Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/g-xsOVZ13AqRkNWmzMLSkEVWpDw.roa
File: g-xsOVZ13AqRkNWmzMLSkEVWpDw.roa (raw, json)
Hash identifier: v8eymbeOJ8uCOSl11mui3oD1krc2xevm4rsbENlnWW8=
Subject key identifier: 83:EC:6C:39:56:75:DC:0A:91:90:D5:A6:CC:C2:D2:90:45:56:A4:3C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 40BA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/g-xsOVZ13AqRkNWmzMLSkEVWpDw.roa
Signing time: Sun 14 Apr 2024 21:22:52 +0000
ROA not before: Sun 14 Apr 2024 21:22:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16570 (0x40ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 21:22:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=83EC6C395675DC0A9190D5A6CCC2D2904556A43C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:d1:e9:ac:71:7c:40:27:22:ed:dd:21:b6:e6:
f4:e6:36:ec:44:59:ae:1e:e1:41:93:5b:ad:fa:0a:
19:9e:25:9f:9e:37:aa:e0:a8:bf:a9:4c:61:8b:52:
f7:da:b8:f8:69:39:f1:de:4e:8b:09:13:6f:e6:be:
6e:26:8e:d4:1e:98:7c:c7:c6:f5:ef:f8:9f:2f:4d:
41:a3:38:98:00:e6:6f:42:77:a3:d4:17:c2:d7:48:
a0:15:04:a3:40:4a:50:c1:55:2a:1d:47:f8:a2:6a:
05:86:f5:24:0c:a9:17:8c:8a:28:8e:2b:bc:ce:e3:
b3:b2:ea:c4:cc:6c:f2:81:3b:12:b6:3f:1c:00:f5:
7f:73:1f:23:58:a5:d7:d2:31:49:64:d8:cd:ce:bb:
c1:53:ac:e1:e6:d4:99:59:2a:dc:69:5d:b4:99:4b:
f5:08:2d:f7:4a:17:d5:36:82:b8:bd:96:0a:07:2e:
ec:a5:b4:b9:a4:07:35:63:d1:ee:4c:89:dc:67:d2:
84:33:26:2f:fb:3f:8c:0c:50:81:b0:05:4c:8d:d9:
c7:fa:6a:8b:3e:11:9e:da:1c:31:ef:05:15:63:94:
9a:30:3b:8b:0d:16:ff:24:81:34:f5:e5:00:76:c7:
a9:5f:7a:01:74:5f:2c:30:a2:e7:a7:3e:e0:57:b0:
39:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:EC:6C:39:56:75:DC:0A:91:90:D5:A6:CC:C2:D2:90:45:56:A4:3C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/g-xsOVZ13AqRkNWmzMLSkEVWpDw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
25:34:b1:05:63:7b:cb:b5:25:9e:86:ac:a1:69:ed:0e:5e:76:
24:ba:ab:82:0f:a5:a8:34:dd:e8:5f:da:6f:bd:93:4c:ff:83:
22:bf:05:85:f8:7b:89:82:bd:f1:a4:1f:c9:b8:14:d1:f9:f0:
f8:67:48:9e:68:a0:67:b0:97:1b:b0:fb:6e:e6:60:6e:ff:d4:
db:48:94:68:0a:f2:eb:8b:70:88:d4:62:28:7b:c1:35:eb:25:
d1:67:33:d1:71:5d:dd:0b:4e:dd:9b:6b:7b:f9:43:eb:fe:b5:
3a:a3:9b:9d:fb:2d:de:da:ef:ca:5c:d0:10:a8:9b:6b:b4:0d:
2a:74:a0:fe:30:45:52:1c:5f:77:c5:bc:36:a6:3f:4d:90:59:
2d:f1:e3:61:3c:81:54:a3:2c:ab:1e:23:22:60:69:24:4f:01:
03:fc:4a:a4:b3:49:73:62:63:3b:00:19:03:4d:ef:d8:ef:fe:
7d:9b:51:ff:46:45:97:2a:0c:cd:a7:a5:ef:1f:5b:fd:cf:95:
aa:6e:ad:e2:8c:6f:01:56:44:41:a8:7b:7f:3c:14:9c:1c:37:
6e:78:eb:94:d0:7f:71:07:a1:43:b9:ab:55:f3:c6:f5:c2:e8:
f7:f4:3f:4a:14:7e:d1:82:42:df:bb:0f:db:5a:37:6a:3a:ff:
d7:e7:b8:d1
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQLowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQy
MTIyNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgzRUM2QzM5NTY3NURD
MEE5MTkwRDVBNkNDQzJEMjkwNDU1NkE0M0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCs0emscXxAJyLt3SG25vTmNuxEWa4e4UGTW636ChmeJZ+eN6rg
qL+pTGGLUvfauPhpOfHeTosJE2/mvm4mjtQemHzHxvXv+J8vTUGjOJgA5m9Cd6PU
F8LXSKAVBKNASlDBVSodR/iiagWG9SQMqReMiiiOK7zO47Oy6sTMbPKBOxK2PxwA
9X9zHyNYpdfSMUlk2M3Ou8FTrOHm1JlZKtxpXbSZS/UILfdKF9U2gri9lgoHLuyl
tLmkBzVj0e5Midxn0oQzJi/7P4wMUIGwBUyN2cf6aos+EZ7aHDHvBRVjlJowO4sN
Fv8kgTT15QB2x6lfegF0XywwouenPuBXsDlHAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUg+xsOVZ13AqRkNWmzMLSkEVWpDwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2cteHNPVloxM0FxUmtO
V216TUxTa0VWV3BEdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAJTSxBWN7y7UlnoasoWntDl52JLqrgg+l
qDTd6F/ab72TTP+DIr8Fhfh7iYK98aQfybgU0fnw+GdInmigZ7CXG7D7buZgbv/U
20iUaAry64twiNRiKHvBNesl0Wcz0XFd3QtO3Ztre/lD6/61OqObnfst3trvylzQ
EKiba7QNKnSg/jBFUhxfd8W8NqY/TZBZLfHjYTyBVKMsqx4jImBpJE8BA/xKpLNJ
c2JjOwAZA03v2O/+fZtR/0ZFlyoMzael7x9b/c+Vqm6t4oxvAVZEQah7fzwUnBw3
bnjrlNB/cQehQ7mrVfPG9cLo9/Q/ShR+0YJC37sP21o3ajr/1+e40Q==
-----END CERTIFICATE-----
Generated at Sat May 17 22:44:27 2025 by rpki-client