Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hJvllDHiZs_Qz4pIj4mxWTFiaBc.roa
File: hJvllDHiZs_Qz4pIj4mxWTFiaBc.roa (raw, json)
Hash identifier: TiR/QHmNpwfOlFvIUp85VsOlKcsE8Sq2565XnbFVTcM=
Subject key identifier: 84:9B:E5:94:31:E2:66:CF:D0:CF:8A:48:8F:89:B1:59:31:62:68:17
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3786
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hJvllDHiZs_Qz4pIj4mxWTFiaBc.roa
Signing time: Tue 02 Apr 2024 14:52:20 +0000
ROA not before: Tue 02 Apr 2024 14:52:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14214 (0x3786)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 2 14:52:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=849BE59431E266CFD0CF8A488F89B15931626817
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:08:ff:f4:e9:11:3d:6b:ba:2b:35:f9:ee:a9:
b7:0f:08:b6:d3:1f:01:70:ce:f6:ae:b2:3d:77:47:
7c:f8:d8:b7:48:ca:a1:b5:3b:84:8a:4a:e4:4c:9e:
b9:b9:99:00:ae:12:28:ce:73:ac:d5:7e:92:85:3c:
de:42:b1:31:33:13:5c:d7:a8:cb:c5:fd:92:a2:0e:
d5:f9:8a:c9:52:e5:c6:2f:1b:a5:41:53:6c:71:71:
15:92:e7:69:62:3b:6e:92:e3:80:1a:ae:90:f4:04:
dc:5e:00:b0:39:1f:40:44:fb:e9:94:bd:77:07:c5:
71:1c:82:a2:99:de:c6:9c:07:6b:d6:af:88:65:6e:
41:cc:55:82:ab:a4:42:6f:01:8b:e6:d3:58:9f:2e:
7e:5e:1c:c0:02:27:60:ae:b6:6f:4e:49:3c:4b:8f:
fa:26:24:55:cf:f9:49:40:23:b7:1b:34:81:98:85:
27:6a:50:c8:4a:69:de:3d:b2:7d:f5:6e:8b:e5:f6:
22:96:64:37:43:17:10:30:89:b3:80:64:bb:14:48:
5a:4e:79:eb:98:19:fe:dd:63:2c:d9:3c:4c:a2:7f:
b5:1d:41:45:86:4c:05:28:c2:0a:60:f2:22:d4:95:
98:0f:40:40:d9:a2:07:da:1e:ad:75:15:c8:f6:f3:
92:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:9B:E5:94:31:E2:66:CF:D0:CF:8A:48:8F:89:B1:59:31:62:68:17
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hJvllDHiZs_Qz4pIj4mxWTFiaBc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
40:e6:19:b4:d7:3f:75:14:b3:54:4a:5a:68:f9:86:9f:30:40:
8a:9e:0e:0a:b5:bb:4d:d2:85:a4:f1:ff:a4:07:c4:a5:45:60:
11:f5:76:83:82:23:d6:2c:6b:96:38:ee:81:4a:8c:0f:ea:23:
25:c7:17:00:ad:55:30:a8:3d:84:5b:cc:74:91:9d:b1:d3:ed:
c2:bd:1b:64:8e:a9:5c:a7:91:46:32:b7:2c:c6:6e:df:5d:e4:
ae:05:21:59:99:1b:f9:8a:f4:0b:34:b1:1c:bf:74:56:31:2f:
42:ff:ff:c1:38:97:96:fd:0e:c2:7f:2a:a1:f6:5f:77:aa:b5:
15:01:c8:a0:4d:c2:a0:e3:99:c1:d6:f8:a2:f1:45:20:6a:76:
dc:e1:58:03:4c:64:66:f7:78:91:74:1b:9f:db:6d:0c:4e:39:
f9:86:db:4e:90:25:34:97:eb:1c:8f:fb:0e:da:c0:4b:81:e6:
92:cc:fc:45:35:f6:94:9f:63:b3:b9:3d:01:79:a5:f9:e3:40:
7e:9b:68:2d:44:55:c8:cc:32:a1:f9:9b:04:29:10:61:f2:8d:
84:2b:cc:28:1f:24:71:b4:55:f9:b4:8b:54:63:31:11:40:c6:
9e:72:90:08:de:39:ad:e4:d9:c8:29:ea:f8:b1:2a:2b:ae:5c:
e6:31:30:69
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICN4YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDIx
NDUyMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg0OUJFNTk0MzFFMjY2
Q0ZEMENGOEE0ODhGODlCMTU5MzE2MjY4MTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDECP/06RE9a7orNfnuqbcPCLbTHwFwzvausj13R3z42LdIyqG1
O4SKSuRMnrm5mQCuEijOc6zVfpKFPN5CsTEzE1zXqMvF/ZKiDtX5islS5cYvG6VB
U2xxcRWS52liO26S44AarpD0BNxeALA5H0BE++mUvXcHxXEcgqKZ3sacB2vWr4hl
bkHMVYKrpEJvAYvm01ifLn5eHMACJ2Cutm9OSTxLj/omJFXP+UlAI7cbNIGYhSdq
UMhKad49sn31bovl9iKWZDdDFxAwibOAZLsUSFpOeeuYGf7dYyzZPEyif7UdQUWG
TAUowgpg8iLUlZgPQEDZogfaHq11Fcj285JzAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUhJvllDHiZs/Qz4pIj4mxWTFiaBcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hKdmxsREhpWnNfUXo0
cElqNG14V1RGaWFCYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAQOYZtNc/dRSzVEpaaPmGnzBAip4OCrW7
TdKFpPH/pAfEpUVgEfV2g4Ij1ixrljjugUqMD+ojJccXAK1VMKg9hFvMdJGdsdPt
wr0bZI6pXKeRRjK3LMZu313krgUhWZkb+Yr0CzSxHL90VjEvQv//wTiXlv0Own8q
ofZfd6q1FQHIoE3CoOOZwdb4ovFFIGp23OFYA0xkZvd4kXQbn9ttDE45+YbbTpAl
NJfrHI/7DtrAS4Hmksz8RTX2lJ9js7k9AXml+eNAfptoLURVyMwyofmbBCkQYfKN
hCvMKB8kcbRV+bSLVGMxEUDGnnKQCN45reTZyCnq+LEqK65c5jEwaQ==
-----END CERTIFICATE-----
Generated at Sat May 17 19:48:45 2025 by rpki-client