Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dH1sj47HamhQoeTXusITjNNTMVE.roa
File: dH1sj47HamhQoeTXusITjNNTMVE.roa (raw, json)
Hash identifier: 9JFlglVM7ngwfwUquQdl/uFpNJTCbGok6W65GDCF1DI=
Subject key identifier: 74:7D:6C:8F:8E:C7:6A:68:50:A1:E4:D7:BA:C2:13:8C:D3:53:31:51
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 51BA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dH1sj47HamhQoeTXusITjNNTMVE.roa
Signing time: Tue 07 May 2024 13:24:02 +0000
ROA not before: Tue 07 May 2024 13:24:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20922 (0x51ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 13:24:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=747D6C8F8EC76A6850A1E4D7BAC2138CD3533151
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:61:81:97:c9:36:f7:9c:b2:3c:4b:14:9c:e5:
6d:7c:5d:07:5a:c8:ff:43:15:db:ff:c3:73:c6:e8:
81:a2:93:5f:78:c5:ee:3a:19:2c:a0:93:79:1f:bd:
ac:f8:5d:09:a9:36:eb:db:98:bf:cd:48:f4:51:5a:
c3:eb:3d:32:98:af:c6:b1:cf:30:f5:07:71:70:25:
38:b3:47:86:7e:8e:7f:18:51:af:c0:34:9b:19:da:
72:f9:a4:77:f9:00:5e:a1:02:7d:03:8f:31:eb:75:
16:b1:8a:ac:36:61:6d:72:f8:81:39:e4:29:96:60:
46:08:03:ba:35:9a:13:c5:ec:a0:97:ed:71:af:d6:
76:aa:22:f5:88:09:7e:34:6d:e6:3e:9d:f4:aa:6c:
ee:c4:a6:4b:a2:30:00:fe:45:30:b3:fe:ab:9d:07:
ca:f2:45:ea:5c:e1:e7:a6:26:33:08:04:4b:e4:c7:
b1:49:9d:99:a4:59:67:d0:50:92:15:99:12:15:91:
64:cc:d9:3e:2c:49:ec:9c:52:a6:86:9d:9e:f1:ce:
73:86:ab:43:31:ba:d3:5f:dd:e0:c5:70:c4:be:8f:
64:aa:17:54:9f:a4:0e:d9:23:23:9e:78:69:47:e7:
43:52:e1:83:22:e3:50:bb:68:0d:d7:fa:24:b6:8c:
23:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:7D:6C:8F:8E:C7:6A:68:50:A1:E4:D7:BA:C2:13:8C:D3:53:31:51
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dH1sj47HamhQoeTXusITjNNTMVE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ae:66:f0:c4:df:c5:89:92:6e:1a:1b:64:86:00:d9:3f:95:71:
20:3b:b4:71:d4:ed:b6:5a:ae:e2:c0:fe:a2:0d:9d:88:42:c2:
b8:4b:32:11:12:18:ba:c5:85:a1:32:a3:48:76:a7:95:95:35:
ea:ec:22:86:41:9c:07:45:7b:b5:e3:d6:8c:9b:81:47:87:0d:
3e:fd:e5:73:03:07:be:37:6f:b2:60:a6:95:64:9e:f2:86:0a:
1b:b4:69:ff:59:88:b8:4a:47:11:6e:2c:66:2a:a2:20:16:4b:
d9:29:9d:f4:80:19:89:b4:96:09:79:51:6a:af:e5:07:75:45:
bf:f4:85:60:95:49:0a:df:e3:3c:33:97:46:4f:e2:1e:53:a7:
53:f6:c7:26:f1:a6:58:bc:75:73:b5:2d:16:f3:cc:81:72:3a:
02:bb:37:1f:fa:67:20:2d:a7:1f:c3:12:8f:23:9f:96:39:2d:
ed:9c:b1:03:e9:a4:f9:fc:6d:ed:88:f9:a7:98:b6:7c:15:6a:
09:94:57:73:ed:39:7b:a6:47:67:86:63:c0:16:66:6c:8c:dd:
05:e8:f8:bc:22:2f:18:9e:4c:9c:13:d5:21:ec:95:82:5d:ec:
65:81:7d:3f:f0:d0:36:92:20:ec:d3:23:5e:d7:b7:40:49:6e:
9d:8d:9b:6e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICUbowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcx
MzI0MDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc0N0Q2QzhGOEVDNzZB
Njg1MEExRTREN0JBQzIxMzhDRDM1MzMxNTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGYYGXyTb3nLI8SxSc5W18XQdayP9DFdv/w3PG6IGik194xe46
GSygk3kfvaz4XQmpNuvbmL/NSPRRWsPrPTKYr8axzzD1B3FwJTizR4Z+jn8YUa/A
NJsZ2nL5pHf5AF6hAn0DjzHrdRaxiqw2YW1y+IE55CmWYEYIA7o1mhPF7KCX7XGv
1naqIvWICX40beY+nfSqbO7EpkuiMAD+RTCz/qudB8ryRepc4eemJjMIBEvkx7FJ
nZmkWWfQUJIVmRIVkWTM2T4sSeycUqaGnZ7xznOGq0MxutNf3eDFcMS+j2SqF1Sf
pA7ZIyOeeGlH50NS4YMi41C7aA3X+iS2jCMrAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUdH1sj47HamhQoeTXusITjNNTMVEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RIMXNqNDdIYW1oUW9l
VFh1c0lUak5OVE1WRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEArmbwxN/FiZJuGhtkhgDZP5VxIDu0cdTt
tlqu4sD+og2diELCuEsyERIYusWFoTKjSHanlZU16uwihkGcB0V7tePWjJuBR4cN
Pv3lcwMHvjdvsmCmlWSe8oYKG7Rp/1mIuEpHEW4sZiqiIBZL2Smd9IAZibSWCXlR
aq/lB3VFv/SFYJVJCt/jPDOXRk/iHlOnU/bHJvGmWLx1c7UtFvPMgXI6Ars3H/pn
IC2nH8MSjyOfljkt7ZyxA+mk+fxt7Yj5p5i2fBVqCZRXc+05e6ZHZ4ZjwBZmbIzd
Bej4vCIvGJ5MnBPVIeyVgl3sZYF9P/DQNpIg7NMjXte3QElunY2bbg==
-----END CERTIFICATE-----
Generated at Sun May 18 02:00:29 2025 by rpki-client