Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/mXKaYac2ukOT4Lpvc5FbNS8dlHI.roa
File: mXKaYac2ukOT4Lpvc5FbNS8dlHI.roa (raw, json)
Hash identifier: yTsQ6jItmjCrSu+ROX1/Mhl2r/2jiLa5wtvdRkwoWW0=
Subject key identifier: 99:72:9A:61:A7:36:BA:43:93:E0:BA:6F:73:91:5B:35:2F:1D:94:72
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35D2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mXKaYac2ukOT4Lpvc5FbNS8dlHI.roa
Signing time: Sun 31 Mar 2024 08:22:12 +0000
ROA not before: Sun 31 Mar 2024 08:22:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13778 (0x35d2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 08:22:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=99729A61A736BA4393E0BA6F73915B352F1D9472
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:46:3d:a9:2b:fa:e8:30:94:fe:2c:6a:d0:58:
04:a7:20:ee:99:db:c6:a6:69:84:a1:cf:b5:f0:dc:
5d:6f:0e:82:51:7a:19:6b:38:95:8f:2d:cf:df:d2:
23:61:76:b8:e5:09:a9:1f:f9:18:8b:a9:85:8e:52:
04:95:65:77:6a:82:9c:41:c1:9a:38:76:86:03:2e:
04:bf:59:18:12:5e:e8:dd:33:5f:d5:87:4d:c4:01:
57:86:77:cb:a3:74:27:92:f4:1a:46:d0:55:63:86:
07:e1:09:d2:d2:78:b8:b7:6a:8e:26:ba:c7:ed:49:
ec:53:53:e1:87:c3:ec:23:20:0f:7d:fd:b0:8e:88:
53:7e:3e:87:dd:79:0e:78:60:96:4e:21:03:e5:04:
47:58:cc:d1:d5:b1:70:a5:53:5a:9b:57:f4:6d:03:
3c:01:7d:0d:4d:c5:c1:44:6a:9a:0b:05:0a:f3:05:
eb:9a:cb:df:82:2e:26:8b:71:15:18:0d:7c:ac:c3:
dc:c2:b4:65:11:2c:d6:06:47:21:83:50:cd:fe:00:
e1:04:db:f8:13:d3:91:33:5a:f7:5f:7e:89:8e:54:
52:5f:cc:b7:2a:ff:27:5a:f8:5a:5e:8a:f9:81:11:
d6:df:9b:82:d9:f9:b3:91:61:c4:05:33:6c:50:c3:
f4:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:72:9A:61:A7:36:BA:43:93:E0:BA:6F:73:91:5B:35:2F:1D:94:72
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mXKaYac2ukOT4Lpvc5FbNS8dlHI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
62:a3:61:f3:82:b9:1f:83:e6:5f:17:ba:cc:5a:dc:5f:0e:fd:
ee:db:a3:fe:93:ef:e8:bc:e1:6b:2c:57:03:fd:32:34:d7:57:
13:76:e3:26:30:7c:1e:88:f5:a5:c6:de:3c:2e:45:aa:32:d6:
ed:73:8e:c5:10:c6:40:34:99:68:fd:2c:4c:a8:f4:d3:9d:b3:
1a:41:a4:e6:0c:46:fa:03:ac:c9:94:70:99:9e:07:2b:65:21:
c7:67:6a:4c:83:66:bc:bf:a6:a3:45:f0:4c:53:d6:21:a1:bb:
02:11:67:b1:4a:54:12:fa:0a:16:91:8d:4d:7c:ca:b6:bb:34:
88:98:7a:6b:11:68:8f:d7:5d:cc:7a:91:c2:3c:df:7e:81:3e:
82:d3:0b:87:59:59:7a:ac:eb:25:ea:30:86:61:20:18:02:1b:
47:54:34:59:3f:6b:26:0e:f3:ab:3a:97:d4:e5:9c:ac:50:d8:
e0:aa:49:33:99:9f:97:67:cf:88:46:e8:44:e3:97:08:98:ea:
42:5a:c3:9a:f1:b0:da:64:96:81:fb:c6:a4:f1:43:c0:fb:75:
a7:67:4e:04:e9:20:94:26:6d:e8:49:4d:95:94:4c:78:60:1b:
04:d1:ee:87:7c:95:44:cb:ac:3e:10:66:4a:9e:cf:c7:05:76:
0d:b6:fb:b7
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNdIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
ODIyMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk5NzI5QTYxQTczNkJB
NDM5M0UwQkE2RjczOTE1QjM1MkYxRDk0NzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRRj2pK/roMJT+LGrQWASnIO6Z28amaYShz7Xw3F1vDoJRehlr
OJWPLc/f0iNhdrjlCakf+RiLqYWOUgSVZXdqgpxBwZo4doYDLgS/WRgSXujdM1/V
h03EAVeGd8ujdCeS9BpG0FVjhgfhCdLSeLi3ao4musftSexTU+GHw+wjIA99/bCO
iFN+PofdeQ54YJZOIQPlBEdYzNHVsXClU1qbV/RtAzwBfQ1NxcFEapoLBQrzBeua
y9+CLiaLcRUYDXysw9zCtGURLNYGRyGDUM3+AOEE2/gT05EzWvdffomOVFJfzLcq
/yda+FpeivmBEdbfm4LZ+bORYcQFM2xQw/R3AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUmXKaYac2ukOT4Lpvc5FbNS8dlHIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L21YS2FZYWMydWtPVDRM
cHZjNUZiTlM4ZGxISS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAYqNh84K5H4PmXxe6zFrcXw797tuj/pPv
6LzhayxXA/0yNNdXE3bjJjB8Hoj1pcbePC5FqjLW7XOOxRDGQDSZaP0sTKj0052z
GkGk5gxG+gOsyZRwmZ4HK2Uhx2dqTINmvL+mo0XwTFPWIaG7AhFnsUpUEvoKFpGN
TXzKtrs0iJh6axFoj9ddzHqRwjzffoE+gtMLh1lZeqzrJeowhmEgGAIbR1Q0WT9r
Jg7zqzqX1OWcrFDY4KpJM5mfl2fPiEboROOXCJjqQlrDmvGw2mSWgfvGpPFDwPt1
p2dOBOkglCZt6ElNlZRMeGAbBNHuh3yVRMusPhBmSp7PxwV2Dbb7tw==
-----END CERTIFICATE-----
Generated at Sun May 18 19:10:30 2025 by rpki-client