Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YSWOtRCISvy0pzs14rWthY0Gefc.roa
File: YSWOtRCISvy0pzs14rWthY0Gefc.roa (raw, json)
Hash identifier: y6G0LMiq3N4rNWxnaTx4ioJCsoyt0WJ//JIz+p5JZ/8=
Subject key identifier: 61:25:8E:B5:10:88:4A:FC:B4:A7:3B:35:E2:B5:AD:85:8D:06:79:F7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 51CE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YSWOtRCISvy0pzs14rWthY0Gefc.roa
Signing time: Tue 07 May 2024 15:54:11 +0000
ROA not before: Tue 07 May 2024 15:54:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20942 (0x51ce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 15:54:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=61258EB510884AFCB4A73B35E2B5AD858D0679F7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:cf:b9:24:07:47:80:17:ee:40:b5:f4:35:13:
51:bf:6f:33:24:c8:00:a6:19:4d:36:2a:55:15:81:
ea:68:36:4e:08:7c:e1:2d:5a:12:49:0c:17:61:80:
59:dd:ca:76:16:20:4d:da:dd:7e:1b:aa:b2:c5:94:
ac:1e:57:25:29:3b:c5:2a:21:29:81:a0:b7:60:2c:
54:bc:e8:ef:49:9c:96:f2:3c:37:58:8d:22:05:e8:
98:82:c6:1e:69:b9:13:a8:e7:a0:82:1c:17:f9:86:
9d:11:59:d8:de:cc:45:dc:be:7f:64:de:a4:ea:33:
78:d5:d2:41:dc:6e:ac:2c:b2:8d:41:5e:4e:e3:9c:
f7:12:87:92:b1:ef:9e:d2:bc:d9:e2:c5:15:a3:83:
00:04:68:e9:e8:2d:23:b9:30:65:3d:9e:e5:14:33:
e3:b9:64:2e:c5:f7:25:f9:0d:e7:3b:a5:d8:fe:3a:
29:dc:e5:eb:49:81:98:c9:0c:e5:ab:56:d5:67:12:
7d:e0:80:9f:c0:a8:1a:94:83:d0:b4:e1:f8:b8:f3:
54:30:ee:78:20:37:76:b4:c9:10:c5:20:fa:44:b9:
a9:5f:dc:eb:6c:a4:bf:3e:b5:40:1d:20:71:c7:57:
a4:72:34:45:36:1e:f5:cf:7e:f5:81:30:d9:9f:f3:
6e:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:25:8E:B5:10:88:4A:FC:B4:A7:3B:35:E2:B5:AD:85:8D:06:79:F7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YSWOtRCISvy0pzs14rWthY0Gefc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
17:23:ce:1c:09:c9:8f:87:63:f9:ca:38:c1:d1:e3:3d:f7:b3:
67:69:7b:f6:b1:2a:94:3f:21:a3:5f:8d:71:b7:5d:b1:bc:f7:
d9:1a:02:96:c3:fb:95:ac:15:d1:51:c3:06:2b:1c:da:04:4f:
95:3a:84:05:76:0b:d1:fa:be:8c:49:00:09:6e:3b:1a:a9:3f:
c4:5d:9c:a7:eb:cc:3e:79:98:cd:96:f1:35:3d:e1:3c:76:5b:
d5:ec:16:87:60:cd:12:96:73:26:3b:6f:c6:92:b5:d0:b4:dc:
4e:b0:b8:71:ed:08:94:b6:a2:56:23:54:47:0c:73:55:4a:14:
81:11:53:93:a7:28:66:a2:6b:d8:29:77:8c:60:e7:25:34:39:
59:17:30:74:2e:a8:00:40:0e:de:7f:2b:c4:62:e5:4a:9e:54:
d9:83:2c:d4:12:d2:8e:a9:a7:b0:60:ca:2b:29:b6:fd:1f:5c:
8c:7a:0b:3c:87:f8:a7:f1:3c:88:39:42:6f:27:b0:3e:cd:6a:
38:0e:10:18:d6:c0:ba:14:cb:92:b2:3e:41:6c:95:46:81:30:
e8:ea:46:18:f1:ea:bb:48:f8:5e:42:18:32:ad:2c:c2:93:71:
99:c0:3d:c5:fc:e9:c9:4f:f4:d5:b6:73:38:07:12:70:60:93:
a1:01:d0:61
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICUc4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcx
NTU0MTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYxMjU4RUI1MTA4ODRB
RkNCNEE3M0IzNUUyQjVBRDg1OEQwNjc5RjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxz7kkB0eAF+5AtfQ1E1G/bzMkyACmGU02KlUVgepoNk4IfOEt
WhJJDBdhgFndynYWIE3a3X4bqrLFlKweVyUpO8UqISmBoLdgLFS86O9JnJbyPDdY
jSIF6JiCxh5puROo56CCHBf5hp0RWdjezEXcvn9k3qTqM3jV0kHcbqwsso1BXk7j
nPcSh5Kx757SvNnixRWjgwAEaOnoLSO5MGU9nuUUM+O5ZC7F9yX5Dec7pdj+Oinc
5etJgZjJDOWrVtVnEn3ggJ/AqBqUg9C04fi481Qw7nggN3a0yRDFIPpEualf3Ots
pL8+tUAdIHHHV6RyNEU2HvXPfvWBMNmf827JAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUYSWOtRCISvy0pzs14rWthY0GefcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lTV090UkNJU3Z5MHB6
czE0cld0aFkwR2VmYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAFyPOHAnJj4dj+co4wdHjPfezZ2l79rEq
lD8ho1+Ncbddsbz32RoClsP7lawV0VHDBisc2gRPlTqEBXYL0fq+jEkACW47Gqk/
xF2cp+vMPnmYzZbxNT3hPHZb1ewWh2DNEpZzJjtvxpK10LTcTrC4ce0IlLaiViNU
RwxzVUoUgRFTk6coZqJr2Cl3jGDnJTQ5WRcwdC6oAEAO3n8rxGLlSp5U2YMs1BLS
jqmnsGDKKym2/R9cjHoLPIf4p/E8iDlCbyewPs1qOA4QGNbAuhTLkrI+QWyVRoEw
6OpGGPHqu0j4XkIYMq0swpNxmcA9xfzpyU/01bZzOAcScGCToQHQYQ==
-----END CERTIFICATE-----
Generated at Sat May 17 21:31:28 2025 by rpki-client