Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/cu2NV2WHrOfxmCYUstJ8g6G4fgo.roa
File: cu2NV2WHrOfxmCYUstJ8g6G4fgo.roa (raw, json)
Hash identifier: E8Sls76B/mUJlrNGiRzjEw/OWvZnjSwDopLp0jWOCbA=
Subject key identifier: 72:ED:8D:57:65:87:AC:E7:F1:98:26:14:B2:D2:7C:83:A1:B8:7E:0A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 536A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cu2NV2WHrOfxmCYUstJ8g6G4fgo.roa
Signing time: Thu 09 May 2024 19:24:00 +0000
ROA not before: Thu 09 May 2024 19:24:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21354 (0x536a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 19:24:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=72ED8D576587ACE7F1982614B2D27C83A1B87E0A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:41:7b:18:0a:71:5a:11:58:23:0f:cc:13:19:
8a:9e:63:db:17:de:a6:92:12:ba:c4:a0:b6:2c:b2:
a9:d5:f2:40:9c:07:81:aa:88:30:65:36:d5:0c:a3:
5c:3a:7d:a3:3e:05:54:e5:30:5d:78:6b:26:af:9e:
43:67:85:60:ea:b4:b5:ab:f3:86:05:c7:36:54:b3:
8b:17:de:18:95:44:f4:c6:9e:20:1a:52:2c:64:7b:
ac:04:28:5d:f6:26:2d:57:b1:18:11:1c:e8:3f:fb:
92:dc:ff:4c:c3:20:6a:d0:1a:f0:ba:62:c6:58:38:
bb:68:e3:8a:6c:42:45:0f:b5:50:d5:7d:ea:78:5c:
53:0e:80:02:bb:cc:6a:83:72:90:46:c1:ac:13:17:
aa:23:b0:ac:69:db:a8:56:4a:eb:ce:7e:db:51:e7:
ae:3e:4a:8f:93:9b:41:0e:aa:a3:cc:0a:69:27:28:
b5:17:79:ad:7b:c8:4d:90:01:d4:a3:93:0b:9a:0d:
be:6d:ab:9f:66:78:0d:70:0b:03:70:2a:4a:70:39:
b3:aa:a6:17:a4:a0:1f:cf:11:71:cb:25:9e:51:ab:
6c:7a:c7:22:9e:21:65:c8:73:1b:75:c2:3d:59:1f:
57:6e:18:e8:93:52:56:7a:e1:78:fd:ce:2a:ab:1a:
1b:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:ED:8D:57:65:87:AC:E7:F1:98:26:14:B2:D2:7C:83:A1:B8:7E:0A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cu2NV2WHrOfxmCYUstJ8g6G4fgo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3f:02:89:5d:47:ef:07:12:7d:67:06:2c:09:bb:3a:01:5b:c5:
d6:ba:05:1d:c9:ce:cb:34:60:83:88:49:f3:98:22:a2:90:d4:
bf:98:7f:84:9a:2b:44:7c:a3:2a:10:cf:d2:3b:48:11:91:a1:
f8:49:04:84:e5:79:64:ed:b0:ae:63:6e:28:20:ae:4e:9d:fa:
fe:be:62:da:a4:e9:56:93:63:ee:9c:94:19:86:66:7b:7b:f8:
df:52:5e:a4:8e:e0:01:da:93:83:33:fb:71:1a:b0:22:b9:af:
85:2b:83:75:6a:ea:0d:9f:ab:bd:8a:e5:21:b9:4a:42:6a:d2:
8f:dd:5b:16:2f:6f:5c:63:51:67:ce:9f:30:81:f6:d0:d7:ad:
8a:42:90:79:f8:c8:1f:91:0c:8d:01:42:64:6e:41:3c:5c:fb:
88:a7:02:4b:9f:ed:4a:6b:46:9e:67:93:89:d6:b3:b0:08:fc:
87:90:af:a4:93:ab:0f:d0:05:7c:24:ca:ea:20:9c:92:78:07:
cf:15:eb:0f:da:45:60:c0:84:7e:39:1f:0d:20:9e:38:1f:1c:
00:e0:cd:c2:6b:cc:c7:40:69:a6:f7:73:16:3f:ad:ac:9b:2f:
95:42:11:26:ea:a9:48:3a:b5:46:0a:c4:8f:bf:29:c1:a3:c3:
b0:c5:47:0d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICU2owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDkx
OTI0MDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDcyRUQ4RDU3NjU4N0FD
RTdGMTk4MjYxNEIyRDI3QzgzQTFCODdFMEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUQXsYCnFaEVgjD8wTGYqeY9sX3qaSErrEoLYssqnV8kCcB4Gq
iDBlNtUMo1w6faM+BVTlMF14ayavnkNnhWDqtLWr84YFxzZUs4sX3hiVRPTGniAa
Uixke6wEKF32Ji1XsRgRHOg/+5Lc/0zDIGrQGvC6YsZYOLto44psQkUPtVDVfep4
XFMOgAK7zGqDcpBGwawTF6ojsKxp26hWSuvOfttR564+So+Tm0EOqqPMCmknKLUX
ea17yE2QAdSjkwuaDb5tq59meA1wCwNwKkpwObOqphekoB/PEXHLJZ5Rq2x6xyKe
IWXIcxt1wj1ZH1duGOiTUlZ64Xj9ziqrGhsdAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUcu2NV2WHrOfxmCYUstJ8g6G4fgowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2N1Mk5WMldIck9meG1D
WVVzdEo4ZzZHNGZnby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAPwKJXUfvBxJ9ZwYsCbs6AVvF1roFHcnO
yzRgg4hJ85giopDUv5h/hJorRHyjKhDP0jtIEZGh+EkEhOV5ZO2wrmNuKCCuTp36
/r5i2qTpVpNj7pyUGYZme3v431JepI7gAdqTgzP7cRqwIrmvhSuDdWrqDZ+rvYrl
IblKQmrSj91bFi9vXGNRZ86fMIH20NetikKQefjIH5EMjQFCZG5BPFz7iKcCS5/t
SmtGnmeTidazsAj8h5CvpJOrD9AFfCTK6iCckngHzxXrD9pFYMCEfjkfDSCeOB8c
AODNwmvMx0BppvdzFj+trJsvlUIRJuqpSDq1RgrEj78pwaPDsMVHDQ==
-----END CERTIFICATE-----
Generated at Sun May 18 02:16:32 2025 by rpki-client