Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/e8Aexf8dUEdlitZKRPBWxS1J--g.roa
File: e8Aexf8dUEdlitZKRPBWxS1J--g.roa (raw, json)
Hash identifier: x7wYp4+A9zddYEASH5mZ9hfND/P52QPLO73WR5HG6Z4=
Subject key identifier: 7B:C0:1E:C5:FF:1D:50:47:65:8A:D6:4A:44:F0:56:C5:2D:49:FB:E8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34A2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/e8Aexf8dUEdlitZKRPBWxS1J--g.roa
Signing time: Fri 29 Mar 2024 18:22:05 +0000
ROA not before: Fri 29 Mar 2024 18:22:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13474 (0x34a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 18:22:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7BC01EC5FF1D5047658AD64A44F056C52D49FBE8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:2a:19:16:17:bb:03:fb:9d:d4:62:43:20:c0:
fe:c8:97:7f:e1:c1:79:54:e4:15:87:db:32:cb:b0:
60:1e:bc:66:7a:c4:1f:78:59:f6:9d:96:67:d2:35:
83:0b:d3:9c:87:e1:f3:b1:f7:46:88:36:dc:54:1e:
ee:01:06:a4:b1:b4:d7:d4:c3:4e:40:69:f5:6a:73:
83:9b:fc:be:0f:7d:a2:46:36:16:3f:02:f0:2f:fe:
05:84:4e:20:b8:6a:10:04:64:82:07:63:d2:43:b0:
64:30:3d:76:23:e1:2f:30:74:e9:e2:15:00:d5:c0:
f8:db:66:36:0c:2f:f1:72:77:f6:18:30:f7:b1:ca:
e0:f4:88:5e:d9:cb:c2:51:f2:30:4e:b4:63:c8:e6:
20:52:41:12:ea:ac:c1:18:64:dc:df:f1:9e:54:f6:
b5:84:95:87:3b:0c:d8:ee:be:e2:fc:7f:5a:5e:f1:
c3:dd:77:94:1c:de:34:92:82:46:fe:ac:3e:64:7e:
c6:3f:a9:cb:c9:a1:c0:1b:8e:bf:88:84:39:b8:4e:
9c:3b:eb:ea:74:35:01:41:00:60:b2:49:a8:84:0f:
aa:d5:e5:c2:ea:cc:d8:8d:8a:41:43:91:64:35:cd:
86:8b:1e:36:9e:c1:f2:df:e4:9e:05:7c:e6:7a:ea:
71:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:C0:1E:C5:FF:1D:50:47:65:8A:D6:4A:44:F0:56:C5:2D:49:FB:E8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/e8Aexf8dUEdlitZKRPBWxS1J--g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9a:ef:8f:42:83:bd:a1:bd:ac:e9:9b:6b:94:14:ca:a3:c6:74:
fb:2a:2f:6c:10:a7:48:dc:af:70:17:64:76:76:1b:9c:b5:f1:
d6:0a:a6:5a:7b:f8:cc:9e:df:89:68:a9:43:ca:55:46:87:fd:
a3:25:cd:14:33:51:83:46:1b:b6:ce:7a:f3:c9:52:88:c0:39:
ff:97:9a:2b:f3:28:3c:5b:b0:e4:72:1a:57:78:7a:bc:96:a3:
c0:03:c9:70:23:88:bb:b5:20:19:6b:3c:d2:15:e8:2e:b8:ee:
e6:bb:f5:28:97:3d:91:ea:de:85:9e:3b:a6:06:1e:f9:19:cc:
cd:3f:f7:a7:ca:4c:f5:16:c5:33:1d:2c:aa:85:5f:4d:6a:e4:
a9:bc:7c:8a:79:03:43:1e:06:b1:a1:3b:43:ae:6b:76:16:d0:
b2:7f:90:0c:1b:ba:d1:ef:00:ee:25:9f:94:27:5c:76:46:97:
78:b3:81:98:3e:91:cb:f4:28:99:a6:24:b8:1c:95:4b:30:af:
a1:8a:8a:2a:90:bf:03:44:09:d3:21:6e:3d:b3:18:22:09:c7:
03:9f:05:6f:42:ee:8d:36:09:d0:72:f7:64:1d:39:3a:f1:f4:
e1:ca:1f:b1:55:3c:37:7c:68:cc:b0:23:26:77:67:d2:2e:53:
09:dc:a7:4e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNKIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkx
ODIyMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdCQzAxRUM1RkYxRDUw
NDc2NThBRDY0QTQ0RjA1NkM1MkQ0OUZCRTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPKhkWF7sD+53UYkMgwP7Il3/hwXlU5BWH2zLLsGAevGZ6xB94
WfadlmfSNYML05yH4fOx90aINtxUHu4BBqSxtNfUw05AafVqc4Ob/L4PfaJGNhY/
AvAv/gWETiC4ahAEZIIHY9JDsGQwPXYj4S8wdOniFQDVwPjbZjYML/Fyd/YYMPex
yuD0iF7Zy8JR8jBOtGPI5iBSQRLqrMEYZNzf8Z5U9rWElYc7DNjuvuL8f1pe8cPd
d5Qc3jSSgkb+rD5kfsY/qcvJocAbjr+IhDm4Tpw76+p0NQFBAGCySaiED6rV5cLq
zNiNikFDkWQ1zYaLHjaewfLf5J4FfOZ66nGXAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUe8Aexf8dUEdlitZKRPBWxS1J++gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2U4QWV4ZjhkVUVkbGl0
WktSUEJXeFMxSi0tZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAmu+PQoO9ob2s6ZtrlBTKo8Z0+yovbBCn
SNyvcBdkdnYbnLXx1gqmWnv4zJ7fiWipQ8pVRof9oyXNFDNRg0Ybts5688lSiMA5
/5eaK/MoPFuw5HIaV3h6vJajwAPJcCOIu7UgGWs80hXoLrju5rv1KJc9kerehZ47
pgYe+RnMzT/3p8pM9RbFMx0sqoVfTWrkqbx8inkDQx4GsaE7Q65rdhbQsn+QDBu6
0e8A7iWflCdcdkaXeLOBmD6Ry/QomaYkuByVSzCvoYqKKpC/A0QJ0yFuPbMYIgnH
A58Fb0LujTYJ0HL3ZB05OvH04cofsVU8N3xozLAjJndn0i5TCdynTg==
-----END CERTIFICATE-----
Generated at Sat May 17 22:37:17 2025 by rpki-client