Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dU3QRMI06F6m7X7C1xwCMYB45HI.roa
File: dU3QRMI06F6m7X7C1xwCMYB45HI.roa (raw, json)
Hash identifier: PMuqqoWvbqX1D1YLPyCMEZpagulNw5lh73ZNrpfZfCU=
Subject key identifier: 75:4D:D0:44:C2:34:E8:5E:A6:ED:7E:C2:D7:1C:02:31:80:78:E4:72
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C2A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dU3QRMI06F6m7X7C1xwCMYB45HI.roa
Signing time: Mon 08 Apr 2024 19:22:38 +0000
ROA not before: Mon 08 Apr 2024 19:22:38 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15402 (0x3c2a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 19:22:38 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=754DD044C234E85EA6ED7EC2D71C02318078E472
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:7c:dc:28:b9:6d:1f:97:6c:a6:e0:ad:0c:94:
f5:ef:bc:bb:bd:59:62:aa:71:c4:9c:cc:a3:57:e3:
b4:b9:8f:59:94:07:d6:ef:b3:a7:88:6b:d3:54:db:
a7:c2:d0:43:f1:a5:0c:64:3b:0a:70:37:1a:34:ba:
91:fb:f3:73:ce:36:e9:55:3a:db:8e:3a:ef:1f:d2:
a5:cb:37:00:45:07:f4:f9:9f:b9:c5:3b:09:d3:5b:
49:60:aa:a2:17:9c:b1:93:01:7f:51:eb:ca:63:7e:
da:1f:79:5a:63:66:4d:01:36:25:c9:c1:42:a5:be:
56:1d:7d:6b:c5:46:21:a5:bb:91:69:0c:c1:02:b2:
c4:00:64:ce:74:05:61:8a:20:34:9b:ef:a2:5c:07:
64:8c:d2:a4:95:77:5e:8a:dc:95:f8:4a:6b:9c:f0:
6b:ee:ab:e9:1e:ec:2a:55:0b:49:b3:dd:81:b0:f4:
fa:43:b7:9d:7e:01:23:41:68:07:4d:d7:40:d0:2d:
3f:37:9e:36:4d:6a:36:7d:9b:b2:cd:47:d6:5c:e3:
bb:e4:24:7d:a7:bd:e7:9a:bf:f9:78:42:4d:9b:17:
88:91:e9:83:f2:0a:3a:eb:a8:30:bc:c4:f1:4e:78:
5d:a6:f2:a5:23:99:70:18:12:cf:27:b6:e1:16:77:
04:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:4D:D0:44:C2:34:E8:5E:A6:ED:7E:C2:D7:1C:02:31:80:78:E4:72
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dU3QRMI06F6m7X7C1xwCMYB45HI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1b:9f:98:86:75:26:9f:da:18:c2:f4:d2:58:15:64:ca:1a:65:
76:4d:60:b7:eb:8b:08:68:a7:fc:7d:be:3b:4d:05:aa:50:12:
81:4c:23:05:7e:a1:c6:b2:09:0c:ee:15:a5:3c:98:29:97:51:
1a:c5:89:6e:90:99:7f:81:ba:75:fd:3b:05:16:db:40:be:21:
8f:2f:0e:31:c0:c9:e1:a3:a5:3b:61:d9:14:db:3e:5a:c8:c2:
7e:83:8c:59:67:9e:f5:b7:ef:47:51:ff:69:af:10:25:55:54:
fb:98:01:21:5a:6a:74:80:1b:0d:fd:b1:60:25:07:1b:d3:12:
e0:ab:b5:11:da:26:30:96:7c:61:8c:9b:49:30:72:e0:fe:a2:
1a:7b:a3:87:50:da:ca:79:91:98:8e:fd:e8:1a:bd:27:bd:12:
6f:da:88:89:9c:90:f8:5b:c4:f1:3e:3f:ce:bf:48:6e:1b:2e:
9d:2d:cf:77:fd:4e:62:cd:38:f0:b0:07:2c:51:a8:5b:ea:84:
42:fa:85:0f:d0:a0:c5:14:a1:04:88:db:a8:69:ff:0f:49:22:
4a:bc:63:ee:7f:f1:e9:51:63:98:a8:12:13:37:80:cb:fc:17:
a8:05:4a:a9:bd:1f:9b:f5:26:6b:33:07:91:29:cf:b5:8a:51:
30:c8:fd:fd
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPCowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgx
OTIyMzhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc1NEREMDQ0QzIzNEU4
NUVBNkVEN0VDMkQ3MUMwMjMxODA3OEU0NzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCffNwouW0fl2ym4K0MlPXvvLu9WWKqccSczKNX47S5j1mUB9bv
s6eIa9NU26fC0EPxpQxkOwpwNxo0upH783PONulVOtuOOu8f0qXLNwBFB/T5n7nF
OwnTW0lgqqIXnLGTAX9R68pjftofeVpjZk0BNiXJwUKlvlYdfWvFRiGlu5FpDMEC
ssQAZM50BWGKIDSb76JcB2SM0qSVd16K3JX4Smuc8Gvuq+ke7CpVC0mz3YGw9PpD
t51+ASNBaAdN10DQLT83njZNajZ9m7LNR9Zc47vkJH2nveeav/l4Qk2bF4iR6YPy
CjrrqDC8xPFOeF2m8qUjmXAYEs8ntuEWdwQDAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUdU3QRMI06F6m7X7C1xwCMYB45HIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RVM1FSTUkwNkY2bTdY
N0MxeHdDTVlCNDVISS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAG5+YhnUmn9oYwvTSWBVkyhpldk1gt+uL
CGin/H2+O00FqlASgUwjBX6hxrIJDO4VpTyYKZdRGsWJbpCZf4G6df07BRbbQL4h
jy8OMcDJ4aOlO2HZFNs+WsjCfoOMWWee9bfvR1H/aa8QJVVU+5gBIVpqdIAbDf2x
YCUHG9MS4Ku1EdomMJZ8YYybSTBy4P6iGnujh1DaynmRmI796Bq9J70Sb9qIiZyQ
+FvE8T4/zr9IbhsunS3Pd/1OYs048LAHLFGoW+qEQvqFD9CgxRShBIjbqGn/D0ki
Srxj7n/x6VFjmKgSEzeAy/wXqAVKqb0fm/UmazMHkSnPtYpRMMj9/Q==
-----END CERTIFICATE-----
Generated at Sat May 17 21:24:32 2025 by rpki-client