Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kDtbkd00Pi_XPRyRNUnK9CA9NDg.roa
File: kDtbkd00Pi_XPRyRNUnK9CA9NDg.roa (raw, json)
Hash identifier: CSYRiaIIfAF2GmyP6lSkX+8rD68P001r2xTSmII2yAA=
Subject key identifier: 90:3B:5B:91:DD:34:3E:2F:D7:3D:1C:91:35:49:CA:F4:20:3D:34:38
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3DCA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kDtbkd00Pi_XPRyRNUnK9CA9NDg.roa
Signing time: Wed 10 Apr 2024 23:22:45 +0000
ROA not before: Wed 10 Apr 2024 23:22:45 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15818 (0x3dca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 23:22:45 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=903B5B91DD343E2FD73D1C913549CAF4203D3438
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:cb:a9:6c:21:26:fc:1a:a5:db:84:d8:98:e6:
00:93:92:0a:20:ea:a4:70:11:85:b5:0d:55:55:ca:
f0:99:20:52:44:f5:de:4f:bd:78:60:15:d0:9d:f1:
ef:ad:09:de:4c:88:5f:d5:d0:cf:7b:b6:74:2a:67:
41:7c:8e:e7:ae:13:0e:d0:b7:fa:fc:07:ef:e6:b5:
dc:6e:c2:a2:bb:7c:17:0a:eb:b1:3a:3a:26:89:8e:
72:49:ee:c1:03:3e:f0:3b:dd:11:26:58:9c:3b:c4:
78:fb:9d:52:51:c1:c7:5a:0f:e2:bd:b9:c2:5a:7e:
b2:94:43:4c:21:a2:72:52:6f:7f:97:19:f9:3f:13:
34:b8:bf:d4:ac:a6:54:04:1f:ad:aa:7e:86:04:5f:
c3:db:f2:73:d2:f0:87:b1:36:04:8a:51:26:01:9f:
28:24:3d:d9:2e:1f:5d:fc:2c:f3:21:5d:69:4b:6f:
21:99:ef:0c:ae:8b:14:0b:5c:c0:90:4e:95:2c:b2:
b4:97:1f:31:06:df:ce:65:28:aa:10:bc:1f:29:ae:
0a:ac:66:23:d2:c2:98:f9:d9:a8:ff:66:b7:c6:e3:
e3:a9:ef:1c:6d:6c:db:70:77:f3:3f:43:eb:e2:28:
ba:5f:92:4c:1a:cc:aa:c7:9a:87:ac:c2:86:d3:12:
96:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:3B:5B:91:DD:34:3E:2F:D7:3D:1C:91:35:49:CA:F4:20:3D:34:38
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kDtbkd00Pi_XPRyRNUnK9CA9NDg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
0e:30:59:0a:e0:dc:bc:f0:5d:be:f5:de:da:96:7f:d2:30:5b:
72:65:bd:e0:e4:de:3c:ee:cc:b3:29:92:c2:eb:8b:c6:82:a2:
b8:9e:75:e7:46:08:2c:0b:14:81:1a:13:ae:fa:5d:0e:11:48:
bd:3c:47:10:e1:a0:43:19:3e:be:07:e8:58:0d:e5:c6:a0:8d:
31:73:8f:d7:6f:37:59:f2:8a:90:08:95:ef:d0:e4:17:ed:42:
01:9f:58:d6:b7:d9:ec:7b:be:8d:3e:1f:a2:98:07:a5:a7:40:
46:22:8b:a5:28:d6:45:e6:f2:b3:38:92:1b:fa:82:8d:6f:8e:
b6:5a:1a:cb:a0:94:25:4d:92:0c:4a:0c:0a:59:c6:92:ca:73:
c5:74:45:cd:31:77:25:3f:96:94:39:80:9d:b3:0f:76:af:0d:
00:5e:38:ac:45:4c:19:54:ac:82:10:0b:51:48:6e:2c:2c:80:
c1:80:29:94:15:eb:09:a4:eb:57:75:21:55:e5:18:a6:2d:64:
89:8e:8e:12:be:92:87:29:dd:9f:74:c1:c4:de:86:9a:59:0e:
ee:f5:2b:37:bb:2a:f2:d5:df:b7:17:17:65:95:c8:e0:d6:2c:
62:b0:f1:87:34:91:ab:f3:dc:14:e2:29:17:61:16:20:0c:38:
82:e4:ae:49
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPcowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAy
MzIyNDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDkwM0I1QjkxREQzNDNF
MkZENzNEMUM5MTM1NDlDQUY0MjAzRDM0MzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCey6lsISb8GqXbhNiY5gCTkgog6qRwEYW1DVVVyvCZIFJE9d5P
vXhgFdCd8e+tCd5MiF/V0M97tnQqZ0F8jueuEw7Qt/r8B+/mtdxuwqK7fBcK67E6
OiaJjnJJ7sEDPvA73REmWJw7xHj7nVJRwcdaD+K9ucJafrKUQ0whonJSb3+XGfk/
EzS4v9SsplQEH62qfoYEX8Pb8nPS8IexNgSKUSYBnygkPdkuH138LPMhXWlLbyGZ
7wyuixQLXMCQTpUssrSXHzEG385lKKoQvB8prgqsZiPSwpj52aj/ZrfG4+Op7xxt
bNtwd/M/Q+viKLpfkkwazKrHmoeswobTEpa5AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUkDtbkd00Pi/XPRyRNUnK9CA9NDgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2tEdGJrZDAwUGlfWFBS
eVJOVW5LOUNBOU5EZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEADjBZCuDcvPBdvvXe2pZ/0jBbcmW94OTe
PO7MsymSwuuLxoKiuJ5150YILAsUgRoTrvpdDhFIvTxHEOGgQxk+vgfoWA3lxqCN
MXOP1283WfKKkAiV79DkF+1CAZ9Y1rfZ7Hu+jT4fopgHpadARiKLpSjWRebysziS
G/qCjW+Otloay6CUJU2SDEoMClnGkspzxXRFzTF3JT+WlDmAnbMPdq8NAF44rEVM
GVSsghALUUhuLCyAwYAplBXrCaTrV3UhVeUYpi1kiY6OEr6Shyndn3TBxN6GmlkO
7vUrN7sq8tXftxcXZZXI4NYsYrDxhzSRq/PcFOIpF2EWIAw4guSuSQ==
-----END CERTIFICATE-----
Generated at Sat May 17 19:41:14 2025 by rpki-client