Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lT7fDnXavvu92JqyXgmET3UrKag.roa
File: lT7fDnXavvu92JqyXgmET3UrKag.roa (raw, json)
Hash identifier: E2BA+sDgAi3t77A20ppHSulecD9jnurw4BH/dhshpFs=
Subject key identifier: 95:3E:DF:0E:75:DA:BE:FB:BD:D8:9A:B2:5E:09:84:4F:75:2B:29:A8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 50DE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lT7fDnXavvu92JqyXgmET3UrKag.roa
Signing time: Mon 06 May 2024 09:53:50 +0000
ROA not before: Mon 06 May 2024 09:53:50 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20702 (0x50de)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 09:53:50 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=953EDF0E75DABEFBBDD89AB25E09844F752B29A8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:82:4f:e9:c7:52:9a:e4:2b:e5:a5:9e:c8:07:
c6:71:7a:5a:24:ac:41:99:06:e2:5d:e9:39:f0:00:
4d:f1:f4:18:82:2e:5a:f8:f8:0d:be:34:65:9a:28:
e1:f1:09:bc:aa:b5:70:a4:97:3e:9a:de:d4:67:cf:
54:76:79:c1:34:c7:93:06:6e:2a:59:a8:02:b4:88:
6f:16:fe:03:7e:c3:35:32:ff:46:b6:74:61:60:1b:
26:b1:70:b2:6e:e8:bd:a4:ce:aa:7d:7c:bc:21:46:
5a:4c:57:0f:a0:82:3b:99:19:cb:ee:7f:ee:a2:b3:
4f:95:20:d7:6f:17:bf:7c:59:1a:7a:71:e5:9f:60:
2d:d9:7b:99:a5:50:0c:9c:e5:13:50:29:7c:77:fb:
a6:f8:fe:0f:d6:c4:cb:20:1a:8c:ec:6f:63:03:6e:
d1:16:66:f3:9c:44:50:1c:32:79:fa:d2:f1:36:11:
27:f1:72:fb:e3:a7:62:d2:ab:f2:45:8d:6c:ad:ec:
62:06:80:91:ee:53:80:38:d4:8d:dd:ac:b5:04:cc:
fe:10:e5:ad:57:a8:5e:34:df:e3:7c:fa:2b:16:87:
f6:e9:c0:f4:b9:cf:3f:f0:5e:1d:d2:f3:c1:ca:d3:
46:0f:ac:9c:b8:0b:72:54:75:99:c3:f1:63:19:78:
7f:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:3E:DF:0E:75:DA:BE:FB:BD:D8:9A:B2:5E:09:84:4F:75:2B:29:A8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lT7fDnXavvu92JqyXgmET3UrKag.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
33:66:4b:87:88:ef:e8:ea:79:c0:2e:f8:b4:3d:a9:d6:77:12:
00:e9:e4:2b:c4:e3:fe:ea:b3:e1:bb:f8:28:ce:f0:74:53:e3:
db:b3:65:6e:6a:e0:fa:f8:a1:d4:71:31:ef:d0:a7:00:62:09:
04:ce:16:18:50:00:73:15:77:43:07:3f:da:f6:78:2d:eb:ea:
8a:99:e4:81:90:6e:71:38:0b:37:a2:71:3c:a0:1a:dc:6c:8e:
4a:58:b7:37:8f:50:cf:8e:c7:78:15:c0:7c:65:c8:7b:a5:f6:
5c:fa:7b:b9:24:de:bd:e6:d2:30:85:d0:7d:6e:28:40:cd:f6:
bf:54:c5:a9:82:65:7f:90:18:db:67:9a:0b:bd:65:76:86:30:
75:58:34:67:ce:aa:3c:a9:3f:4b:53:8a:0a:e5:6d:2d:b1:35:
ae:a3:b6:23:a1:36:08:36:7d:09:ca:f9:01:e3:d9:b5:c6:91:
16:bf:94:ba:28:ff:bf:aa:d4:13:33:50:99:b9:38:d6:8c:26:
54:67:f0:dd:01:ae:66:52:5c:7d:dc:eb:0e:22:8b:ba:0a:98:
85:e0:d4:60:b4:ff:67:b1:0f:7f:ba:15:c3:1d:ff:b7:4e:01:
fe:5e:a7:5f:79:be:8c:ab:b7:5e:da:c0:a4:ab:f2:46:fe:54:
ef:3a:4c:27
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICUN4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYw
OTUzNTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk1M0VERjBFNzVEQUJF
RkJCREQ4OUFCMjVFMDk4NDRGNzUyQjI5QTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDgk/px1Ka5CvlpZ7IB8ZxelokrEGZBuJd6TnwAE3x9BiCLlr4
+A2+NGWaKOHxCbyqtXCklz6a3tRnz1R2ecE0x5MGbipZqAK0iG8W/gN+wzUy/0a2
dGFgGyaxcLJu6L2kzqp9fLwhRlpMVw+ggjuZGcvuf+6is0+VINdvF798WRp6ceWf
YC3Ze5mlUAyc5RNQKXx3+6b4/g/WxMsgGozsb2MDbtEWZvOcRFAcMnn60vE2ESfx
cvvjp2LSq/JFjWyt7GIGgJHuU4A41I3drLUEzP4Q5a1XqF403+N8+isWh/bpwPS5
zz/wXh3S88HK00YPrJy4C3JUdZnD8WMZeH/LAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUlT7fDnXavvu92JqyXgmET3UrKagwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xUN2ZEblhhdnZ1OTJK
cXlYZ21FVDNVckthZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAM2ZLh4jv6Op5wC74tD2p1ncSAOnkK8Tj
/uqz4bv4KM7wdFPj27Nlbmrg+vih1HEx79CnAGIJBM4WGFAAcxV3Qwc/2vZ4Levq
ipnkgZBucTgLN6JxPKAa3GyOSli3N49Qz47HeBXAfGXIe6X2XPp7uSTevebSMIXQ
fW4oQM32v1TFqYJlf5AY22eaC71ldoYwdVg0Z86qPKk/S1OKCuVtLbE1rqO2I6E2
CDZ9Ccr5AePZtcaRFr+Uuij/v6rUEzNQmbk41owmVGfw3QGuZlJcfdzrDiKLugqY
heDUYLT/Z7EPf7oVwx3/t04B/l6nX3m+jKu3XtrApKvyRv5U7zpMJw==
-----END CERTIFICATE-----
Generated at Sat May 17 22:46:34 2025 by rpki-client