Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/t9i7Mdb1Pev4iPYinVMNNhiIfKg.roa
File: t9i7Mdb1Pev4iPYinVMNNhiIfKg.roa (raw, json)
Hash identifier: S7Q55Ck4QCuZ3iwdzs+Et9uH/GFhcxJyxwTCOewk9eY=
Subject key identifier: B7:D8:BB:31:D6:F5:3D:EB:F8:88:F6:22:9D:53:0D:36:18:88:7C:A8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 553E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/t9i7Mdb1Pev4iPYinVMNNhiIfKg.roa
Signing time: Sun 12 May 2024 05:54:04 +0000
ROA not before: Sun 12 May 2024 05:54:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21822 (0x553e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 05:54:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B7D8BB31D6F53DEBF888F6229D530D3618887CA8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:ed:5a:39:59:02:3c:96:ae:59:a1:a0:cb:75:
5e:d1:b7:7a:47:c4:87:82:9e:d7:0f:93:da:f8:56:
02:3d:de:46:1e:0e:76:51:94:6e:23:43:4f:16:09:
87:ef:35:b6:3e:8b:01:33:82:ba:7c:8d:58:26:ca:
b7:ef:05:f4:58:c4:a6:f2:1e:0c:e8:19:22:f9:ba:
9a:25:98:42:f7:bf:29:93:3d:00:22:db:c6:36:7e:
14:42:76:25:4b:97:9a:55:3f:18:b7:03:0e:da:27:
99:ff:e9:95:ce:cd:57:5c:aa:1d:7e:a0:56:7a:55:
7e:96:3b:93:55:5d:d3:6a:e4:e9:05:e3:b4:43:c8:
92:67:48:5a:89:b3:03:5a:8f:8f:be:e5:0c:61:2a:
a3:bd:36:81:43:4e:5b:2a:20:16:13:3d:a9:30:4f:
68:b3:de:35:19:6f:cf:ce:df:07:a9:86:e2:5a:e0:
d4:04:a6:72:d2:c3:ec:d3:49:00:fa:63:94:4e:84:
49:8b:6d:5d:c6:0e:74:7d:c9:11:2c:90:5f:df:f7:
87:f7:fa:81:09:2f:3a:fe:4c:10:2d:a7:3a:df:67:
22:04:cb:8f:28:7a:f6:c8:e2:b9:24:cd:12:76:1e:
db:89:1b:e9:70:23:20:f6:7b:4e:0f:f4:65:8b:7b:
64:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:D8:BB:31:D6:F5:3D:EB:F8:88:F6:22:9D:53:0D:36:18:88:7C:A8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/t9i7Mdb1Pev4iPYinVMNNhiIfKg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7b:7c:d9:dd:07:7c:7a:52:96:16:6f:3f:7b:f0:e4:47:e4:0c:
09:62:ec:91:4f:45:f4:55:e4:c2:59:ec:34:29:70:1b:0a:75:
32:2b:14:15:3a:dc:1b:9c:d7:9d:24:e6:98:6b:8f:2c:80:dd:
71:9a:42:30:dd:3d:03:4a:04:3f:67:57:01:80:d0:82:4f:7b:
70:5a:63:13:0f:e4:ad:24:78:c6:5c:4f:2e:16:34:64:53:13:
1c:5f:5e:7f:c5:69:b9:49:b7:3e:14:6e:ce:17:3c:c4:09:6b:
fc:de:01:bc:9d:f0:9a:19:e5:aa:2e:3a:7e:3a:d4:ee:30:75:
1f:ca:21:06:60:12:ae:84:16:d5:15:06:a8:4f:35:b1:71:a5:
7b:ff:2e:1f:5d:21:4c:da:6a:ca:c8:0a:50:96:de:1a:16:44:
d5:77:96:5c:9a:07:25:22:e4:c0:1a:8a:95:e7:6e:97:b9:82:
17:ea:96:a3:46:fc:ed:69:80:b1:80:69:27:fb:aa:92:6a:b6:
1c:8c:d5:dd:58:7c:56:cc:18:80:ef:d1:6c:8c:4d:5a:25:4a:
21:14:46:3e:4e:f1:a4:a5:62:ac:22:02:1e:61:13:e1:7d:14:
45:0b:be:02:7c:42:7a:9c:d1:74:9c:17:b9:57:24:62:45:f6:
b5:b6:d9:43
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVT4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIw
NTU0MDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI3RDhCQjMxRDZGNTNE
RUJGODg4RjYyMjlENTMwRDM2MTg4ODdDQTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC27Vo5WQI8lq5ZoaDLdV7Rt3pHxIeCntcPk9r4VgI93kYeDnZR
lG4jQ08WCYfvNbY+iwEzgrp8jVgmyrfvBfRYxKbyHgzoGSL5upolmEL3vymTPQAi
28Y2fhRCdiVLl5pVPxi3Aw7aJ5n/6ZXOzVdcqh1+oFZ6VX6WO5NVXdNq5OkF47RD
yJJnSFqJswNaj4++5QxhKqO9NoFDTlsqIBYTPakwT2iz3jUZb8/O3wephuJa4NQE
pnLSw+zTSQD6Y5ROhEmLbV3GDnR9yREskF/f94f3+oEJLzr+TBAtpzrfZyIEy48o
evbI4rkkzRJ2HtuJG+lwIyD2e04P9GWLe2RJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUt9i7Mdb1Pev4iPYinVMNNhiIfKgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3Q5aTdNZGIxUGV2NGlQ
WWluVk1OTmhpSWZLZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAe3zZ3Qd8elKWFm8/e/DkR+QMCWLskU9F
9FXkwlnsNClwGwp1MisUFTrcG5zXnSTmmGuPLIDdcZpCMN09A0oEP2dXAYDQgk97
cFpjEw/krSR4xlxPLhY0ZFMTHF9ef8VpuUm3PhRuzhc8xAlr/N4BvJ3wmhnlqi46
fjrU7jB1H8ohBmASroQW1RUGqE81sXGle/8uH10hTNpqysgKUJbeGhZE1XeWXJoH
JSLkwBqKledul7mCF+qWo0b87WmAsYBpJ/uqkmq2HIzV3Vh8VswYgO/RbIxNWiVK
IRRGPk7xpKVirCICHmET4X0URQu+AnxCepzRdJwXuVckYkX2tbbZQw==
-----END CERTIFICATE-----
Generated at Sun May 18 04:51:52 2025 by rpki-client