Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/a2cMHSiKDjeOh6zBOd84nxr5UN0.roa
File: a2cMHSiKDjeOh6zBOd84nxr5UN0.roa (raw, json)
Hash identifier: p6yE/Yt13PojCX/Zb0oWvHT+h+CFv9oT+i6ngEvovDg=
Subject key identifier: 6B:67:0C:1D:28:8A:0E:37:8E:87:AC:C1:39:DF:38:9F:1A:F9:50:DD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5812
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/a2cMHSiKDjeOh6zBOd84nxr5UN0.roa
Signing time: Thu 16 May 2024 00:24:14 +0000
ROA not before: Thu 16 May 2024 00:24:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22546 (0x5812)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 00:24:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6B670C1D288A0E378E87ACC139DF389F1AF950DD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:e8:5c:30:a1:72:86:11:62:75:23:be:33:0b:
02:74:6c:0e:13:8f:c3:74:e3:f8:30:f5:8c:7e:2e:
b1:4c:9d:6d:67:92:9d:c8:2e:97:ec:40:e1:d6:d4:
77:3c:9f:47:2d:09:e1:67:23:ca:1e:85:96:a7:70:
67:0c:db:96:cb:df:59:6a:f0:f3:54:d7:b9:48:d9:
ae:09:4b:b2:dd:ac:22:62:0b:3d:61:a6:5a:64:d3:
4d:9c:87:7b:d2:29:01:19:ce:a9:00:bf:8c:54:56:
60:14:00:48:61:b5:19:6e:b2:70:68:6f:94:3a:70:
de:6b:ef:cd:f1:05:27:2b:dc:b4:ab:be:f8:f1:16:
41:86:b1:f2:50:ea:8d:ff:53:22:15:97:a2:59:7f:
4a:99:40:e3:17:0c:fb:15:fa:7c:8b:91:0a:1e:6d:
86:bc:b6:fd:67:ab:48:f8:e6:6f:a5:2b:7c:6b:be:
45:89:d3:4e:f9:b4:81:18:4f:79:75:a4:e7:8a:3f:
d0:d6:25:67:5c:ec:cb:80:bc:ae:e4:10:99:c5:2b:
3d:be:f0:fd:d6:7b:e3:44:57:29:ea:8e:5f:6b:7f:
d6:a2:6f:7e:26:9e:56:dd:27:dc:a0:a0:2f:ff:e0:
7a:2d:30:85:3d:e9:51:6f:15:aa:f4:4c:88:03:37:
4a:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:67:0C:1D:28:8A:0E:37:8E:87:AC:C1:39:DF:38:9F:1A:F9:50:DD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/a2cMHSiKDjeOh6zBOd84nxr5UN0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2a:fa:66:27:54:c1:27:ad:12:6c:fc:55:f0:0b:57:1a:8c:69:
fc:46:aa:5a:54:28:0e:c6:e0:11:48:5a:d7:f6:6e:ad:70:61:
4e:fb:05:8b:fb:ad:22:12:8d:5b:4e:be:ae:aa:2a:18:6c:16:
60:2f:83:ee:b1:14:8e:9e:f1:d7:b7:2e:de:82:3c:73:5c:a9:
27:92:db:c5:cf:2e:f5:6d:36:db:3b:6d:64:bd:0c:c1:bd:62:
ad:ca:90:08:d4:a6:e0:74:21:ca:0f:d0:08:2d:e8:bb:bf:9f:
38:a8:5a:d1:cb:d0:53:f1:fc:92:d1:7e:9e:b2:3f:13:f4:dc:
8a:f4:40:be:09:75:4a:f9:1e:0d:5f:28:fa:59:8f:c6:18:71:
18:d9:44:5c:f4:dc:bf:59:ce:be:e1:57:12:84:a0:d9:ff:b5:
a5:5f:5c:5d:15:0c:23:78:bf:c3:ef:5b:e2:4b:33:07:d3:a2:
21:18:00:f4:ea:fc:25:4c:0c:18:5c:9b:0a:1c:45:87:c3:77:
02:fa:b6:67:45:02:8f:63:e7:99:be:0d:69:61:69:08:15:a2:
58:9c:d9:b8:92:54:e2:1c:51:86:47:f4:70:4d:8d:20:59:d1:
e6:2d:66:83:c4:e1:ce:ff:ef:0c:c2:0c:7f:15:1e:6e:10:b8:
6c:3e:b1:3b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICWBIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTYw
MDI0MTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZCNjcwQzFEMjg4QTBF
Mzc4RTg3QUNDMTM5REYzODlGMUFGOTUwREQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC06FwwoXKGEWJ1I74zCwJ0bA4Tj8N04/gw9Yx+LrFMnW1nkp3I
LpfsQOHW1Hc8n0ctCeFnI8oehZancGcM25bL31lq8PNU17lI2a4JS7LdrCJiCz1h
plpk002ch3vSKQEZzqkAv4xUVmAUAEhhtRlusnBob5Q6cN5r783xBScr3LSrvvjx
FkGGsfJQ6o3/UyIVl6JZf0qZQOMXDPsV+nyLkQoebYa8tv1nq0j45m+lK3xrvkWJ
0075tIEYT3l1pOeKP9DWJWdc7MuAvK7kEJnFKz2+8P3We+NEVynqjl9rf9aib34m
nlbdJ9ygoC//4HotMIU96VFvFar0TIgDN0rDAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUa2cMHSiKDjeOh6zBOd84nxr5UN0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2EyY01IU2lLRGplT2g2
ekJPZDg0bnhyNVVOMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAKvpmJ1TBJ60SbPxV8AtXGoxp/EaqWlQo
DsbgEUha1/ZurXBhTvsFi/utIhKNW06+rqoqGGwWYC+D7rEUjp7x17cu3oI8c1yp
J5Lbxc8u9W022zttZL0Mwb1ircqQCNSm4HQhyg/QCC3ou7+fOKha0cvQU/H8ktF+
nrI/E/TcivRAvgl1SvkeDV8o+lmPxhhxGNlEXPTcv1nOvuFXEoSg2f+1pV9cXRUM
I3i/w+9b4kszB9OiIRgA9Or8JUwMGFybChxFh8N3Avq2Z0UCj2Pnmb4NaWFpCBWi
WJzZuJJU4hxRhkf0cE2NIFnR5i1mg8Thzv/vDMIMfxUebhC4bD6xOw==
-----END CERTIFICATE-----
Generated at Sat May 17 19:39:54 2025 by rpki-client