Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/abJsIRrA1S1PrrKYB1o33uDhUTI.roa
File: abJsIRrA1S1PrrKYB1o33uDhUTI.roa (raw, json)
Hash identifier: eA39nLcHu6or6DDNAXLIQ7a8BozA2BMFXycrR3cJD5E=
Subject key identifier: 69:B2:6C:21:1A:C0:D5:2D:4F:AE:B2:98:07:5A:37:DE:E0:E1:51:32
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4832
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/abJsIRrA1S1PrrKYB1o33uDhUTI.roa
Signing time: Wed 24 Apr 2024 20:23:16 +0000
ROA not before: Wed 24 Apr 2024 20:23:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18482 (0x4832)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 20:23:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=69B26C211AC0D52D4FAEB298075A37DEE0E15132
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:69:58:a6:c8:32:8d:ea:30:b7:4c:54:33:0d:
79:a0:b9:f2:ec:2f:13:b2:dd:7b:c5:37:e1:fe:37:
c2:7b:6c:89:39:3d:f5:1b:8d:2b:c9:3b:5a:9a:fb:
e5:d8:5a:2e:45:f8:cf:f1:57:27:e2:53:4e:25:0d:
df:6b:fe:79:25:e6:e9:23:2b:aa:1b:51:80:3a:5c:
d6:1b:7b:39:ec:d1:e9:aa:21:b2:61:dc:46:70:74:
bf:6f:50:61:65:53:9c:d2:e8:7d:97:aa:ee:ad:7e:
01:4f:f0:9d:d6:8c:59:ad:52:0e:7c:c3:2c:15:0a:
44:91:cd:fd:a4:62:47:f4:b5:2a:dd:65:81:2d:8f:
f1:7c:c9:3d:f1:ec:4f:fc:2c:fb:6d:a1:75:98:15:
bf:9b:9a:76:a3:bb:c8:65:40:ab:22:d6:30:c7:c9:
06:c7:6e:73:6b:08:98:7d:4a:7c:0a:7f:68:20:8e:
07:1e:2e:a5:3b:07:0e:98:33:2f:dc:f0:84:83:d2:
9a:75:54:77:c4:35:ab:0e:04:85:f7:e7:89:b2:26:
79:97:89:97:94:4d:e7:f4:0e:f5:74:66:95:94:66:
2e:37:a0:7e:3a:27:7d:d8:b0:8a:99:66:22:4a:e9:
aa:30:81:d5:ff:88:de:5c:e4:60:34:77:44:db:5f:
a6:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:B2:6C:21:1A:C0:D5:2D:4F:AE:B2:98:07:5A:37:DE:E0:E1:51:32
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/abJsIRrA1S1PrrKYB1o33uDhUTI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3e:c6:cd:29:7e:7f:e9:dc:7a:94:64:41:68:2b:69:70:81:95:
5c:b1:8e:e6:f6:1a:d6:2a:d2:5b:09:35:25:94:a8:e2:92:64:
b9:64:1c:aa:5c:a0:21:f6:10:cf:65:9b:88:c0:8a:ce:1f:de:
bd:53:a8:f8:8f:7c:88:58:21:07:86:b2:76:c4:5d:44:6a:9e:
2b:1f:3b:74:4b:31:52:16:10:9d:8b:2f:e1:78:65:a5:a1:91:
11:da:d4:5c:f5:22:70:36:bb:2d:e7:ef:54:10:da:3d:b4:02:
55:dd:ac:e0:80:89:93:ea:03:c8:85:a4:58:0a:ce:ee:89:e3:
70:ea:4d:a0:f4:1b:c7:8b:97:34:fe:07:99:0b:3f:c6:cb:e1:
f3:85:d2:42:7e:9e:b5:e6:88:80:f2:d0:a9:df:6c:b0:8e:a5:
4f:0e:fa:31:71:14:ca:25:a9:78:7d:11:71:15:d2:85:11:41:
69:0b:61:30:dc:9a:fd:fc:81:ae:ac:4d:2e:14:18:4f:9f:a4:
67:9f:fe:9e:5c:1c:2f:f6:3e:95:f7:b4:a8:15:74:8c:49:c4:
ef:82:95:08:64:28:4e:b8:b1:88:17:a7:be:4b:5a:dc:d7:79:
23:73:f8:01:07:dd:b0:25:d8:b9:56:1e:82:31:ef:92:4e:aa:
83:41:65:ce
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSDIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQy
MDIzMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY5QjI2QzIxMUFDMEQ1
MkQ0RkFFQjI5ODA3NUEzN0RFRTBFMTUxMzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAaVimyDKN6jC3TFQzDXmgufLsLxOy3XvFN+H+N8J7bIk5PfUb
jSvJO1qa++XYWi5F+M/xVyfiU04lDd9r/nkl5ukjK6obUYA6XNYbezns0emqIbJh
3EZwdL9vUGFlU5zS6H2Xqu6tfgFP8J3WjFmtUg58wywVCkSRzf2kYkf0tSrdZYEt
j/F8yT3x7E/8LPttoXWYFb+bmnaju8hlQKsi1jDHyQbHbnNrCJh9SnwKf2ggjgce
LqU7Bw6YMy/c8ISD0pp1VHfENasOBIX354myJnmXiZeUTef0DvV0ZpWUZi43oH46
J33YsIqZZiJK6aowgdX/iN5c5GA0d0TbX6bBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUabJsIRrA1S1PrrKYB1o33uDhUTIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2FiSnNJUnJBMVMxUHJy
S1lCMW8zM3VEaFVUSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAPsbNKX5/6dx6lGRBaCtpcIGVXLGO5vYa
1irSWwk1JZSo4pJkuWQcqlygIfYQz2WbiMCKzh/evVOo+I98iFghB4aydsRdRGqe
Kx87dEsxUhYQnYsv4XhlpaGREdrUXPUicDa7LefvVBDaPbQCVd2s4ICJk+oDyIWk
WArO7onjcOpNoPQbx4uXNP4HmQs/xsvh84XSQn6eteaIgPLQqd9ssI6lTw76MXEU
yiWpeH0RcRXShRFBaQthMNya/fyBrqxNLhQYT5+kZ5/+nlwcL/Y+lfe0qBV0jEnE
74KVCGQoTrixiBenvkta3Nd5I3P4AQfdsCXYuVYegjHvkk6qg0Flzg==
-----END CERTIFICATE-----
Generated at Sat May 17 19:57:54 2025 by rpki-client