Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/b2mp6AWUOSIGHjI2TOsJWq53vhg.roa
File: b2mp6AWUOSIGHjI2TOsJWq53vhg.roa (raw, json)
Hash identifier: InawbZ4P5YHIT9kOY6Ia01nNRd/DhoK/zNekaCLx/ao=
Subject key identifier: 6F:69:A9:E8:05:94:39:22:06:1E:32:36:4C:EB:09:5A:AE:77:BE:18
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E12
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/b2mp6AWUOSIGHjI2TOsJWq53vhg.roa
Signing time: Thu 02 May 2024 16:23:43 +0000
ROA not before: Thu 02 May 2024 16:23:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19986 (0x4e12)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 16:23:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6F69A9E805943922061E32364CEB095AAE77BE18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:73:48:8b:b5:e1:f1:f3:48:a0:b6:35:66:47:
de:eb:8d:bf:31:8a:c7:e1:37:cb:9b:00:0f:2c:de:
64:c2:17:fc:86:d0:21:c7:a0:c5:89:1a:9f:7b:c6:
02:ef:1b:b4:95:80:4a:4a:dc:e1:0b:fa:75:0d:a6:
cd:ec:12:d0:63:27:a1:c0:ac:b4:15:47:89:73:71:
10:fa:ca:50:71:9a:27:96:d7:a9:d2:6c:2b:c1:52:
a5:31:90:3a:e5:d8:41:e9:0d:4a:d0:ab:d9:25:9a:
7a:cd:2e:f4:e6:9c:49:ac:5a:ba:e3:73:95:e0:20:
c8:0a:9b:2c:09:06:ad:b0:e4:73:b9:cb:19:c4:fe:
82:66:51:53:83:6c:c1:f6:51:c3:69:0d:d4:1c:0c:
cf:c2:2c:5e:10:59:a0:0e:53:c0:fa:be:72:b8:ec:
f6:d8:8a:95:22:9e:44:5a:fe:a1:a2:28:86:ec:1e:
2e:e1:d6:cc:a1:ea:25:c7:43:89:aa:52:47:10:40:
f3:2b:b3:7e:f0:6d:4a:51:b0:e9:64:ca:9d:45:84:
d8:04:9a:3b:b1:7c:f2:9b:61:43:e3:ec:40:55:64:
15:43:6d:24:76:59:30:0d:53:3f:7b:e8:ca:0f:28:
7b:9a:98:08:e3:ab:cd:56:36:c8:f7:20:da:2d:4f:
52:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:69:A9:E8:05:94:39:22:06:1E:32:36:4C:EB:09:5A:AE:77:BE:18
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/b2mp6AWUOSIGHjI2TOsJWq53vhg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1a:88:f0:89:3c:9f:c8:3a:7a:33:4a:b5:8b:6c:69:34:9c:cf:
ac:84:d5:bb:28:ef:43:01:e5:e1:85:09:64:bc:e4:01:7c:2c:
a3:93:50:38:2f:fe:42:26:3a:dc:46:64:57:a3:a7:61:d5:53:
3a:a3:41:2c:81:7b:f3:e9:8b:0e:cf:30:c9:4e:1c:90:ee:90:
10:4a:d5:be:e3:ab:10:10:96:6b:de:7e:8e:8d:a6:a9:fc:5c:
3e:d6:c6:a6:cd:77:3b:30:a0:b9:05:86:b4:54:a3:01:f1:0b:
97:8a:36:83:c4:b9:22:1a:15:c3:de:01:bb:a8:6f:94:0c:a5:
fa:bf:ae:c3:da:48:95:4f:20:bf:ff:af:eb:6e:8f:cb:47:44:
d7:7c:58:1b:12:c3:44:d3:60:8c:08:8e:31:d8:dc:78:83:f7:
e8:bb:78:d2:33:05:88:87:9c:58:b6:f8:ad:0c:08:07:17:45:
cb:69:65:0e:5d:83:b5:63:10:73:9d:fa:41:17:e6:33:ac:60:
8c:1e:10:60:f2:03:fc:bd:8f:15:d2:df:f3:fa:a8:30:b0:5e:
31:12:38:78:60:98:3c:13:53:b2:fb:16:3b:41:a0:4f:73:cc:
ec:0f:3a:98:b7:6d:2d:80:b0:2d:e6:1d:cf:66:a9:aa:e2:04:
df:a2:08:b0
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICThIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIx
NjIzNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZGNjlBOUU4MDU5NDM5
MjIwNjFFMzIzNjRDRUIwOTVBQUU3N0JFMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClc0iLteHx80igtjVmR97rjb8xisfhN8ubAA8s3mTCF/yG0CHH
oMWJGp97xgLvG7SVgEpK3OEL+nUNps3sEtBjJ6HArLQVR4lzcRD6ylBxmieW16nS
bCvBUqUxkDrl2EHpDUrQq9klmnrNLvTmnEmsWrrjc5XgIMgKmywJBq2w5HO5yxnE
/oJmUVODbMH2UcNpDdQcDM/CLF4QWaAOU8D6vnK47PbYipUinkRa/qGiKIbsHi7h
1syh6iXHQ4mqUkcQQPMrs37wbUpRsOlkyp1FhNgEmjuxfPKbYUPj7EBVZBVDbSR2
WTANUz976MoPKHuamAjjq81WNsj3INotT1IxAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUb2mp6AWUOSIGHjI2TOsJWq53vhgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2IybXA2QVdVT1NJR0hq
STJUT3NKV3E1M3ZoZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAGojwiTyfyDp6M0q1i2xpNJzPrITVuyjv
QwHl4YUJZLzkAXwso5NQOC/+QiY63EZkV6OnYdVTOqNBLIF78+mLDs8wyU4ckO6Q
EErVvuOrEBCWa95+jo2mqfxcPtbGps13OzCguQWGtFSjAfELl4o2g8S5IhoVw94B
u6hvlAyl+r+uw9pIlU8gv/+v626Py0dE13xYGxLDRNNgjAiOMdjceIP36Lt40jMF
iIecWLb4rQwIBxdFy2llDl2DtWMQc536QRfmM6xgjB4QYPID/L2PFdLf8/qoMLBe
MRI4eGCYPBNTsvsWO0GgT3PM7A86mLdtLYCwLeYdz2apquIE36IIsA==
-----END CERTIFICATE-----
Generated at Sat May 17 19:37:55 2025 by rpki-client