Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/e8SkOuUp8Opl-b0TxoAra3_aY_8.roa
File: e8SkOuUp8Opl-b0TxoAra3_aY_8.roa (raw, json)
Hash identifier: TgaeE4SxhAaTcMXYBYRH9WLLCNtwQsSWpnrFPEzKSnc=
Subject key identifier: 7B:C4:A4:3A:E5:29:F0:EA:65:F9:BD:13:C6:80:2B:6B:7F:DA:63:FF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5016
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/e8SkOuUp8Opl-b0TxoAra3_aY_8.roa
Signing time: Sun 05 May 2024 08:53:59 +0000
ROA not before: Sun 05 May 2024 08:53:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20502 (0x5016)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 08:53:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7BC4A43AE529F0EA65F9BD13C6802B6B7FDA63FF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:2a:64:ed:7d:e8:e5:07:57:72:ac:ed:ff:92:
8a:2e:c0:a5:5c:f2:f7:bd:a0:85:80:fe:70:a0:04:
b9:86:0e:87:93:ab:ea:a1:c7:aa:d8:c9:4d:3b:ef:
a0:a9:a6:70:d7:cb:7a:b1:39:b9:0f:d0:bb:36:f1:
f7:53:7b:20:1b:99:d2:a7:51:ca:ae:d8:fc:e2:3c:
d3:37:7a:91:8d:2d:ac:bf:63:8c:d8:25:fd:74:40:
35:53:86:00:79:9a:1d:54:60:fe:37:90:4c:2b:2e:
61:54:b1:29:1a:5b:07:f0:b4:5b:a8:38:77:06:3c:
8c:53:71:ad:e4:2e:7d:46:f2:a1:95:84:cb:6b:0b:
6f:ab:31:cd:61:ab:45:36:1f:41:3c:62:ba:83:5e:
74:15:99:50:0e:17:39:1a:6e:ba:67:05:1c:e1:d7:
4b:93:38:9b:d2:41:64:34:d3:4c:59:70:83:7e:28:
5a:f3:6f:15:96:de:d3:2f:dc:21:55:79:29:d1:11:
2e:1d:24:99:56:a2:43:9f:34:75:b3:1d:68:b3:0c:
3e:97:be:52:a8:fa:b0:b3:86:ae:17:0f:0e:9e:33:
c7:38:df:fc:fe:c6:a1:94:8e:f4:63:fd:0f:d9:1e:
e5:a9:41:a7:3f:80:dd:c3:d7:6f:a4:d3:15:78:92:
b1:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:C4:A4:3A:E5:29:F0:EA:65:F9:BD:13:C6:80:2B:6B:7F:DA:63:FF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/e8SkOuUp8Opl-b0TxoAra3_aY_8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
82:ab:ad:01:43:41:2a:4d:07:96:92:01:98:2c:c6:13:cf:a3:
58:d0:3a:0a:bc:16:99:25:47:a4:a7:e1:20:99:ff:21:77:28:
f5:bb:6e:4a:df:65:72:5b:87:45:a8:c9:a0:5b:d2:15:ef:5a:
5b:2f:e6:1a:a6:8d:72:96:ce:1c:32:14:1e:24:ba:b6:82:8e:
e4:a3:4f:a1:a3:2c:3d:89:ec:35:60:32:49:01:2f:0e:c3:8f:
d2:14:dc:5b:21:4e:27:5f:48:1f:bc:10:9e:87:96:67:0c:5b:
45:fd:90:4a:25:8b:15:87:a4:d0:97:fb:11:49:7c:f4:81:01:
1a:29:ec:2b:32:34:6d:6d:28:5d:b3:ba:36:44:4f:9c:7d:fa:
b5:97:2d:e2:ce:52:65:84:43:db:fc:c6:db:9c:31:d6:9d:90:
59:68:69:90:b4:59:c8:3a:e1:0f:56:6b:ac:1e:64:61:bc:41:
e2:14:24:93:5a:f6:f3:8f:e3:be:c9:53:87:83:25:e0:02:3f:
0a:67:ee:0c:d9:64:0f:32:9b:8d:e0:0f:9d:52:d2:d1:2c:ba:
aa:c4:8e:56:ab:ba:4e:28:c6:4b:e4:68:92:08:fd:ce:26:a7:
03:10:7d:41:e3:93:32:0b:cd:13:07:30:da:ac:4a:60:fe:99:
af:7f:e6:b7
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICUBYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUw
ODUzNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdCQzRBNDNBRTUyOUYw
RUE2NUY5QkQxM0M2ODAyQjZCN0ZEQTYzRkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuKmTtfejlB1dyrO3/koouwKVc8ve9oIWA/nCgBLmGDoeTq+qh
x6rYyU0776CppnDXy3qxObkP0Ls28fdTeyAbmdKnUcqu2PziPNM3epGNLay/Y4zY
Jf10QDVThgB5mh1UYP43kEwrLmFUsSkaWwfwtFuoOHcGPIxTca3kLn1G8qGVhMtr
C2+rMc1hq0U2H0E8YrqDXnQVmVAOFzkabrpnBRzh10uTOJvSQWQ000xZcIN+KFrz
bxWW3tMv3CFVeSnRES4dJJlWokOfNHWzHWizDD6XvlKo+rCzhq4XDw6eM8c43/z+
xqGUjvRj/Q/ZHuWpQac/gN3D12+k0xV4krGFAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUe8SkOuUp8Opl+b0TxoAra3/aY/8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2U4U2tPdVVwOE9wbC1i
MFR4b0FyYTNfYVlfOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAgqutAUNBKk0HlpIBmCzGE8+jWNA6CrwW
mSVHpKfhIJn/IXco9btuSt9lcluHRajJoFvSFe9aWy/mGqaNcpbOHDIUHiS6toKO
5KNPoaMsPYnsNWAySQEvDsOP0hTcWyFOJ19IH7wQnoeWZwxbRf2QSiWLFYek0Jf7
EUl89IEBGinsKzI0bW0oXbO6NkRPnH36tZct4s5SZYRD2/zG25wx1p2QWWhpkLRZ
yDrhD1ZrrB5kYbxB4hQkk1r284/jvslTh4Ml4AI/CmfuDNlkDzKbjeAPnVLS0Sy6
qsSOVqu6TijGS+Rokgj9zianAxB9QeOTMgvNEwcw2qxKYP6Zr3/mtw==
-----END CERTIFICATE-----
Generated at Sat May 17 19:41:16 2025 by rpki-client