Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/eX6fo0EV7BprUQWJTBgg8F38rd0.roa
File: eX6fo0EV7BprUQWJTBgg8F38rd0.roa (raw, json)
Hash identifier: XlVD3x3CoIKY3e7+rBv10kv+gWQK1qVnsN/AigtZLWc=
Subject key identifier: 79:7E:9F:A3:41:15:EC:1A:6B:51:05:89:4C:18:20:F0:5D:FC:AD:DD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 39FE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/eX6fo0EV7BprUQWJTBgg8F38rd0.roa
Signing time: Fri 05 Apr 2024 21:52:29 +0000
ROA not before: Fri 05 Apr 2024 21:52:29 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14846 (0x39fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 5 21:52:29 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=797E9FA34115EC1A6B5105894C1820F05DFCADDD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:78:1a:5b:5e:60:08:a8:8a:fd:d9:0b:15:c5:
a5:c6:f3:60:c8:9c:85:63:6a:cd:f5:1d:5d:00:ef:
e1:9b:2d:96:02:11:04:91:21:34:ed:d3:ed:a8:ef:
b8:2b:d6:1c:ae:0b:4f:28:af:89:d9:15:d7:2d:8d:
96:67:d1:71:b6:54:b5:88:9b:a3:13:62:bc:83:56:
16:e8:79:2c:f2:f9:b9:83:6a:a5:2c:0e:c8:95:b8:
57:57:f7:97:41:02:a2:04:62:9a:7f:c2:5d:94:b4:
9b:90:a4:af:e2:4f:e6:38:97:ff:71:08:73:10:d4:
a8:48:13:6a:be:f6:2f:b9:4d:a9:5b:2e:38:6a:c5:
d5:58:1f:fc:4c:30:96:bc:ab:01:8b:87:3d:91:0c:
c2:96:d7:aa:f1:1c:07:93:01:c8:a9:62:1e:67:42:
1f:3b:59:b2:c6:d1:b2:1f:25:c5:7d:7e:98:62:84:
12:98:0a:32:77:4c:54:2e:8e:44:54:03:a5:5b:68:
ba:5d:17:18:b8:57:0a:f3:62:e7:49:92:5f:bf:eb:
fe:65:16:a6:0c:28:5c:31:bd:2a:dc:9b:05:b0:d7:
c8:a0:96:45:40:6d:6f:6f:35:2d:79:39:bd:44:b1:
c4:db:7c:4a:b3:dc:0f:3b:27:da:aa:ec:fe:3c:4e:
3a:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:7E:9F:A3:41:15:EC:1A:6B:51:05:89:4C:18:20:F0:5D:FC:AD:DD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/eX6fo0EV7BprUQWJTBgg8F38rd0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ad:59:9f:b9:41:7c:52:1d:9f:03:a9:1c:f1:49:ef:d4:d1:47:
9e:cb:be:25:4b:0f:f6:16:bd:1c:ee:fd:0b:f0:80:d4:26:09:
c2:2c:82:40:fc:0b:05:ce:c5:d5:d6:fc:9b:3a:ea:b9:d7:c8:
a1:99:2f:32:e3:22:4e:ee:30:51:79:04:af:3c:23:76:d8:14:
b5:50:80:52:b9:71:97:fc:e8:ea:49:ae:43:d8:27:db:35:5f:
30:cb:4e:6d:c4:1a:78:7b:23:73:1e:3e:5f:99:38:79:a0:24:
09:5f:b7:88:f3:23:7d:42:8e:b1:42:8e:e5:c0:ec:10:11:28:
35:96:fb:0e:95:85:4e:41:72:43:0d:9c:15:68:63:91:1b:0f:
7b:a0:db:f0:12:09:6d:98:57:f4:5f:dc:ff:19:07:76:f6:af:
07:79:6e:37:dd:cd:f9:70:00:04:6e:ea:47:19:70:7b:e9:3e:
6b:ca:c1:50:23:14:ea:92:81:fd:86:ba:2c:53:fb:54:7e:42:
4c:cc:1d:c7:8b:a3:87:3b:de:39:d0:71:7a:43:38:66:2b:63:
ed:48:d5:e1:cb:c2:cc:ee:80:c7:54:b4:0f:7a:71:b4:eb:f6:
97:ff:a9:31:0f:d4:97:e9:1e:5c:8a:6b:3c:52:e8:74:e1:00:
3a:5a:80:4e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOf4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDUy
MTUyMjlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc5N0U5RkEzNDExNUVD
MUE2QjUxMDU4OTRDMTgyMEYwNURGQ0FEREQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeeBpbXmAIqIr92QsVxaXG82DInIVjas31HV0A7+GbLZYCEQSR
ITTt0+2o77gr1hyuC08or4nZFdctjZZn0XG2VLWIm6MTYryDVhboeSzy+bmDaqUs
DsiVuFdX95dBAqIEYpp/wl2UtJuQpK/iT+Y4l/9xCHMQ1KhIE2q+9i+5TalbLjhq
xdVYH/xMMJa8qwGLhz2RDMKW16rxHAeTAcipYh5nQh87WbLG0bIfJcV9fphihBKY
CjJ3TFQujkRUA6VbaLpdFxi4VwrzYudJkl+/6/5lFqYMKFwxvSrcmwWw18iglkVA
bW9vNS15Ob1EscTbfEqz3A87J9qq7P48Tjp7AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUeX6fo0EV7BprUQWJTBgg8F38rd0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2VYNmZvMEVWN0JwclVR
V0pUQmdnOEYzOHJkMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEArVmfuUF8Uh2fA6kc8Unv1NFHnsu+JUsP
9ha9HO79C/CA1CYJwiyCQPwLBc7F1db8mzrqudfIoZkvMuMiTu4wUXkErzwjdtgU
tVCAUrlxl/zo6kmuQ9gn2zVfMMtObcQaeHsjcx4+X5k4eaAkCV+3iPMjfUKOsUKO
5cDsEBEoNZb7DpWFTkFyQw2cFWhjkRsPe6Db8BIJbZhX9F/c/xkHdvavB3luN93N
+XAABG7qRxlwe+k+a8rBUCMU6pKB/Ya6LFP7VH5CTMwdx4ujhzveOdBxekM4Zitj
7UjV4cvCzO6Ax1S0D3pxtOv2l/+pMQ/Ul+keXIprPFLodOEAOlqATg==
-----END CERTIFICATE-----
Generated at Sat May 17 19:49:08 2025 by rpki-client