Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/uDlszOyXMuDEHmKPV0RJp4bWus8.roa
File: uDlszOyXMuDEHmKPV0RJp4bWus8.roa (raw, json)
Hash identifier: uzF3yFzMvEfLHih/tjnbhoRM8ue2Z0vVL8cnp1+54pI=
Subject key identifier: B8:39:6C:CC:EC:97:32:E0:C4:1E:62:8F:57:44:49:A7:86:D6:BA:CF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 53FA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uDlszOyXMuDEHmKPV0RJp4bWus8.roa
Signing time: Fri 10 May 2024 13:24:00 +0000
ROA not before: Fri 10 May 2024 13:24:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21498 (0x53fa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 13:24:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B8396CCCEC9732E0C41E628F574449A786D6BACF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:2b:52:f5:57:23:e3:b6:d3:6f:72:7e:c0:10:
d1:62:bc:94:93:a9:c6:3f:a4:06:b3:5c:1d:17:57:
0d:d0:ac:10:d7:d9:80:0b:ed:b2:5d:cc:93:da:44:
8e:d1:99:d7:46:8d:e9:83:e2:d8:6b:10:1e:9b:eb:
10:14:56:51:10:2e:2a:ee:f5:4f:e0:f4:bd:f8:c4:
35:9e:f3:c0:0f:61:1f:1e:12:e4:f3:3d:e9:79:bd:
17:5e:93:98:80:70:3c:10:83:8a:fd:16:2a:0c:70:
8d:80:90:8b:22:07:25:a0:3e:6f:21:a4:7c:50:c4:
ef:ea:03:ed:07:2a:ac:49:b2:34:0a:15:6c:a1:3e:
b6:4d:1e:ad:0a:17:73:ec:26:10:71:aa:79:88:06:
73:5b:c4:8d:83:bd:e3:a6:21:3b:c9:03:c3:eb:40:
58:42:a3:46:7a:e5:ff:96:2f:fc:36:f8:05:b2:0d:
da:36:c3:08:55:db:f1:fb:74:48:c1:03:49:24:f8:
1d:a3:5c:4f:3b:fa:62:86:b8:fc:dc:5b:3f:28:e1:
37:f7:ab:d5:cc:32:8f:a6:04:bb:1c:04:a1:05:28:
02:63:7d:73:3f:f6:fb:98:56:ef:d2:e3:75:b8:dc:
be:7c:fd:f0:85:ac:ea:5d:df:11:f7:4b:0b:b1:75:
3a:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:39:6C:CC:EC:97:32:E0:C4:1E:62:8F:57:44:49:A7:86:D6:BA:CF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uDlszOyXMuDEHmKPV0RJp4bWus8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7e:65:30:cc:c7:d1:19:b1:74:4a:29:bc:35:31:c2:e0:7a:c0:
42:08:38:ad:4b:85:ca:ee:e5:87:d0:e6:e0:37:80:cf:e5:59:
b8:73:e8:a1:9e:62:62:16:c4:e1:57:4e:50:12:9c:20:c2:e9:
32:7b:b3:2b:54:b6:52:61:d0:c8:bf:ee:e5:71:d0:fb:96:ab:
25:64:7c:3d:0f:f7:57:a5:65:56:96:ba:e8:b1:0f:d4:37:62:
b8:5a:46:e6:c6:1a:cd:e7:bb:e0:73:df:d0:36:28:99:ea:98:
ac:04:68:f5:6e:ab:51:de:1e:34:4f:ed:84:c3:7f:f5:98:1b:
eb:27:6e:f2:e8:90:41:47:59:34:a4:ca:92:90:6b:0d:f3:b3:
ec:d2:14:b3:14:ea:9d:0e:ed:ef:43:5a:30:4a:d1:65:d3:b5:
ec:db:fc:cd:1a:02:8b:6c:5c:fa:56:3d:13:4e:5d:24:00:a6:
47:e7:9a:9d:7f:9d:20:56:ed:a5:fd:a1:8e:37:92:9d:fb:67:
12:a1:11:9e:32:cd:64:da:2f:54:06:7f:c2:27:89:c1:d0:32:
5f:32:ba:2f:38:fd:ff:fb:22:d7:00:65:b4:b2:d4:17:28:55:
ba:5a:94:bc:fc:a8:58:2c:9d:8b:35:40:e1:58:5d:f1:52:62:
5f:c3:6b:53
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICU/owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAx
MzI0MDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI4Mzk2Q0NDRUM5NzMy
RTBDNDFFNjI4RjU3NDQ0OUE3ODZENkJBQ0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6K1L1VyPjttNvcn7AENFivJSTqcY/pAazXB0XVw3QrBDX2YAL
7bJdzJPaRI7RmddGjemD4thrEB6b6xAUVlEQLiru9U/g9L34xDWe88APYR8eEuTz
Pel5vRdek5iAcDwQg4r9FioMcI2AkIsiByWgPm8hpHxQxO/qA+0HKqxJsjQKFWyh
PrZNHq0KF3PsJhBxqnmIBnNbxI2DveOmITvJA8PrQFhCo0Z65f+WL/w2+AWyDdo2
wwhV2/H7dEjBA0kk+B2jXE87+mKGuPzcWz8o4Tf3q9XMMo+mBLscBKEFKAJjfXM/
9vuYVu/S43W43L58/fCFrOpd3xH3SwuxdTqVAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUuDlszOyXMuDEHmKPV0RJp4bWus8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VEbHN6T3lYTXVERUht
S1BWMFJKcDRiV3VzOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAfmUwzMfRGbF0Sim8NTHC4HrAQgg4rUuF
yu7lh9Dm4DeAz+VZuHPooZ5iYhbE4VdOUBKcIMLpMnuzK1S2UmHQyL/u5XHQ+5ar
JWR8PQ/3V6VlVpa66LEP1DdiuFpG5sYazee74HPf0DYomeqYrARo9W6rUd4eNE/t
hMN/9Zgb6ydu8uiQQUdZNKTKkpBrDfOz7NIUsxTqnQ7t70NaMErRZdO17Nv8zRoC
i2xc+lY9E05dJACmR+eanX+dIFbtpf2hjjeSnftnEqERnjLNZNovVAZ/wieJwdAy
XzK6Lzj9//si1wBltLLUFyhVulqUvPyoWCydizVA4Vhd8VJiX8NrUw==
-----END CERTIFICATE-----
Generated at Sat May 17 19:43:44 2025 by rpki-client