Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/h5h2L0qZbKoFmy070viP4-uMeKI.roa
File: h5h2L0qZbKoFmy070viP4-uMeKI.roa (raw, json)
Hash identifier: opu1QLRUmepUSgThd7JVPw2feNdCCPuKU1uMFj7FD+M=
Subject key identifier: 87:98:76:2F:4A:99:6C:AA:05:9B:2D:3B:D2:F8:8F:E3:EB:8C:78:A2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3DD6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/h5h2L0qZbKoFmy070viP4-uMeKI.roa
Signing time: Thu 11 Apr 2024 00:52:47 +0000
ROA not before: Thu 11 Apr 2024 00:52:47 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15830 (0x3dd6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 00:52:47 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8798762F4A996CAA059B2D3BD2F88FE3EB8C78A2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:6c:d6:4d:ce:8b:98:09:d2:2e:e5:b6:b4:00:
eb:8f:e9:39:a0:dd:fe:a2:22:3c:85:5b:27:f4:c3:
3a:2e:d0:90:d6:3b:8b:36:7e:ca:2a:45:da:d1:56:
22:5a:1a:c4:7c:ab:fa:2b:83:5c:e4:42:97:58:25:
e2:d4:5d:70:7b:f3:91:e5:6c:f6:7a:17:dc:6d:7b:
1e:8c:92:0e:8c:be:e8:59:e5:60:db:16:c5:19:36:
a9:92:4c:6a:10:b0:e4:6c:8d:be:d6:5b:de:d2:09:
99:90:fd:8f:1e:9d:17:b5:0b:a2:77:c7:e7:d8:1a:
ec:08:e1:28:91:8c:44:c5:4c:1f:7a:74:19:9b:f2:
8c:bb:f2:77:a4:96:d9:e8:b4:c6:fd:8a:5d:76:1b:
16:86:9e:c3:30:b1:2e:47:4a:56:e7:dd:b1:83:b0:
7f:1b:cf:a3:87:63:f5:46:8d:24:81:b7:fd:7a:e3:
7e:f5:e9:02:30:9c:4f:50:26:9c:4a:7c:e3:e4:8d:
46:02:67:9c:01:80:8d:18:11:6b:d0:53:c2:e0:5f:
8c:09:a8:e2:d2:05:e4:57:75:ea:49:a8:81:70:d0:
f2:62:76:1b:80:c5:9a:19:4f:20:ca:f1:90:ec:be:
6c:f4:a8:11:81:64:6b:5e:bf:b7:72:5f:d5:8f:ea:
68:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:98:76:2F:4A:99:6C:AA:05:9B:2D:3B:D2:F8:8F:E3:EB:8C:78:A2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/h5h2L0qZbKoFmy070viP4-uMeKI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6a:b1:2a:80:b9:91:4b:e3:24:88:b0:2c:57:20:bf:98:19:0d:
6a:66:c9:21:8c:75:c3:96:ab:60:a9:70:a9:52:4c:c0:8a:21:
42:ca:a0:61:f0:eb:73:cc:d3:f2:f9:d6:82:0c:0d:45:d7:87:
ed:23:85:1e:ec:09:ad:8c:99:b3:46:7e:f4:f7:df:ab:68:56:
89:59:a1:71:61:d2:09:0a:fd:2c:3f:21:26:4f:0b:9c:ef:99:
40:d2:7c:e0:06:a1:ba:1e:b3:17:c4:93:d1:14:2b:39:73:6a:
77:36:ca:96:88:de:8b:c4:e9:a8:29:33:eb:a6:f3:84:0a:9b:
a8:63:4e:99:83:76:02:b1:22:03:8c:2b:5d:4d:dd:df:85:19:
2c:7d:ab:db:d2:2a:0f:8a:ae:86:32:25:dc:e5:63:7d:e9:0c:
43:45:09:3d:0f:66:38:4e:33:5b:52:80:03:a8:46:26:8a:b4:
6d:6c:89:86:e1:50:fd:c5:c6:aa:ba:b1:f2:84:7b:17:2f:e4:
d5:3c:e5:d4:6b:46:1d:9b:e8:bf:5d:b8:28:d4:1c:a8:c7:8c:
01:1e:71:bc:d7:a6:48:05:2e:57:14:46:25:ef:d1:ab:b6:43:
30:c6:cb:e2:1e:69:35:8d:e0:2f:82:d4:f0:f7:0b:e0:e3:89:
ab:4b:2e:bc
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPdYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEw
MDUyNDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg3OTg3NjJGNEE5OTZD
QUEwNTlCMkQzQkQyRjg4RkUzRUI4Qzc4QTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTbNZNzouYCdIu5ba0AOuP6Tmg3f6iIjyFWyf0wzou0JDWO4s2
fsoqRdrRViJaGsR8q/org1zkQpdYJeLUXXB785HlbPZ6F9xtex6Mkg6MvuhZ5WDb
FsUZNqmSTGoQsORsjb7WW97SCZmQ/Y8enRe1C6J3x+fYGuwI4SiRjETFTB96dBmb
8oy78nekltnotMb9il12GxaGnsMwsS5HSlbn3bGDsH8bz6OHY/VGjSSBt/164371
6QIwnE9QJpxKfOPkjUYCZ5wBgI0YEWvQU8LgX4wJqOLSBeRXdepJqIFw0PJidhuA
xZoZTyDK8ZDsvmz0qBGBZGtev7dyX9WP6mgpAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUh5h2L0qZbKoFmy070viP4+uMeKIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2g1aDJMMHFaYktvRm15
MDcwdmlQNC11TWVLSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAarEqgLmRS+MkiLAsVyC/mBkNambJIYx1
w5arYKlwqVJMwIohQsqgYfDrc8zT8vnWggwNRdeH7SOFHuwJrYyZs0Z+9Pffq2hW
iVmhcWHSCQr9LD8hJk8LnO+ZQNJ84Aahuh6zF8ST0RQrOXNqdzbKlojei8TpqCkz
66bzhAqbqGNOmYN2ArEiA4wrXU3d34UZLH2r29IqD4quhjIl3OVjfekMQ0UJPQ9m
OE4zW1KAA6hGJoq0bWyJhuFQ/cXGqrqx8oR7Fy/k1Tzl1GtGHZvov124KNQcqMeM
AR5xvNemSAUuVxRGJe/Rq7ZDMMbL4h5pNY3gL4LU8PcL4OOJq0suvA==
-----END CERTIFICATE-----
Generated at Sat May 17 22:40:16 2025 by rpki-client