Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nNbFlmR58gJO05q7neoLg7UU3ro.roa
File: nNbFlmR58gJO05q7neoLg7UU3ro.roa (raw, json)
Hash identifier: 8ok06h5O2E484XcNgADb1jj6Nh45SOnkvyGrQIonRpg=
Subject key identifier: 9C:D6:C5:96:64:79:F2:02:4E:D3:9A:BB:9D:EA:0B:83:B5:14:DE:BA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57E6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nNbFlmR58gJO05q7neoLg7UU3ro.roa
Signing time: Wed 15 May 2024 18:54:22 +0000
ROA not before: Wed 15 May 2024 18:54:22 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22502 (0x57e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 18:54:22 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9CD6C5966479F2024ED39ABB9DEA0B83B514DEBA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:29:7a:44:bc:30:4c:fc:30:5c:d9:cd:65:cf:
0b:89:3d:17:db:20:fd:06:2d:44:0e:6b:4a:6e:e4:
e8:d5:0c:44:f1:86:be:be:d1:37:1d:2c:be:42:32:
d0:3b:65:6c:e6:78:73:d9:fc:34:0f:c0:18:fa:39:
28:4c:ff:73:c9:48:18:30:8a:41:fc:a4:08:38:34:
26:93:0d:5a:a6:2c:c9:8d:96:22:24:98:2d:2e:95:
b0:aa:a7:9b:69:c8:cd:e5:54:ba:b9:6c:e2:7a:8d:
fa:35:f1:b1:c5:ae:d1:00:06:e9:12:0d:6d:65:97:
9f:fc:26:54:fc:d3:a2:e3:75:bf:b2:e8:81:38:54:
08:df:80:32:d6:74:f1:bc:f8:b9:22:20:8e:9e:a1:
2d:d2:4d:8e:f2:a6:fa:bf:f0:dc:eb:66:aa:39:2e:
47:22:2e:b1:16:fd:2c:87:88:54:fd:79:ca:35:26:
d7:0e:81:36:c5:81:89:ee:73:f1:9f:59:25:2e:5f:
6e:8c:54:24:db:e1:5f:3b:36:9a:ba:6f:6d:b9:f2:
ac:b1:05:cb:ec:ed:03:fa:9a:ea:70:b1:a7:df:22:
f2:11:a3:a7:a1:61:16:9d:81:dd:17:07:98:2b:29:
e0:f1:09:e5:ba:e8:89:b7:1c:dc:8e:17:6d:ca:48:
3d:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:D6:C5:96:64:79:F2:02:4E:D3:9A:BB:9D:EA:0B:83:B5:14:DE:BA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nNbFlmR58gJO05q7neoLg7UU3ro.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
78:3a:53:40:d5:7f:67:dc:b7:35:5e:99:72:e0:21:42:ee:94:
56:19:a6:2e:5d:a5:3a:2d:be:c3:c8:21:4f:d2:95:bd:6e:4e:
ec:84:48:c1:0b:f1:cd:a0:ea:64:17:96:4f:f0:08:39:23:6d:
f6:a8:76:52:5d:5b:25:ce:70:9b:8a:c7:7e:ee:ab:a7:3c:ce:
bb:95:25:e0:c8:5a:ff:0d:1f:81:9d:cf:cf:72:78:06:64:39:
a4:41:d6:39:f6:16:b7:86:ff:a4:45:5b:62:15:96:9a:e9:36:
62:1b:ca:90:b8:1a:9f:9a:65:d6:fb:d5:6e:6d:2d:6d:bd:4e:
10:89:76:57:11:32:d3:c1:57:f0:a6:e0:23:bb:6b:ec:cf:b1:
eb:ef:38:17:c1:e1:20:d2:72:5f:3c:da:73:eb:4d:2e:c8:96:
e5:cb:ee:0d:e1:13:1d:d4:44:84:74:8b:f1:2c:47:a5:a4:93:
b7:cb:98:b8:dc:a5:05:34:0f:b9:d4:c0:cb:08:7f:f1:05:4e:
c8:a6:50:44:cf:37:3f:39:84:01:c5:8a:79:82:70:14:f2:f0:
69:fa:fa:7e:79:1f:c5:e3:d0:c0:80:02:f4:17:43:a5:81:87:
b7:19:4d:56:dd:88:f7:92:64:b2:8a:03:4f:56:64:4c:37:6d:
6e:8a:c5:39
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICV+YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUx
ODU0MjJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlDRDZDNTk2NjQ3OUYy
MDI0RUQzOUFCQjlERUEwQjgzQjUxNERFQkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrKXpEvDBM/DBc2c1lzwuJPRfbIP0GLUQOa0pu5OjVDETxhr6+
0TcdLL5CMtA7ZWzmeHPZ/DQPwBj6OShM/3PJSBgwikH8pAg4NCaTDVqmLMmNliIk
mC0ulbCqp5tpyM3lVLq5bOJ6jfo18bHFrtEABukSDW1ll5/8JlT806Ljdb+y6IE4
VAjfgDLWdPG8+LkiII6eoS3STY7ypvq/8NzrZqo5LkciLrEW/SyHiFT9eco1JtcO
gTbFgYnuc/GfWSUuX26MVCTb4V87Npq6b2258qyxBcvs7QP6mupwsaffIvIRo6eh
YRadgd0XB5grKeDxCeW66Im3HNyOF23KSD3hAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUnNbFlmR58gJO05q7neoLg7UU3rowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25OYkZsbVI1OGdKTzA1
cTduZW9MZzdVVTNyby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAeDpTQNV/Z9y3NV6ZcuAhQu6UVhmmLl2l
Oi2+w8ghT9KVvW5O7IRIwQvxzaDqZBeWT/AIOSNt9qh2Ul1bJc5wm4rHfu6rpzzO
u5Ul4Mha/w0fgZ3Pz3J4BmQ5pEHWOfYWt4b/pEVbYhWWmuk2YhvKkLgan5pl1vvV
bm0tbb1OEIl2VxEy08FX8KbgI7tr7M+x6+84F8HhINJyXzzac+tNLsiW5cvuDeET
HdREhHSL8SxHpaSTt8uYuNylBTQPudTAywh/8QVOyKZQRM83PzmEAcWKeYJwFPLw
afr6fnkfxePQwIAC9BdDpYGHtxlNVt2I95JksooDT1ZkTDdtborFOQ==
-----END CERTIFICATE-----
Generated at Sun May 18 04:49:44 2025 by rpki-client