Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YCAfb1sOl46DCLciYfiVA2_5tyM.roa
File: YCAfb1sOl46DCLciYfiVA2_5tyM.roa (raw, json)
Hash identifier: 1vVtJV0tqo90tZuzvr+MMPNHpsM+kydVzXK6CHs6bnQ=
Subject key identifier: 60:20:1F:6F:5B:0E:97:8E:83:08:B7:22:61:F8:95:03:6F:F9:B7:23
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3976
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YCAfb1sOl46DCLciYfiVA2_5tyM.roa
Signing time: Fri 05 Apr 2024 04:52:24 +0000
ROA not before: Fri 05 Apr 2024 04:52:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14710 (0x3976)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 5 04:52:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=60201F6F5B0E978E8308B72261F895036FF9B723
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:db:e5:fd:b4:95:ee:6d:92:98:57:cd:98:10:
8a:14:ec:c3:ed:b7:d5:91:bf:4c:f4:64:45:71:06:
fb:02:5f:f8:79:89:c6:99:df:30:62:06:1a:33:62:
68:79:1d:3d:ea:44:37:48:d9:45:f9:68:30:02:81:
50:19:10:84:7a:09:7c:d7:dd:1a:0c:0d:fe:e8:6b:
d6:c5:90:fd:86:1b:4d:59:1f:01:f7:64:4c:4c:64:
b5:7a:b4:b3:f3:7c:c0:14:99:12:e6:dd:04:ab:d9:
0a:12:7b:6b:19:6f:a5:35:bc:af:05:4a:d4:06:96:
77:79:f2:ae:cf:2e:c7:41:9f:f8:a1:0b:81:5f:70:
84:50:81:e9:37:06:28:97:93:fe:da:1d:d0:bb:4c:
02:f4:96:bb:44:b5:e6:81:7f:a0:c2:e2:0a:c7:3a:
09:e8:9e:8f:51:73:56:e5:39:07:9a:a4:c3:a3:7a:
2d:49:68:98:3f:f4:50:38:5b:b2:c7:02:04:ae:ca:
1d:2c:5a:53:c5:b3:01:fb:dc:18:6b:e8:af:80:03:
3c:0a:d8:c1:29:43:f4:3c:39:16:c5:00:5f:87:e7:
ca:e3:69:38:ef:e1:12:1b:d4:92:07:80:80:d7:52:
a6:e0:3e:cc:dd:2b:41:a6:d0:1a:58:00:2f:65:69:
28:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:20:1F:6F:5B:0E:97:8E:83:08:B7:22:61:F8:95:03:6F:F9:B7:23
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YCAfb1sOl46DCLciYfiVA2_5tyM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
11:04:1b:c8:b4:0d:12:75:03:40:20:97:b7:3e:5d:20:11:ee:
46:71:dd:21:c0:3a:75:30:20:ac:c6:fb:5c:9a:34:77:59:d1:
dc:a9:f2:0e:2f:6e:da:ad:c5:5f:72:a3:f1:0d:1b:ae:d5:87:
4e:88:75:83:e1:f9:fa:cf:71:62:f4:5d:a3:91:08:64:a2:97:
92:d4:fb:9d:5d:af:35:44:95:7d:29:8b:dc:28:ee:6e:94:58:
98:e9:c7:63:dd:0b:f5:78:99:e2:31:f9:d5:22:c5:41:5b:b4:
3b:84:86:5c:aa:a0:8f:04:41:ba:14:3b:64:8e:07:90:63:44:
70:72:d7:23:83:5e:15:23:4e:15:5b:14:d4:e7:94:41:21:dd:
80:18:7d:b7:97:ef:e6:37:f1:3c:4d:40:6b:4d:05:fd:e7:f2:
ac:66:da:47:52:3d:80:2d:19:81:da:89:02:11:28:a2:76:cc:
d7:ed:fa:2d:2c:a1:ef:fe:5a:a6:94:26:f0:7e:08:23:cd:eb:
5e:bd:72:c0:d5:d5:93:aa:06:94:a8:20:b4:65:46:f7:d3:23:
02:84:a4:99:05:e6:87:58:37:25:e3:56:06:4c:bc:ca:67:88:
e8:0d:1a:88:7b:63:e6:b6:7a:91:32:79:ac:e2:e8:e6:2a:cf:
82:39:e5:41
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOXYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDUw
NDUyMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYwMjAxRjZGNUIwRTk3
OEU4MzA4QjcyMjYxRjg5NTAzNkZGOUI3MjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCw2+X9tJXubZKYV82YEIoU7MPtt9WRv0z0ZEVxBvsCX/h5icaZ
3zBiBhozYmh5HT3qRDdI2UX5aDACgVAZEIR6CXzX3RoMDf7oa9bFkP2GG01ZHwH3
ZExMZLV6tLPzfMAUmRLm3QSr2QoSe2sZb6U1vK8FStQGlnd58q7PLsdBn/ihC4Ff
cIRQgek3BiiXk/7aHdC7TAL0lrtEteaBf6DC4grHOgnono9Rc1blOQeapMOjei1J
aJg/9FA4W7LHAgSuyh0sWlPFswH73Bhr6K+AAzwK2MEpQ/Q8ORbFAF+H58rjaTjv
4RIb1JIHgIDXUqbgPszdK0Gm0BpYAC9laShhAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUYCAfb1sOl46DCLciYfiVA2/5tyMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lDQWZiMXNPbDQ2RENM
Y2lZZmlWQTJfNXR5TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAEQQbyLQNEnUDQCCXtz5dIBHuRnHdIcA6
dTAgrMb7XJo0d1nR3KnyDi9u2q3FX3Kj8Q0brtWHToh1g+H5+s9xYvRdo5EIZKKX
ktT7nV2vNUSVfSmL3CjubpRYmOnHY90L9XiZ4jH51SLFQVu0O4SGXKqgjwRBuhQ7
ZI4HkGNEcHLXI4NeFSNOFVsU1OeUQSHdgBh9t5fv5jfxPE1Aa00F/efyrGbaR1I9
gC0ZgdqJAhEoonbM1+36LSyh7/5appQm8H4II83rXr1ywNXVk6oGlKggtGVG99Mj
AoSkmQXmh1g3JeNWBky8ymeI6A0aiHtj5rZ6kTJ5rOLo5irPgjnlQQ==
-----END CERTIFICATE-----
Generated at Sat May 17 19:49:05 2025 by rpki-client