Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jJkGMek5mnUvD5UmZUU7SjDmmZw.roa
File: jJkGMek5mnUvD5UmZUU7SjDmmZw.roa (raw, json)
Hash identifier: pYW1amXHOCxZRgV1MHUOENfDug5Oqax1OcnhCCSb3VA=
Subject key identifier: 8C:99:06:31:E9:39:9A:75:2F:0F:95:26:65:45:3B:4A:30:E6:99:9C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4D6E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jJkGMek5mnUvD5UmZUU7SjDmmZw.roa
Signing time: Wed 01 May 2024 19:53:39 +0000
ROA not before: Wed 01 May 2024 19:53:39 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19822 (0x4d6e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 19:53:39 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8C990631E9399A752F0F952665453B4A30E6999C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:c5:56:94:ff:fa:6f:1d:73:c2:5c:c1:fd:c0:
db:da:fe:41:a8:1c:b6:14:8e:c8:bf:07:10:84:7a:
84:94:07:78:e6:d3:ab:52:39:5d:e1:a9:b8:5d:c5:
84:cf:65:7d:ea:fb:ba:3b:f7:90:f6:5c:3c:db:07:
41:60:81:99:a8:4a:6b:dd:c3:c7:e7:19:25:5b:0d:
cd:34:14:5b:5d:cd:37:5f:d8:a8:25:af:09:c2:34:
18:69:08:ac:e9:4b:19:fd:ad:96:dd:9e:41:de:84:
ab:b5:dd:91:ba:d9:31:30:e4:d8:7d:c5:0b:17:13:
87:97:e1:60:e9:d8:5a:b5:41:e5:57:b2:23:6d:94:
d1:ff:46:46:df:e7:b0:b0:f6:04:92:bb:0f:0b:fa:
a6:37:16:88:08:e7:35:7f:12:43:ce:01:04:74:0a:
f1:d8:1d:e1:8b:a3:d8:70:29:05:69:92:88:d5:34:
7b:22:a8:a6:ce:3a:0c:49:81:bf:5b:e7:f2:31:44:
15:ff:2b:27:9b:43:7d:04:25:92:5f:a5:0c:19:54:
9f:4f:15:34:79:ea:99:34:fa:b1:60:a1:f2:c3:22:
22:be:68:83:49:2a:85:ac:51:94:b8:89:23:a7:78:
69:89:0d:a2:e7:38:ea:fc:04:d7:09:dd:41:36:5f:
12:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:99:06:31:E9:39:9A:75:2F:0F:95:26:65:45:3B:4A:30:E6:99:9C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jJkGMek5mnUvD5UmZUU7SjDmmZw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ac:90:8b:bb:a6:7f:bb:34:6d:cf:14:2a:7d:8e:d3:4d:46:ce:
07:f7:cd:b4:38:d8:fb:02:50:a3:e0:76:34:d3:a2:a3:aa:a8:
71:ab:f3:f7:e6:01:1e:f9:23:cc:c5:2a:1f:d5:b6:94:73:6f:
cb:71:ce:a7:b3:ef:08:a0:56:65:0d:88:91:0e:a8:9f:de:d3:
65:c8:0a:fd:b7:59:e7:26:39:23:64:59:00:b8:da:83:3e:6a:
c2:3b:a3:51:c5:f5:9c:99:54:95:c7:81:36:33:29:1a:cb:78:
8d:27:31:a9:e5:9a:62:fb:84:5d:f0:b2:30:82:be:c4:33:f3:
81:51:ff:45:ec:3a:53:d7:04:8d:e4:9e:e4:33:e2:60:d1:47:
7f:2b:d0:1e:19:8f:5c:94:76:c8:2f:48:70:45:5f:b0:de:6f:
8f:0e:c8:67:95:71:96:f5:7a:eb:30:8a:3c:29:e6:84:f0:f6:
2c:76:c3:5c:2e:e3:4a:78:4a:fd:ab:8f:12:41:7e:79:14:04:
5d:06:a4:ea:4a:07:9b:f7:44:3b:30:9b:9f:eb:6f:e5:63:7f:
55:6e:c7:76:a7:25:a8:79:05:91:3a:67:68:ac:ed:4e:6f:71:
ec:47:d0:8d:cc:5a:f7:bb:8b:f1:5e:28:2f:00:a3:46:ea:53:
48:90:12:27
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTW4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEx
OTUzMzlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhDOTkwNjMxRTkzOTlB
NzUyRjBGOTUyNjY1NDUzQjRBMzBFNjk5OUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwxVaU//pvHXPCXMH9wNva/kGoHLYUjsi/BxCEeoSUB3jm06tS
OV3hqbhdxYTPZX3q+7o795D2XDzbB0FggZmoSmvdw8fnGSVbDc00FFtdzTdf2Kgl
rwnCNBhpCKzpSxn9rZbdnkHehKu13ZG62TEw5Nh9xQsXE4eX4WDp2Fq1QeVXsiNt
lNH/Rkbf57Cw9gSSuw8L+qY3FogI5zV/EkPOAQR0CvHYHeGLo9hwKQVpkojVNHsi
qKbOOgxJgb9b5/IxRBX/KyebQ30EJZJfpQwZVJ9PFTR56pk0+rFgofLDIiK+aINJ
KoWsUZS4iSOneGmJDaLnOOr8BNcJ3UE2XxLxAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUjJkGMek5mnUvD5UmZUU7SjDmmZwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pKa0dNZWs1bW5VdkQ1
VW1aVVU3U2pEbW1ady5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEArJCLu6Z/uzRtzxQqfY7TTUbOB/fNtDjY
+wJQo+B2NNOio6qocavz9+YBHvkjzMUqH9W2lHNvy3HOp7PvCKBWZQ2IkQ6on97T
ZcgK/bdZ5yY5I2RZALjagz5qwjujUcX1nJlUlceBNjMpGst4jScxqeWaYvuEXfCy
MIK+xDPzgVH/Rew6U9cEjeSe5DPiYNFHfyvQHhmPXJR2yC9IcEVfsN5vjw7IZ5Vx
lvV66zCKPCnmhPD2LHbDXC7jSnhK/auPEkF+eRQEXQak6koHm/dEOzCbn+tv5WN/
VW7HdqclqHkFkTpnaKztTm9x7EfQjcxa97uL8V4oLwCjRupTSJASJw==
-----END CERTIFICATE-----
Generated at Sat May 17 23:34:06 2025 by rpki-client