Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tUqziELGV_axUvEDaaZZkM1gbrE.roa
File: tUqziELGV_axUvEDaaZZkM1gbrE.roa (raw, json)
Hash identifier: nhbxSa7rqd0t7PrVQQLr8UF7wEN1jTM8iY5Nsr7B0hM=
Subject key identifier: B5:4A:B3:88:42:C6:57:F6:B1:52:F1:03:69:A6:59:90:CD:60:6E:B1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DA2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tUqziELGV_axUvEDaaZZkM1gbrE.roa
Signing time: Thu 02 May 2024 02:23:40 +0000
ROA not before: Thu 02 May 2024 02:23:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19874 (0x4da2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 02:23:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B54AB38842C657F6B152F10369A65990CD606EB1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:8b:e4:c5:a6:15:b1:47:85:f5:e7:78:80:53:
f4:a8:5d:86:ea:e3:7c:bb:b2:11:48:48:40:10:15:
7b:ed:34:7d:08:bd:91:c5:eb:15:d7:5d:47:7e:4c:
b2:0d:e2:f5:5c:a9:5e:d0:1c:bd:59:15:ab:08:40:
da:02:66:4e:07:56:dd:bd:9b:26:7b:69:d8:87:92:
ae:bf:04:ca:45:ad:d0:fb:2c:61:0c:9f:f5:ac:47:
99:d4:00:5e:b3:16:08:6f:57:23:ee:80:b2:77:ae:
9a:f0:28:ea:e6:0b:d5:52:c6:d4:ad:4f:73:0e:b9:
b2:4e:0b:ca:6c:de:03:c2:54:11:44:80:01:fc:c8:
95:a9:fd:90:14:08:4f:c0:d8:5f:4c:44:49:3c:3c:
5f:2d:78:01:29:5d:bc:96:b6:44:67:e5:bf:87:21:
f8:b4:b5:52:96:28:23:f7:db:7e:8d:3b:b2:31:25:
f5:e6:7c:b7:85:69:28:69:b9:69:18:84:f3:23:b1:
84:90:61:9b:36:10:9e:73:4f:a7:57:db:ed:62:d5:
b0:5a:75:9c:19:5c:85:d2:20:4d:c6:32:b4:7c:c2:
eb:0d:3c:0a:2f:4d:6c:9d:fa:08:78:be:73:06:47:
f6:7c:1e:3d:3b:49:de:a1:3b:b1:83:58:89:a9:09:
49:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:4A:B3:88:42:C6:57:F6:B1:52:F1:03:69:A6:59:90:CD:60:6E:B1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tUqziELGV_axUvEDaaZZkM1gbrE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
96:80:ad:cc:cd:6d:92:8f:98:79:e5:9c:e9:6f:92:43:e6:84:
81:42:e6:ec:46:6b:07:5f:89:9c:c7:f3:1d:2c:33:38:e5:98:
a0:e7:9d:d5:be:78:19:86:09:49:44:bd:c5:17:26:62:02:36:
70:d2:f5:9a:0a:06:0d:bb:b7:4a:a7:92:45:fa:89:9d:2e:53:
1f:ae:6c:a8:d5:01:ed:23:2d:4e:f4:30:41:6f:1f:89:0e:1a:
42:d0:5e:18:f2:44:49:c2:c4:c1:a6:97:9f:0b:68:a3:5f:5a:
08:f4:25:b3:43:4b:de:98:71:39:51:8c:69:6f:43:b4:ea:93:
ce:4b:96:76:ec:47:67:40:76:12:69:38:1b:7c:51:20:75:98:
ad:22:b3:7f:dd:78:b2:56:56:3e:db:19:b4:b7:14:5d:bb:52:
a0:66:0c:16:4a:c3:14:df:36:0f:be:04:7b:ca:0a:18:35:13:
df:89:6e:72:f6:63:77:0c:ed:fd:0c:a1:f3:38:81:82:f0:22:
65:5b:02:7a:a1:79:20:af:44:a4:00:b0:c6:e5:79:5c:f0:c8:
39:eb:59:8f:7b:75:11:8d:a7:51:70:df:b7:d5:1d:bf:f6:8d:
bc:30:f4:16:00:a7:67:2f:00:8e:f0:eb:9e:ef:79:28:7f:05:
55:75:0e:d6
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTaIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
MjIzNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI1NEFCMzg4NDJDNjU3
RjZCMTUyRjEwMzY5QTY1OTkwQ0Q2MDZFQjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoi+TFphWxR4X153iAU/SoXYbq43y7shFISEAQFXvtNH0IvZHF
6xXXXUd+TLIN4vVcqV7QHL1ZFasIQNoCZk4HVt29myZ7adiHkq6/BMpFrdD7LGEM
n/WsR5nUAF6zFghvVyPugLJ3rprwKOrmC9VSxtStT3MOubJOC8ps3gPCVBFEgAH8
yJWp/ZAUCE/A2F9MREk8PF8teAEpXbyWtkRn5b+HIfi0tVKWKCP3236NO7IxJfXm
fLeFaShpuWkYhPMjsYSQYZs2EJ5zT6dX2+1i1bBadZwZXIXSIE3GMrR8wusNPAov
TWyd+gh4vnMGR/Z8Hj07Sd6hO7GDWImpCUkJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUtUqziELGV/axUvEDaaZZkM1gbrEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RVcXppRUxHVl9heFV2
RURhYVpaa00xZ2JyRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAloCtzM1tko+YeeWc6W+SQ+aEgULm7EZr
B1+JnMfzHSwzOOWYoOed1b54GYYJSUS9xRcmYgI2cNL1mgoGDbu3SqeSRfqJnS5T
H65sqNUB7SMtTvQwQW8fiQ4aQtBeGPJEScLEwaaXnwtoo19aCPQls0NL3phxOVGM
aW9DtOqTzkuWduxHZ0B2Emk4G3xRIHWYrSKzf914slZWPtsZtLcUXbtSoGYMFkrD
FN82D74Ee8oKGDUT34lucvZjdwzt/Qyh8ziBgvAiZVsCeqF5IK9EpACwxuV5XPDI
OetZj3t1EY2nUXDft9Udv/aNvDD0FgCnZy8AjvDrnu95KH8FVXUO1g==
-----END CERTIFICATE-----
Generated at Sun May 18 04:48:40 2025 by rpki-client