Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rxwDgAF3J9hPwIguIffOdikAoRs.roa
File: rxwDgAF3J9hPwIguIffOdikAoRs.roa (raw, json)
Hash identifier: Mp+mieGI1owkvXgxgKT9um45GwNhe/Eav2t9pX0ueTE=
Subject key identifier: AF:1C:03:80:01:77:27:D8:4F:C0:88:2E:21:F7:CE:76:29:00:A1:1B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C42
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rxwDgAF3J9hPwIguIffOdikAoRs.roa
Signing time: Mon 08 Apr 2024 22:22:36 +0000
ROA not before: Mon 08 Apr 2024 22:22:36 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15426 (0x3c42)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 22:22:36 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AF1C0380017727D84FC0882E21F7CE762900A11B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:34:a0:42:02:81:11:b7:d4:df:f0:1a:f0:08:
6b:6a:6f:48:9a:52:1c:45:06:27:9c:e1:0d:68:81:
63:5a:6f:47:76:5e:20:b1:06:64:73:e0:f2:ff:06:
64:7f:70:e7:ef:10:97:d2:c1:2b:38:4a:02:42:78:
f3:26:de:c3:dc:e0:c3:ae:5c:c2:6b:dc:4a:df:10:
9e:e7:0c:44:2f:9b:84:c5:07:49:98:63:51:41:29:
62:4d:22:fe:0e:4b:15:e9:51:bd:33:ee:8b:50:0d:
45:89:42:91:29:48:d8:61:ca:67:05:4e:02:64:d3:
87:33:4c:cb:25:96:5b:11:5d:98:47:63:ec:04:70:
90:e1:b0:16:ef:51:48:b1:a5:8b:5e:8e:44:36:19:
0a:de:d4:2f:94:b5:3a:c9:b5:ea:a6:17:27:76:16:
57:40:2c:61:bb:05:d4:d4:91:5b:8f:70:d6:a0:1e:
79:9a:bd:bb:40:9e:d3:c3:01:19:87:85:c2:1d:82:
b3:37:1c:8b:b1:9c:a9:23:f4:f0:c1:12:8f:2f:ef:
a5:73:38:67:ab:ed:b0:82:80:64:9e:e9:0b:6e:72:
95:23:49:cc:6c:6f:21:75:f0:56:8c:77:61:b0:e4:
9a:88:f8:32:1a:ba:b4:7f:5e:16:8b:53:74:57:ca:
dc:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:1C:03:80:01:77:27:D8:4F:C0:88:2E:21:F7:CE:76:29:00:A1:1B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rxwDgAF3J9hPwIguIffOdikAoRs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
82:c0:df:27:54:8a:3d:ea:8d:bb:27:20:d7:f8:75:59:ad:29:
eb:1f:c9:b5:ad:c6:1e:eb:89:85:17:85:d6:d9:eb:ac:99:3c:
e6:88:fa:43:0c:17:57:63:49:58:ef:71:3c:a4:2a:d8:5c:25:
2e:b2:42:c0:a6:be:95:9d:bc:72:f8:21:f6:c1:1b:2f:a4:d6:
10:fb:e9:98:64:96:7d:c9:d2:48:d2:66:ba:a9:0c:13:e6:1c:
16:53:22:fe:1e:68:ff:60:c4:c8:6e:87:2d:58:04:38:01:e9:
53:ec:c4:58:94:95:13:5e:31:33:b2:97:fb:b1:0b:59:f4:ca:
89:71:ec:86:0a:cb:0e:a8:41:66:8d:b5:6f:47:9c:a0:02:d8:
a8:58:2a:c0:c8:41:1e:83:61:59:5a:28:f5:53:ec:39:37:e8:
b5:e0:8e:36:4c:31:d6:61:1c:07:ba:c4:b9:af:35:0a:98:8e:
cf:7b:6b:a0:7a:5a:3c:cb:c1:c9:09:ca:c1:7e:60:40:75:a0:
d2:4f:0a:ab:c1:86:42:06:25:42:04:ab:3b:58:3a:d8:6c:e8:
a6:0a:75:25:c1:82:28:11:08:6a:4a:93:de:e1:ff:9b:38:76:
a0:02:5e:9a:6c:22:d9:cf:9a:7f:a1:2c:42:49:7b:d4:5c:2c:
ed:0e:46:30
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPEIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgy
MjIyMzZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFGMUMwMzgwMDE3NzI3
RDg0RkMwODgyRTIxRjdDRTc2MjkwMEExMUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWNKBCAoERt9Tf8BrwCGtqb0iaUhxFBiec4Q1ogWNab0d2XiCx
BmRz4PL/BmR/cOfvEJfSwSs4SgJCePMm3sPc4MOuXMJr3ErfEJ7nDEQvm4TFB0mY
Y1FBKWJNIv4OSxXpUb0z7otQDUWJQpEpSNhhymcFTgJk04czTMslllsRXZhHY+wE
cJDhsBbvUUixpYtejkQ2GQre1C+UtTrJteqmFyd2FldALGG7BdTUkVuPcNagHnma
vbtAntPDARmHhcIdgrM3HIuxnKkj9PDBEo8v76VzOGer7bCCgGSe6QtucpUjScxs
byF18FaMd2Gw5JqI+DIaurR/XhaLU3RXytxRAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUrxwDgAF3J9hPwIguIffOdikAoRswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3J4d0RnQUYzSjloUHdJ
Z3VJZmZPZGlrQW9Scy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAgsDfJ1SKPeqNuycg1/h1Wa0p6x/Jta3G
HuuJhReF1tnrrJk85oj6QwwXV2NJWO9xPKQq2FwlLrJCwKa+lZ28cvgh9sEbL6TW
EPvpmGSWfcnSSNJmuqkME+YcFlMi/h5o/2DEyG6HLVgEOAHpU+zEWJSVE14xM7KX
+7ELWfTKiXHshgrLDqhBZo21b0ecoALYqFgqwMhBHoNhWVoo9VPsOTfoteCONkwx
1mEcB7rEua81CpiOz3troHpaPMvByQnKwX5gQHWg0k8Kq8GGQgYlQgSrO1g62Gzo
pgp1JcGCKBEIakqT3uH/mzh2oAJemmwi2c+af6EsQkl71Fws7Q5GMA==
-----END CERTIFICATE-----
Generated at Sat May 17 23:46:44 2025 by rpki-client