:
6f:4f:e4:56:6f:b1:5c:79:16:d3:40:66:b6:26:f0:
ae:0a:cb:ad:7e:19:dd:40:97:4b:e3:60:c2:c3:3c:
80:82:3e:f1:64:8c:ed:95:33:15:b4:a3:bc:a3:cf:
56:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:71:54:44:4C:19:77:FF:43:0D:7F:6D:CA:20:15:C2:C1:D8:3D:BC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Y3FUREwZd_9DDX9tyiAVwsHYPbw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a7:cb:d3:53:87:9f:72:16:33:74:49:30:0a:f7:ef:79:11:ee:
e0:71:69:38:99:3b:56:a4:a9:91:88:fe:a3:59:11:0e:f7:12:
49:91:5a:ee:cb:7d:36:d3:38:6f:ef:4f:17:e7:16:30:16:fd:
e3:58:8f:fc:8d:87:08:27:5b:68:5d:27:2f:37:ef:b0:e1:9a:
6b:3a:f2:b2:99:96:2b:6f:fc:16:54:58:64:5b:75:e0:ac:05:
cd:cf:4a:76:c7:1c:60:7d:75:f2:82:6a:ca:ad:58:1c:eb:8f:
0d:f5:c5:94:92:29:9e:23:83:d3:41:5e:75:28:37:a0:52:67:
e2:82:40:bc:ae:53:f5:a3:96:6a:e8:bb:e4:70:33:20:60:d5:
50:07:b7:d7:90:db:39:e8:4c:f4:fc:de:ef:7a:8f:d9:c0:0a:
ed:1e:aa:ee:79:f4:54:06:17:b8:82:37:7b:1e:d2:ca:25:d9:
a4:89:31:27:7c:98:6b:12:d0:7a:aa:26:90:9c:4e:97:2f:2e:
90:21:de:ce:54:e8:9b:da:33:4f:a7:2b:f5:bd:5b:60:79:ff:
96:03:ed:83:f6:65:88:c4:82:5e:99:24:2c:d1:16:49:f3:4d:
28:7b:76:f5:f3:50:42:3d:40:62:1e:5d:14:bd:db:30:4c:92:
c8:02:2c:61
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTbIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
NDIzNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYzNzE1NDQ0NEMxOTc3
RkY0MzBEN0Y2RENBMjAxNUMyQzFEODNEQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3sRvotzGevZsemVgRXf+508CACjPA43hfroYAoZoNM/Zvevfw
2PxeM0V2x9/h/xPdYHVB8nI9VVE2sx93T5Nz1oKGCow/zVsy4WXjmSJF1oaolbft
QsozmDDjmiMV4GmoVYWj6uqBHJupo3bj8EyvN1HUhTyTk6eDpB9emPuqq9rBh0Oo
Ml60/EHyWL3veFkjOWmKBT/wWQ94m0Wa0yM7qEbNY2j0yjgdoh3Xjp/ZHENYlUuT
yBEtdpQm5/JETjPnDKI3ugRV49tT2GTbC7+Lvm9P5FZvsVx5FtNAZrYm8K4Ky61+
Gd1Al0vjYMLDPICCPvFkjO2VMxW0o7yjz1blAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUY3FUREwZd/9DDX9tyiAVwsHYPbwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1kzRlVSRXdaZF85RERY
OXR5aUFWd3NIWVBidy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAp8vTU4efchYzdEkwCvfveRHu4HFpOJk7
VqSpkYj+o1kRDvcSSZFa7st9NtM4b+9PF+cWMBb941iP/I2HCCdbaF0nLzfvsOGa
azryspmWK2/8FlRYZFt14KwFzc9KdsccYH118oJqyq1YHOuPDfXFlJIpniOD00Fe
dSg3oFJn4oJAvK5T9aOWaui75HAzIGDVUAe315DbOehM9Pze73qP2cAK7R6q7nn0
VAYXuII3ex7SyiXZpIkxJ3yYaxLQeqomkJxOly8ukCHezlTom9ozT6cr9b1bYHn/
lgPtg/ZliMSCXpkkLNEWSfNNKHt29fNQQj1AYh5dFL3bMEySyAIsYQ==
-----END CERTIFICATE-----
Generated at Sun May 18 02:09:24 2025 by rpki-client