Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jrfX34NdaU_ZZJpWXTauVPpOlcI.roa
File: jrfX34NdaU_ZZJpWXTauVPpOlcI.roa (raw, json)
Hash identifier: RNWpwZJdy66J32CJNyXoa8lkzF4QGBkbkRSykbPfRBg=
Subject key identifier: 8E:B7:D7:DF:83:5D:69:4F:D9:64:9A:56:5D:36:AE:54:FA:4E:95:C2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E52
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jrfX34NdaU_ZZJpWXTauVPpOlcI.roa
Signing time: Fri 03 May 2024 00:23:58 +0000
ROA not before: Fri 03 May 2024 00:23:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20050 (0x4e52)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 00:23:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8EB7D7DF835D694FD9649A565D36AE54FA4E95C2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:77:da:9a:27:10:c5:3b:bb:4c:78:b0:7f:61:
9d:60:93:7f:19:df:d2:97:1c:eb:62:66:7f:c9:b8:
36:d5:ae:4b:d1:0a:4e:a4:30:70:d8:eb:64:d0:47:
e1:2d:a5:72:5d:ac:eb:be:4c:56:96:39:8b:0d:f3:
d4:83:8e:24:fe:24:82:e4:7c:42:e9:45:ce:07:51:
3c:fe:2c:5a:48:aa:c8:cb:22:ac:bc:9b:31:3f:1f:
47:a7:c3:a7:e4:24:56:3c:90:28:75:1e:60:b3:72:
04:9c:49:56:67:00:68:df:d4:62:5e:4f:43:3b:2b:
d2:52:cb:10:41:34:11:62:ad:84:53:8b:cf:ce:c8:
9f:93:9e:b4:f2:ad:42:a7:48:50:0a:02:57:a3:3b:
18:f6:e2:cb:cc:ff:80:60:d1:19:35:8e:a2:3e:2f:
f5:e6:1b:2a:92:a5:cc:81:ea:b8:24:c7:3d:06:af:
e1:c3:91:51:39:07:00:0f:1a:a6:6f:59:d9:32:af:
6e:0d:03:5d:e1:ce:ea:c0:e1:71:07:01:ac:6f:bb:
2e:be:6d:e4:10:61:4c:2f:b2:b0:a7:d3:33:2a:ae:
e8:ef:e9:f9:d7:ad:a4:bd:03:9b:54:3a:70:a2:4b:
2b:55:ab:0e:34:35:87:7c:e5:10:48:3f:04:03:0a:
bd:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:B7:D7:DF:83:5D:69:4F:D9:64:9A:56:5D:36:AE:54:FA:4E:95:C2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jrfX34NdaU_ZZJpWXTauVPpOlcI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
10:6a:02:5d:76:8d:c1:35:ad:00:c7:44:ff:82:54:db:b8:a4:
87:e6:81:d4:92:dc:38:0e:13:7a:b0:08:84:ff:47:c9:87:02:
1c:cf:28:2e:09:d4:c9:f4:f4:2f:6f:e6:02:2f:dc:91:42:bd:
70:a2:29:18:94:62:43:46:71:0c:c6:28:f0:84:d2:4e:30:78:
44:4c:9b:43:e1:a1:19:2a:82:d6:9d:9d:21:d1:fa:3b:77:8a:
8c:df:11:d8:9c:a7:44:90:4e:c8:24:ac:f4:95:da:a0:77:d4:
de:ad:08:21:83:55:c1:ac:72:67:3b:1f:d3:e0:64:90:41:c6:
b5:8c:51:c0:7a:e5:20:31:15:fa:8b:e6:41:82:77:75:da:b5:
61:62:fc:28:3f:a5:4e:8d:e3:17:d7:a3:88:19:e0:81:0f:2f:
8f:f7:f1:b8:f6:94:00:08:70:55:38:7d:85:1c:7a:ce:25:d0:
31:07:49:fb:93:80:65:58:a2:7e:fa:ce:8f:02:0b:71:76:a6:
3d:74:96:cd:04:99:e6:1a:3d:1b:b4:df:db:f1:93:76:c4:49:
b2:c9:d3:46:25:6d:69:8c:72:1d:52:db:80:74:a6:5f:ad:44:
d6:6a:71:3d:3a:cd:f5:58:4b:45:3a:8e:b7:30:05:76:d1:a6:
e7:03:5e:ab
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTlIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMw
MDIzNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhFQjdEN0RGODM1RDY5
NEZEOTY0OUE1NjVEMzZBRTU0RkE0RTk1QzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCed9qaJxDFO7tMeLB/YZ1gk38Z39KXHOtiZn/JuDbVrkvRCk6k
MHDY62TQR+EtpXJdrOu+TFaWOYsN89SDjiT+JILkfELpRc4HUTz+LFpIqsjLIqy8
mzE/H0enw6fkJFY8kCh1HmCzcgScSVZnAGjf1GJeT0M7K9JSyxBBNBFirYRTi8/O
yJ+TnrTyrUKnSFAKAlejOxj24svM/4Bg0Rk1jqI+L/XmGyqSpcyB6rgkxz0Gr+HD
kVE5BwAPGqZvWdkyr24NA13hzurA4XEHAaxvuy6+beQQYUwvsrCn0zMqrujv6fnX
raS9A5tUOnCiSytVqw40NYd85RBIPwQDCr25AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUjrfX34NdaU/ZZJpWXTauVPpOlcIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pyZlgzNE5kYVVfWlpK
cFdYVGF1VlBwT2xjSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAEGoCXXaNwTWtAMdE/4JU27ikh+aB1JLc
OA4TerAIhP9HyYcCHM8oLgnUyfT0L2/mAi/ckUK9cKIpGJRiQ0ZxDMYo8ITSTjB4
REybQ+GhGSqC1p2dIdH6O3eKjN8R2JynRJBOyCSs9JXaoHfU3q0IIYNVwaxyZzsf
0+BkkEHGtYxRwHrlIDEV+ovmQYJ3ddq1YWL8KD+lTo3jF9ejiBnggQ8vj/fxuPaU
AAhwVTh9hRx6ziXQMQdJ+5OAZViifvrOjwILcXamPXSWzQSZ5ho9G7Tf2/GTdsRJ
ssnTRiVtaYxyHVLbgHSmX61E1mpxPTrN9VhLRTqOtzAFdtGm5wNeqw==
-----END CERTIFICATE-----
Generated at Sat May 17 22:39:15 2025 by rpki-client