Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rbaC_alZEYI02ZE8OL7f87jxVVU.roa
File: rbaC_alZEYI02ZE8OL7f87jxVVU.roa (raw, json)
Hash identifier: 1hbTSiC6e1wjK9WwzC90jW5kO6zclWfuU1G0Ful3ZSg=
Subject key identifier: AD:B6:82:FD:A9:59:11:82:34:D9:91:3C:38:BE:DF:F3:B8:F1:55:55
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5746
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rbaC_alZEYI02ZE8OL7f87jxVVU.roa
Signing time: Tue 14 May 2024 22:54:10 +0000
ROA not before: Tue 14 May 2024 22:54:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22342 (0x5746)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 22:54:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ADB682FDA959118234D9913C38BEDFF3B8F15555
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:c5:c9:d9:2b:44:04:77:ba:03:85:9a:a7:98:
4b:fe:a7:ed:16:71:03:a9:04:fb:bc:3d:90:cd:18:
3d:b4:8f:ff:46:52:ef:72:c5:7f:a2:4e:2e:44:cb:
f3:60:1b:3a:c1:0e:98:30:2f:e1:30:bb:ed:8b:00:
9b:3e:14:e1:49:cb:85:49:0c:09:33:b6:20:73:a4:
6a:e1:14:d6:d9:1e:b3:02:0f:35:22:6c:37:07:e7:
1f:46:fc:2b:46:17:64:f1:f9:69:4b:47:21:11:99:
b8:f2:52:cc:12:87:4b:d1:00:21:60:a9:79:9a:36:
b0:f6:ed:59:d7:1b:c1:0f:c8:8f:35:55:ef:2c:be:
7e:80:18:ed:2f:12:ea:e4:fc:09:c2:75:52:76:3f:
bb:22:1f:80:95:f5:d3:31:06:52:4f:96:99:8a:ff:
5b:32:af:bc:a3:79:54:1f:e7:ce:cc:d2:95:6b:cc:
bb:89:ab:f2:e4:6d:fa:d0:00:aa:f7:85:7e:c5:ae:
a2:2c:40:8d:cb:f7:dc:2d:ce:01:8e:93:3a:47:55:
4d:f6:90:eb:a3:29:36:17:ee:55:ef:e6:2c:57:fe:
86:af:c5:c1:78:72:75:dc:3f:d6:9c:60:e1:6c:a3:
68:32:4c:4d:52:fd:a2:80:7a:f9:55:4b:08:b5:08:
b7:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:B6:82:FD:A9:59:11:82:34:D9:91:3C:38:BE:DF:F3:B8:F1:55:55
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rbaC_alZEYI02ZE8OL7f87jxVVU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
38:50:92:03:41:78:ad:68:a9:8e:5e:62:34:00:56:64:4f:37:
22:e4:11:54:5e:5a:ab:2d:83:3a:dc:80:7a:b3:98:c4:6d:2d:
02:36:48:f6:4a:92:de:b9:6d:98:a0:e9:aa:95:dd:6d:6d:1d:
f5:16:2a:06:d5:72:6e:0a:95:02:28:8b:97:e3:9e:b1:21:d1:
4c:b2:c9:b7:09:da:55:1a:a9:8e:58:3d:3d:3d:23:c4:b4:55:
7d:71:3f:35:b8:92:92:43:ab:3a:e3:6c:16:fc:83:70:ce:2d:
a8:7b:2b:ea:57:e5:68:b6:a2:18:02:5b:20:ad:61:12:33:1a:
a7:bb:d7:f8:65:b1:01:83:4b:c8:b4:29:7c:02:53:0c:08:27:
7b:d5:38:ce:35:39:5b:01:30:a8:1b:5c:f0:06:2a:c8:98:7e:
c2:17:7d:0c:d9:51:ee:e9:46:73:34:a4:65:37:18:09:20:5f:
9c:f0:02:16:a9:10:1b:d4:e8:ad:5c:17:f8:01:43:56:dd:e5:
8e:ce:bb:b9:fb:54:04:11:56:d2:6a:73:2d:f1:1c:af:70:90:
37:1b:93:1e:dc:4e:af:d7:72:9e:b4:fd:1c:71:82:b5:60:87:
2a:6b:f3:c9:86:3f:9a:31:02:c8:a5:f0:2c:c1:f6:e9:b2:60:
8e:c8:c0:0c
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICV0YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQy
MjU0MTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFEQjY4MkZEQTk1OTEx
ODIzNEQ5OTEzQzM4QkVERkYzQjhGMTU1NTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8xcnZK0QEd7oDhZqnmEv+p+0WcQOpBPu8PZDNGD20j/9GUu9y
xX+iTi5Ey/NgGzrBDpgwL+Ewu+2LAJs+FOFJy4VJDAkztiBzpGrhFNbZHrMCDzUi
bDcH5x9G/CtGF2Tx+WlLRyERmbjyUswSh0vRACFgqXmaNrD27VnXG8EPyI81Ve8s
vn6AGO0vEurk/AnCdVJ2P7siH4CV9dMxBlJPlpmK/1syr7yjeVQf587M0pVrzLuJ
q/LkbfrQAKr3hX7FrqIsQI3L99wtzgGOkzpHVU32kOujKTYX7lXv5ixX/oavxcF4
cnXcP9acYOFso2gyTE1S/aKAevlVSwi1CLclAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUrbaC/alZEYI02ZE8OL7f87jxVVUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JiYUNfYWxaRVlJMDJa
RThPTDdmODdqeFZWVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAOFCSA0F4rWipjl5iNABWZE83IuQRVF5a
qy2DOtyAerOYxG0tAjZI9kqS3rltmKDpqpXdbW0d9RYqBtVybgqVAiiLl+OesSHR
TLLJtwnaVRqpjlg9PT0jxLRVfXE/NbiSkkOrOuNsFvyDcM4tqHsr6lflaLaiGAJb
IK1hEjMap7vX+GWxAYNLyLQpfAJTDAgne9U4zjU5WwEwqBtc8AYqyJh+whd9DNlR
7ulGczSkZTcYCSBfnPACFqkQG9TorVwX+AFDVt3ljs67uftUBBFW0mpzLfEcr3CQ
NxuTHtxOr9dynrT9HHGCtWCHKmvzyYY/mjECyKXwLMH26bJgjsjADA==
-----END CERTIFICATE-----
Generated at Sat May 17 19:52:39 2025 by rpki-client