Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hY-5jyW_s_UqHnB-Tri1Yk7va08.roa
File: hY-5jyW_s_UqHnB-Tri1Yk7va08.roa (raw, json)
Hash identifier: uId1TyCK9Q2ePeg59lLdjo6EFRHIPjXlr4gpXN5ssK4=
Subject key identifier: 85:8F:B9:8F:25:BF:B3:F5:2A:1E:70:7E:4E:B8:B5:62:4E:EF:6B:4F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54C2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hY-5jyW_s_UqHnB-Tri1Yk7va08.roa
Signing time: Sat 11 May 2024 14:24:09 +0000
ROA not before: Sat 11 May 2024 14:24:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21698 (0x54c2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 14:24:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=858FB98F25BFB3F52A1E707E4EB8B5624EEF6B4F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:79:10:82:14:4f:68:ea:90:41:e3:c5:cd:9c:
09:98:da:d7:91:1f:aa:7e:07:b0:87:13:56:49:72:
a3:ad:01:7b:7f:87:20:23:b4:07:ea:47:43:99:90:
45:04:eb:77:b8:79:b5:3f:37:b4:59:b8:9c:97:21:
8b:08:e2:e6:4b:57:87:9d:92:66:3d:a4:3a:8c:89:
19:ee:ab:b4:c8:c3:13:a1:bc:88:6e:4d:62:05:37:
4f:62:50:6d:74:db:5e:a3:8f:ac:c1:24:dc:f1:e9:
98:53:ee:5a:f9:72:db:76:65:a2:f7:53:f1:f2:b6:
bb:e2:0b:98:3f:38:4d:e3:cf:cc:0b:ad:3c:33:1d:
a1:dc:06:7b:1e:bc:a9:d2:70:e0:2f:83:c8:5e:ab:
3c:75:70:9d:f5:82:65:cc:ee:ef:55:01:8e:7e:e3:
9d:9c:a8:65:f6:28:ec:d3:51:e1:b2:56:a0:4e:50:
92:ef:c6:99:1c:1e:f8:13:a5:04:de:f8:e5:86:83:
2d:c2:af:6c:3f:6c:21:17:e6:d6:7f:1a:9c:5b:a3:
87:c7:07:0c:79:9a:3c:47:11:21:72:d1:fe:7e:63:
64:db:0a:c3:14:7a:f7:0b:da:20:47:b7:ca:3b:5e:
63:5c:63:26:0a:83:35:ec:65:48:d9:40:dd:da:1a:
e4:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:8F:B9:8F:25:BF:B3:F5:2A:1E:70:7E:4E:B8:B5:62:4E:EF:6B:4F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hY-5jyW_s_UqHnB-Tri1Yk7va08.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
08:af:c6:ef:74:88:14:27:9d:c9:c1:89:f3:e2:7b:53:da:e8:
0d:a4:06:89:5c:bc:57:c1:8d:cd:13:9c:41:cf:2b:3f:a2:d2:
81:4e:d1:28:e3:f2:d8:b9:ba:b7:a2:b9:12:1f:93:64:a7:91:
a9:8b:e3:8c:95:0d:8e:50:1e:8c:a6:7c:6f:1d:cd:16:97:4e:
f1:b0:8f:2b:62:76:51:6b:45:96:f6:69:b7:f7:df:3e:17:c7:
2e:5b:aa:b8:f5:38:9e:4b:fa:be:e4:86:ef:63:e0:1e:02:b0:
11:22:e1:dc:ae:c8:0b:26:d8:ff:32:82:c4:7c:8d:d0:7f:e6:
cc:07:46:0d:23:8d:e7:75:05:cc:ab:7d:91:34:62:76:70:ea:
9b:30:cd:4a:78:f9:9d:d5:93:60:ac:25:7e:26:1d:e6:fb:6e:
d1:78:5e:f7:1c:c2:26:b5:89:5b:88:cd:e7:87:3e:4b:a0:5e:
1c:76:52:e1:55:33:3f:5b:37:e3:5c:e4:b9:e8:74:ee:fa:6f:
83:20:42:9f:80:8f:66:e9:20:e7:57:ca:d2:33:a4:34:cb:6f:
69:f9:31:f6:6f:89:f2:5e:bb:31:71:98:08:48:d4:1b:47:4b:
04:3a:79:6b:ce:c6:f1:e9:08:4e:ae:89:85:67:77:60:59:31:
b7:27:73:45
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVMIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEx
NDI0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg1OEZCOThGMjVCRkIz
RjUyQTFFNzA3RTRFQjhCNTYyNEVFRjZCNEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCueRCCFE9o6pBB48XNnAmY2teRH6p+B7CHE1ZJcqOtAXt/hyAj
tAfqR0OZkEUE63e4ebU/N7RZuJyXIYsI4uZLV4edkmY9pDqMiRnuq7TIwxOhvIhu
TWIFN09iUG10216jj6zBJNzx6ZhT7lr5ctt2ZaL3U/HytrviC5g/OE3jz8wLrTwz
HaHcBnsevKnScOAvg8heqzx1cJ31gmXM7u9VAY5+452cqGX2KOzTUeGyVqBOUJLv
xpkcHvgTpQTe+OWGgy3Cr2w/bCEX5tZ/Gpxbo4fHBwx5mjxHESFy0f5+Y2TbCsMU
evcL2iBHt8o7XmNcYyYKgzXsZUjZQN3aGuSLAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUhY+5jyW/s/UqHnB+Tri1Yk7va08wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hZLTVqeVdfc19VcUhu
Qi1UcmkxWWs3dmEwOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEACK/G73SIFCedycGJ8+J7U9roDaQGiVy8
V8GNzROcQc8rP6LSgU7RKOPy2Lm6t6K5Eh+TZKeRqYvjjJUNjlAejKZ8bx3NFpdO
8bCPK2J2UWtFlvZpt/ffPhfHLluquPU4nkv6vuSG72PgHgKwESLh3K7ICybY/zKC
xHyN0H/mzAdGDSON53UFzKt9kTRidnDqmzDNSnj5ndWTYKwlfiYd5vtu0Xhe9xzC
JrWJW4jN54c+S6BeHHZS4VUzP1s341zkueh07vpvgyBCn4CPZukg51fK0jOkNMtv
afkx9m+J8l67MXGYCEjUG0dLBDp5a87G8ekITq6JhWd3YFkxtydzRQ==
-----END CERTIFICATE-----
Generated at Sat May 17 22:38:24 2025 by rpki-client