Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ipFu_lJJjQK4MOyGxmz-VDJPhJE.roa
File: ipFu_lJJjQK4MOyGxmz-VDJPhJE.roa (raw, json)
Hash identifier: FyzVbFFin0JQbBd6SmqRQQuqS31AcnMwk3Hl2mE8FCI=
Subject key identifier: 8A:91:6E:FE:52:49:8D:02:B8:30:EC:86:C6:6C:FE:54:32:4F:84:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4D2A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ipFu_lJJjQK4MOyGxmz-VDJPhJE.roa
Signing time: Wed 01 May 2024 11:23:37 +0000
ROA not before: Wed 01 May 2024 11:23:37 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19754 (0x4d2a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 11:23:37 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8A916EFE52498D02B830EC86C66CFE54324F8491
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:15:c1:89:25:42:f1:59:90:7d:b6:4d:e9:99:
04:19:b5:ed:c6:05:02:41:97:98:4c:94:73:2c:ce:
2d:b5:6a:52:da:41:50:99:f1:fc:1b:c3:07:84:77:
7b:b0:32:99:42:a5:d0:7b:18:95:b5:8e:9b:23:7a:
59:6a:28:66:0e:c9:de:15:c9:bc:0d:ac:2d:d7:00:
8d:33:5d:12:9b:a4:49:85:93:7e:d5:35:1c:67:d8:
49:11:fd:0c:01:14:5a:ac:33:01:cd:4e:fd:b2:e4:
e1:9e:ff:77:f4:f4:7e:db:17:64:1a:aa:f7:a4:0f:
55:74:de:d1:25:09:f2:51:47:96:47:1c:01:14:26:
25:2e:b9:17:63:2d:f5:c7:ce:91:ba:b0:d7:bf:21:
8d:44:4b:64:58:51:e4:9f:7c:21:79:4f:d4:a2:3f:
72:73:64:9a:ca:5c:57:c4:fc:eb:51:b8:15:02:8e:
14:54:df:68:81:b2:cd:9c:c1:d4:a0:ac:3f:d4:7c:
c1:67:88:57:74:7e:67:28:ad:ce:3d:0f:b0:2e:16:
df:f7:ad:02:48:7d:c7:5c:21:ef:ce:98:c5:b0:c1:
43:ca:36:8e:44:a4:02:61:af:cd:30:a4:b2:a0:d6:
e0:cd:59:08:43:66:bd:c7:07:83:7a:49:1d:18:74:
33:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:91:6E:FE:52:49:8D:02:B8:30:EC:86:C6:6C:FE:54:32:4F:84:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ipFu_lJJjQK4MOyGxmz-VDJPhJE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
39:35:b7:5c:77:6a:a9:1d:1d:c7:aa:ca:a0:38:a4:09:03:8d:
6e:2e:d9:42:54:9a:74:5b:02:02:13:1f:d6:d6:0e:32:20:f6:
9f:7b:5f:8a:23:65:01:a8:27:2d:8b:79:e1:90:47:f4:2a:65:
00:8f:92:a4:1a:fd:a1:50:98:c0:e2:a6:19:54:5c:54:95:71:
51:f3:f0:c7:d9:1d:94:6b:61:6b:e7:6b:85:e3:11:98:34:e8:
8e:3d:c4:d9:b1:19:e3:b1:df:d4:25:db:f9:32:14:45:90:07:
ca:74:58:69:2b:55:38:ba:27:cf:af:02:ed:31:19:5b:64:82:
c7:da:ec:9f:31:05:b7:52:9f:5d:8d:e4:bb:ba:93:ba:60:2b:
27:d2:f2:be:60:22:39:85:b4:95:86:6b:85:53:c4:d1:54:32:
7e:3e:02:af:9b:d8:2b:33:7b:10:2f:2c:fd:83:48:6e:c0:cb:
ba:43:72:7a:48:cb:a9:f1:cf:3c:fc:b9:2d:9c:a2:09:48:86:
1e:5d:88:f1:90:78:5f:5f:e8:87:dc:e8:03:fa:1e:b5:cd:6a:
fb:b9:f3:6c:91:bc:c4:6a:99:bb:ab:12:d0:ef:7f:57:32:fb:
9a:67:4c:db:d8:b6:c4:2b:ef:a6:1e:20:8f:3a:49:0b:50:75:
6d:65:da:a3
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTSowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEx
MTIzMzdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhBOTE2RUZFNTI0OThE
MDJCODMwRUM4NkM2NkNGRTU0MzI0Rjg0OTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeFcGJJULxWZB9tk3pmQQZte3GBQJBl5hMlHMszi21alLaQVCZ
8fwbwweEd3uwMplCpdB7GJW1jpsjellqKGYOyd4VybwNrC3XAI0zXRKbpEmFk37V
NRxn2EkR/QwBFFqsMwHNTv2y5OGe/3f09H7bF2QaqvekD1V03tElCfJRR5ZHHAEU
JiUuuRdjLfXHzpG6sNe/IY1ES2RYUeSffCF5T9SiP3JzZJrKXFfE/OtRuBUCjhRU
32iBss2cwdSgrD/UfMFniFd0fmcorc49D7AuFt/3rQJIfcdcIe/OmMWwwUPKNo5E
pAJhr80wpLKg1uDNWQhDZr3HB4N6SR0YdDMlAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUipFu/lJJjQK4MOyGxmz+VDJPhJEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lwRnVfbEpKalFLNE1P
eUd4bXotVkRKUGhKRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAOTW3XHdqqR0dx6rKoDikCQONbi7ZQlSa
dFsCAhMf1tYOMiD2n3tfiiNlAagnLYt54ZBH9CplAI+SpBr9oVCYwOKmGVRcVJVx
UfPwx9kdlGtha+drheMRmDTojj3E2bEZ47Hf1CXb+TIURZAHynRYaStVOLonz68C
7TEZW2SCx9rsnzEFt1KfXY3ku7qTumArJ9LyvmAiOYW0lYZrhVPE0VQyfj4Cr5vY
KzN7EC8s/YNIbsDLukNyekjLqfHPPPy5LZyiCUiGHl2I8ZB4X1/oh9zoA/oetc1q
+7nzbJG8xGqZu6sS0O9/VzL7mmdM29i2xCvvph4gjzpJC1B1bWXaow==
-----END CERTIFICATE-----
Generated at Sat May 17 22:37:20 2025 by rpki-client