Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/opfVaTePu4sf2fSfYInxvUYYiTA.roa
File: opfVaTePu4sf2fSfYInxvUYYiTA.roa (raw, json)
Hash identifier: C6PrYCbKS3LWMez2sDWQYhQwBKRIv5QhAIr8rIz0KNQ=
Subject key identifier: A2:97:D5:69:37:8F:BB:8B:1F:D9:F4:9F:60:89:F1:BD:46:18:89:30
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35B2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/opfVaTePu4sf2fSfYInxvUYYiTA.roa
Signing time: Sun 31 Mar 2024 04:22:10 +0000
ROA not before: Sun 31 Mar 2024 04:22:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13746 (0x35b2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 04:22:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A297D569378FBB8B1FD9F49F6089F1BD46188930
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:bd:8f:2b:e7:00:6c:fe:45:3d:3f:28:52:92:
64:32:23:93:f7:90:a1:fb:f9:1f:ee:18:8f:62:c5:
0f:1c:59:2a:61:3b:49:5c:44:de:23:5a:b8:4d:73:
d8:72:24:a3:9c:87:60:ee:80:e3:70:2a:ec:93:45:
56:4a:5e:b4:fd:4c:8b:76:da:40:1c:ef:3b:69:34:
41:62:19:10:b7:ee:81:d7:5e:ff:c7:8d:04:a2:6e:
5a:95:c3:0f:75:16:14:ed:09:11:7a:93:21:46:73:
7b:a5:20:a2:f5:42:54:23:0d:d1:e8:aa:f9:66:2f:
db:ef:17:b6:99:0b:0d:a9:3e:00:7d:73:ad:47:31:
00:7a:c3:31:c6:fc:28:67:5c:27:a6:97:ff:18:04:
93:95:30:1f:bc:ac:83:3a:cd:09:90:de:02:aa:7c:
85:22:12:a5:f3:81:b1:ed:00:be:a2:10:8f:73:89:
81:b4:9e:f0:73:64:0f:f5:64:fa:7c:8a:2d:cf:03:
07:8e:55:e6:76:4c:b9:7b:0c:39:25:7c:b3:b3:98:
9a:9f:13:d0:f2:fa:fc:04:53:64:80:2d:cd:9a:d0:
98:08:84:a8:20:ff:50:31:bb:0d:9b:c7:92:d5:77:
08:67:c1:d8:2d:8c:f5:ce:98:63:83:80:76:99:83:
22:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:97:D5:69:37:8F:BB:8B:1F:D9:F4:9F:60:89:F1:BD:46:18:89:30
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/opfVaTePu4sf2fSfYInxvUYYiTA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
78:d4:e6:7a:95:01:83:35:e1:60:ac:10:33:de:31:42:3c:76:
fa:64:3c:b2:a2:18:d0:fb:02:78:f6:60:38:2e:be:9f:f6:bd:
52:79:73:40:36:16:60:ae:48:2a:c8:6b:6f:e2:fb:01:b6:e8:
b0:2c:6d:7f:d5:14:47:24:f4:fd:fa:a5:4e:86:43:84:a2:74:
42:0a:49:8f:d9:c6:8e:5d:30:90:c6:94:14:81:48:41:23:21:
fd:fd:bd:a8:b8:98:94:7c:29:d7:95:fe:08:13:49:89:d4:db:
13:da:e0:b3:73:51:bc:bc:25:02:c4:0c:8d:c9:3b:d5:01:13:
bf:0c:02:da:79:c1:73:d4:a3:46:fe:83:d7:9a:4c:4a:bd:e8:
2b:d6:6e:41:d3:2c:27:f3:9f:5c:8b:f3:29:fc:4d:dd:d2:19:
0d:c1:72:7d:b5:b3:1a:1e:99:2d:20:8d:6a:7d:76:a6:1a:4a:
65:61:59:df:55:a5:b0:6f:76:db:35:16:1c:31:7d:9d:38:0f:
25:9b:81:6c:25:82:a0:ca:a9:56:c2:f3:35:4a:16:3c:4a:0c:
32:45:fb:19:64:38:66:c5:82:84:57:d9:35:c3:52:88:c5:4b:
13:44:18:a6:b8:2b:33:7b:26:2c:c6:1d:05:9f:cf:80:82:d2:
de:b9:f1:58
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNbIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
NDIyMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEyOTdENTY5Mzc4RkJC
OEIxRkQ5RjQ5RjYwODlGMUJENDYxODg5MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0vY8r5wBs/kU9PyhSkmQyI5P3kKH7+R/uGI9ixQ8cWSphO0lc
RN4jWrhNc9hyJKOch2DugONwKuyTRVZKXrT9TIt22kAc7ztpNEFiGRC37oHXXv/H
jQSiblqVww91FhTtCRF6kyFGc3ulIKL1QlQjDdHoqvlmL9vvF7aZCw2pPgB9c61H
MQB6wzHG/ChnXCeml/8YBJOVMB+8rIM6zQmQ3gKqfIUiEqXzgbHtAL6iEI9ziYG0
nvBzZA/1ZPp8ii3PAweOVeZ2TLl7DDklfLOzmJqfE9Dy+vwEU2SALc2a0JgIhKgg
/1Axuw2bx5LVdwhnwdgtjPXOmGODgHaZgyKBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUopfVaTePu4sf2fSfYInxvUYYiTAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29wZlZhVGVQdTRzZjJm
U2ZZSW54dlVZWWlUQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAeNTmepUBgzXhYKwQM94xQjx2+mQ8sqIY
0PsCePZgOC6+n/a9UnlzQDYWYK5IKshrb+L7AbbosCxtf9UURyT0/fqlToZDhKJ0
QgpJj9nGjl0wkMaUFIFIQSMh/f29qLiYlHwp15X+CBNJidTbE9rgs3NRvLwlAsQM
jck71QETvwwC2nnBc9SjRv6D15pMSr3oK9ZuQdMsJ/OfXIvzKfxN3dIZDcFyfbWz
Gh6ZLSCNan12phpKZWFZ31WlsG922zUWHDF9nTgPJZuBbCWCoMqpVsLzNUoWPEoM
MkX7GWQ4ZsWChFfZNcNSiMVLE0QYprgrM3smLMYdBZ/PgILS3rnxWA==
-----END CERTIFICATE-----
Generated at Sun May 18 01:58:32 2025 by rpki-client