Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_aKqEunrIgcB2JeH4gdfZctC0y4.roa
File: _aKqEunrIgcB2JeH4gdfZctC0y4.roa (raw, json)
Hash identifier: zxnHvJ8WYk3pA3DtKbkmGEHmU2qljyw5vanwQL/YXZU=
Subject key identifier: FD:A2:AA:12:E9:EB:22:07:01:D8:97:87:E2:07:5F:65:CB:42:D3:2E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3FCE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_aKqEunrIgcB2JeH4gdfZctC0y4.roa
Signing time: Sat 13 Apr 2024 15:52:49 +0000
ROA not before: Sat 13 Apr 2024 15:52:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16334 (0x3fce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 15:52:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FDA2AA12E9EB220701D89787E2075F65CB42D32E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:20:38:d6:de:10:a4:17:b5:b1:73:4d:92:2a:
68:25:70:cb:d4:bb:f2:dd:51:ea:d9:3a:a3:7f:8f:
cc:cd:51:05:3d:70:be:2e:ce:64:8e:14:43:d9:52:
28:0b:4d:5a:ef:d3:be:b5:d3:82:d2:13:36:94:ad:
8c:03:6b:e3:b9:87:55:05:4f:f0:17:01:af:60:59:
3e:f6:22:c9:c0:44:eb:0f:58:6d:7e:01:e0:7f:5f:
04:0b:17:29:d3:07:ff:82:9a:98:18:ea:e0:76:43:
e9:58:e2:4a:1b:3e:d9:00:3d:4d:ea:05:79:d1:4c:
e5:93:bf:ee:5d:81:67:6a:01:f9:9c:a1:59:29:28:
20:32:c0:1a:ad:22:4c:46:07:e3:86:cc:85:71:fc:
12:09:b1:a7:8d:f4:19:f4:64:a0:7f:c7:4a:9f:0a:
19:31:7a:2a:3c:42:52:9c:7c:dd:ab:ff:08:bb:d8:
50:b9:0c:1b:51:ae:7a:23:d2:14:72:70:a4:6d:17:
e3:ed:ba:2d:34:01:05:8d:be:ce:97:c9:0b:cb:29:
38:6f:73:e0:5e:94:b9:0b:9d:17:e2:67:86:62:26:
c3:08:7c:9d:d8:a1:5a:86:04:db:94:de:8a:5c:9d:
59:46:f3:2d:70:f8:23:e5:f7:72:a4:d1:1a:96:a9:
7e:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:A2:AA:12:E9:EB:22:07:01:D8:97:87:E2:07:5F:65:CB:42:D3:2E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_aKqEunrIgcB2JeH4gdfZctC0y4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8d:c2:02:0d:c3:fe:e5:c0:82:4c:d8:c4:30:30:39:a6:38:a0:
98:dd:8c:d8:1f:4c:b6:f1:d4:e3:03:76:46:cb:e0:26:d5:36:
ca:7e:42:1c:d9:bb:c9:86:3c:b0:dd:15:b9:3e:5a:d5:9e:cf:
3a:a1:a1:f1:dd:9a:7b:ea:fc:b9:e5:c5:1a:72:d5:56:bd:4d:
1f:e3:4f:d7:ea:e1:e6:4b:21:08:62:b5:9f:5b:23:d9:5a:b0:
3b:2a:8a:41:3b:08:a5:46:45:57:14:a7:ea:60:e4:43:09:5c:
f9:ba:ba:7e:62:53:a5:22:a1:99:32:c7:23:3d:7b:81:8c:8b:
dd:09:3c:fe:0a:84:18:ba:aa:9e:cf:31:a2:2e:69:fc:8d:e9:
44:72:df:dc:80:f5:ef:a4:93:8a:2b:85:2d:7f:b4:63:8a:be:
3f:1e:ff:29:db:09:dc:dc:cb:03:c6:23:8e:2b:b2:9f:f8:4b:
c1:af:22:11:5f:98:60:d7:b3:bd:77:71:e4:7c:83:66:f7:25:
d4:db:49:8e:40:c4:19:35:64:8a:42:39:4b:96:35:be:ac:ba:
39:f9:13:50:c2:1f:58:bc:42:06:cb:85:67:96:38:c5:df:68:
31:5c:30:59:de:d6:16:8f:6b:f0:0e:48:d2:71:d7:ce:d1:46:
0e:8d:c2:37
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICP84wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMx
NTUyNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZEQTJBQTEyRTlFQjIy
MDcwMUQ4OTc4N0UyMDc1RjY1Q0I0MkQzMkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAIDjW3hCkF7Wxc02SKmglcMvUu/LdUerZOqN/j8zNUQU9cL4u
zmSOFEPZUigLTVrv076104LSEzaUrYwDa+O5h1UFT/AXAa9gWT72IsnAROsPWG1+
AeB/XwQLFynTB/+CmpgY6uB2Q+lY4kobPtkAPU3qBXnRTOWTv+5dgWdqAfmcoVkp
KCAywBqtIkxGB+OGzIVx/BIJsaeN9Bn0ZKB/x0qfChkxeio8QlKcfN2r/wi72FC5
DBtRrnoj0hRycKRtF+Ptui00AQWNvs6XyQvLKThvc+BelLkLnRfiZ4ZiJsMIfJ3Y
oVqGBNuU3opcnVlG8y1w+CPl93Kk0RqWqX51AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU/aKqEunrIgcB2JeH4gdfZctC0y4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19hS3FFdW5ySWdjQjJK
ZUg0Z2RmWmN0QzB5NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAjcICDcP+5cCCTNjEMDA5pjigmN2M2B9M
tvHU4wN2RsvgJtU2yn5CHNm7yYY8sN0VuT5a1Z7POqGh8d2ae+r8ueXFGnLVVr1N
H+NP1+rh5kshCGK1n1sj2VqwOyqKQTsIpUZFVxSn6mDkQwlc+bq6fmJTpSKhmTLH
Iz17gYyL3Qk8/gqEGLqqns8xoi5p/I3pRHLf3ID176STiiuFLX+0Y4q+Px7/KdsJ
3NzLA8Yjjiuyn/hLwa8iEV+YYNezvXdx5HyDZvcl1NtJjkDEGTVkikI5S5Y1vqy6
OfkTUMIfWLxCBsuFZ5Y4xd9oMVwwWd7WFo9r8A5I0nHXztFGDo3CNw==
-----END CERTIFICATE-----
Generated at Sat May 17 23:42:09 2025 by rpki-client