Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YOHZhvlnT4TcQ1gVPnUiZlRceQ0.roa
File: YOHZhvlnT4TcQ1gVPnUiZlRceQ0.roa (raw, json)
Hash identifier: IDea74GbUbJozy5WFZhPFNO8pcoNLeL9BmbUfepoK9A=
Subject key identifier: 60:E1:D9:86:F9:67:4F:84:DC:43:58:15:3E:75:22:66:54:5C:79:0D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34BE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YOHZhvlnT4TcQ1gVPnUiZlRceQ0.roa
Signing time: Fri 29 Mar 2024 21:52:06 +0000
ROA not before: Fri 29 Mar 2024 21:52:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13502 (0x34be)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 21:52:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=60E1D986F9674F84DC4358153E752266545C790D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:7a:7e:d9:1b:40:a0:3b:bb:bf:27:ad:77:3e:
aa:3e:fe:6f:e8:39:a4:e5:33:36:80:8d:d9:7a:c6:
34:1d:61:db:3f:d5:c3:c6:84:6e:7c:5a:ce:5e:70:
74:d8:23:3e:4e:e9:aa:3f:7d:af:43:d0:53:db:28:
45:a3:38:c8:c4:53:23:05:33:c3:29:d6:47:ae:e9:
73:c4:52:ae:5f:44:98:60:87:c9:55:23:54:f8:d6:
95:68:97:3a:01:3b:17:20:5f:a0:95:f0:d9:81:77:
67:f5:1e:80:61:e8:84:11:f4:d0:8e:41:a6:a8:f5:
32:70:2d:2f:fe:34:6d:57:6e:40:4b:95:f2:c9:30:
30:be:82:59:14:78:ff:c1:38:69:ac:5a:bf:11:ba:
38:34:ad:2f:23:9e:5c:a3:fb:7f:ad:7c:92:f0:c1:
b3:e8:4f:f7:b2:fc:b2:1a:1f:aa:7b:f4:8d:f7:eb:
ae:9c:cf:8a:6b:dc:1c:8d:31:94:af:7b:c6:e4:5f:
d8:98:91:c8:dd:88:22:b6:91:7b:e0:97:7d:cd:e0:
62:23:57:14:20:64:68:3a:9a:f8:e7:66:4a:d5:69:
19:9d:91:02:f2:10:c9:55:1e:74:d5:b7:6b:fa:b0:
19:33:23:0d:2a:3f:5e:72:9e:da:8c:33:1a:5b:3c:
64:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:E1:D9:86:F9:67:4F:84:DC:43:58:15:3E:75:22:66:54:5C:79:0D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YOHZhvlnT4TcQ1gVPnUiZlRceQ0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
18:6a:b8:a0:b5:44:44:e6:ea:d0:34:f4:a5:72:d1:80:22:e9:
43:4d:2e:d1:18:67:39:60:58:90:06:68:e6:89:fd:06:8c:b7:
ad:34:02:e4:bb:fc:1b:de:db:37:3a:5e:cd:63:0a:a8:68:0a:
c3:d8:12:70:6c:75:17:ef:da:ab:57:e1:48:bb:73:83:56:49:
72:f5:2e:f2:53:0a:5a:0f:8d:cb:a1:c5:36:b8:c6:2a:19:b7:
4f:ce:38:39:60:9b:f7:72:ce:b5:f7:f7:96:55:e2:5c:3b:ef:
0e:94:e8:bf:bb:95:d5:cd:a8:fe:a3:8e:ef:a8:47:1f:48:4c:
92:7d:5c:59:86:61:11:6f:d9:f1:c9:c2:53:47:af:b0:82:4f:
e5:2c:e0:94:f0:dd:4c:db:c4:44:e0:08:97:91:9b:9e:4d:f0:
fc:85:c4:72:7f:42:3f:d3:5f:ed:13:4b:81:42:bd:70:bb:5a:
9a:47:71:90:ad:16:1c:d2:61:d5:e1:27:e6:85:5f:8a:c1:86:
07:c2:ea:14:df:45:5e:eb:87:d3:1a:83:e2:e4:3d:86:5d:83:
9c:d9:c5:7e:a8:8e:cb:b0:49:42:bb:36:1f:99:e6:ad:6b:04:
a1:2e:d3:12:ab:5d:bc:b6:e5:21:43:90:9a:5a:70:6d:01:3d:
9a:a1:88:40
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNL4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjky
MTUyMDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYwRTFEOTg2Rjk2NzRG
ODREQzQzNTgxNTNFNzUyMjY2NTQ1Qzc5MEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDten7ZG0CgO7u/J613Pqo+/m/oOaTlMzaAjdl6xjQdYds/1cPG
hG58Ws5ecHTYIz5O6ao/fa9D0FPbKEWjOMjEUyMFM8Mp1keu6XPEUq5fRJhgh8lV
I1T41pVolzoBOxcgX6CV8NmBd2f1HoBh6IQR9NCOQaao9TJwLS/+NG1XbkBLlfLJ
MDC+glkUeP/BOGmsWr8Rujg0rS8jnlyj+3+tfJLwwbPoT/ey/LIaH6p79I33666c
z4pr3ByNMZSve8bkX9iYkcjdiCK2kXvgl33N4GIjVxQgZGg6mvjnZkrVaRmdkQLy
EMlVHnTVt2v6sBkzIw0qP15yntqMMxpbPGR1AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUYOHZhvlnT4TcQ1gVPnUiZlRceQ0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lPSFpodmxuVDRUY1Ex
Z1ZQblVpWmxSY2VRMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAGGq4oLVERObq0DT0pXLRgCLpQ00u0Rhn
OWBYkAZo5on9Boy3rTQC5Lv8G97bNzpezWMKqGgKw9gScGx1F+/aq1fhSLtzg1ZJ
cvUu8lMKWg+Ny6HFNrjGKhm3T844OWCb93LOtff3llXiXDvvDpTov7uV1c2o/qOO
76hHH0hMkn1cWYZhEW/Z8cnCU0evsIJP5SzglPDdTNvEROAIl5Gbnk3w/IXEcn9C
P9Nf7RNLgUK9cLtamkdxkK0WHNJh1eEn5oVfisGGB8LqFN9FXuuH0xqD4uQ9hl2D
nNnFfqiOy7BJQrs2H5nmrWsEoS7TEqtdvLblIUOQmlpwbQE9mqGIQA==
-----END CERTIFICATE-----
Generated at Sat May 17 21:30:14 2025 by rpki-client