Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/pqkxVSw8yTWUOKJ2PmjnV_22OdM.roa
File: pqkxVSw8yTWUOKJ2PmjnV_22OdM.roa (raw, json)
Hash identifier: nzva9faSuQI4sv5zisv+JkJyNCFzJ4MKrq8fVdqgDBA=
Subject key identifier: A6:A9:31:55:2C:3C:C9:35:94:38:A2:76:3E:68:E7:57:FD:B6:39:D3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 429E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pqkxVSw8yTWUOKJ2PmjnV_22OdM.roa
Signing time: Wed 17 Apr 2024 09:53:00 +0000
ROA not before: Wed 17 Apr 2024 09:53:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17054 (0x429e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 09:53:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A6A931552C3CC9359438A2763E68E757FDB639D3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:cf:06:f9:0f:0c:b0:73:ca:0e:f1:af:24:d1:
bc:06:69:91:1d:fc:d4:3d:6f:cd:5e:80:06:fc:fa:
79:9f:b3:dd:f6:da:13:ee:2b:fa:8f:57:f1:b3:ba:
d0:10:dd:8b:4b:b8:79:2a:47:9d:1b:6d:f4:45:e7:
86:9d:c7:06:be:d3:5a:f8:d5:67:0f:63:69:df:50:
dd:1f:e1:46:24:57:fc:f8:83:fc:44:ee:da:c0:d3:
8e:95:f8:9c:24:a7:b1:cf:51:af:01:2b:a5:f8:3f:
5a:ed:9f:9e:67:0f:ff:51:c1:aa:59:7b:5a:e6:0a:
3b:ed:a5:57:51:50:1c:2e:e9:96:5a:ad:61:b4:b3:
f8:e3:a2:e0:83:ff:f0:34:9e:f3:70:1a:4b:36:04:
c0:e6:27:ab:93:be:78:1e:da:74:7f:79:0a:0c:5e:
65:9a:fc:54:43:4c:3a:83:fa:3b:31:a6:1f:29:da:
92:18:33:76:42:d7:0d:ce:e7:8e:62:27:d7:30:06:
a3:ea:47:41:c1:b5:d2:cc:0d:e8:b9:35:06:ea:45:
11:87:d6:f8:f9:7e:2e:83:b0:79:77:58:ee:ca:7b:
d8:65:4b:11:56:9a:56:ef:28:3a:0a:7f:bc:1b:a1:
2f:52:65:6e:84:9f:6d:ee:76:02:ba:da:0a:8c:82:
ef:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:A9:31:55:2C:3C:C9:35:94:38:A2:76:3E:68:E7:57:FD:B6:39:D3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pqkxVSw8yTWUOKJ2PmjnV_22OdM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
67:61:dc:c6:e2:4e:aa:1a:e1:f6:ad:83:c7:04:cc:9f:70:a8:
ff:d1:c8:be:69:49:42:7e:7a:68:2c:75:2e:50:51:d5:1e:3a:
1b:02:dd:bf:89:16:02:36:0a:9e:10:8c:dd:db:33:00:5b:1c:
9a:af:eb:1a:81:c8:1d:ae:32:ed:dd:04:53:ed:0e:46:0f:17:
d1:96:65:19:09:22:6e:d0:23:7e:f2:6a:5e:d6:93:57:6d:2b:
59:2b:cd:a9:df:55:cd:6c:b9:00:56:72:69:32:29:47:ac:48:
7c:c3:e0:5e:c7:aa:c5:7f:77:a2:10:73:b6:06:93:b8:ed:6c:
38:3e:3b:43:68:fb:ae:27:5a:76:84:b5:47:2a:b9:4e:a0:19:
d5:14:88:57:18:ca:ac:46:30:38:ff:19:7c:79:26:d4:3b:fb:
e7:45:c0:6d:42:ee:23:2e:69:7d:65:79:51:34:27:cc:13:40:
32:dd:7b:d7:d6:0b:de:b2:ee:1b:86:16:84:9b:30:85:bb:4c:
55:ba:6e:eb:69:77:be:fd:65:78:28:18:52:61:4f:af:ee:30:
0f:85:6b:23:fe:9d:f1:73:a2:e0:c9:ce:62:ba:e6:98:32:e8:
24:81:f1:a4:21:e6:43:d5:67:8a:30:c1:e0:09:45:69:d2:54:
2b:68:19:5b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQp4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcw
OTUzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE2QTkzMTU1MkMzQ0M5
MzU5NDM4QTI3NjNFNjhFNzU3RkRCNjM5RDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCzwb5Dwywc8oO8a8k0bwGaZEd/NQ9b81egAb8+nmfs9322hPu
K/qPV/GzutAQ3YtLuHkqR50bbfRF54adxwa+01r41WcPY2nfUN0f4UYkV/z4g/xE
7trA046V+Jwkp7HPUa8BK6X4P1rtn55nD/9RwapZe1rmCjvtpVdRUBwu6ZZarWG0
s/jjouCD//A0nvNwGks2BMDmJ6uTvnge2nR/eQoMXmWa/FRDTDqD+jsxph8p2pIY
M3ZC1w3O545iJ9cwBqPqR0HBtdLMDei5NQbqRRGH1vj5fi6DsHl3WO7Ke9hlSxFW
mlbvKDoKf7wboS9SZW6En23udgK62gqMgu9tAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUpqkxVSw8yTWUOKJ2PmjnV/22OdMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3Bxa3hWU3c4eVRXVU9L
SjJQbWpuVl8yMk9kTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAZ2HcxuJOqhrh9q2DxwTMn3Co/9HIvmlJ
Qn56aCx1LlBR1R46GwLdv4kWAjYKnhCM3dszAFscmq/rGoHIHa4y7d0EU+0ORg8X
0ZZlGQkibtAjfvJqXtaTV20rWSvNqd9VzWy5AFZyaTIpR6xIfMPgXseqxX93ohBz
tgaTuO1sOD47Q2j7ridadoS1Ryq5TqAZ1RSIVxjKrEYwOP8ZfHkm1Dv750XAbULu
Iy5pfWV5UTQnzBNAMt1719YL3rLuG4YWhJswhbtMVbpu62l3vv1leCgYUmFPr+4w
D4VrI/6d8XOi4MnOYrrmmDLoJIHxpCHmQ9VnijDB4AlFadJUK2gZWw==
-----END CERTIFICATE-----
Generated at Sat May 17 21:14:15 2025 by rpki-client