Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vAsHPLjuoORfukL_oTFf2-EzFfc.roa
File: vAsHPLjuoORfukL_oTFf2-EzFfc.roa (raw, json)
Hash identifier: K5o3QlQc74VQq53yseBjnPMpUpnehhMykDSLtMhQ1vg=
Subject key identifier: BC:0B:07:3C:B8:EE:A0:E4:5F:BA:42:FF:A1:31:5F:DB:E1:33:15:F7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5386
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vAsHPLjuoORfukL_oTFf2-EzFfc.roa
Signing time: Thu 09 May 2024 22:54:00 +0000
ROA not before: Thu 09 May 2024 22:54:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21382 (0x5386)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 22:54:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=BC0B073CB8EEA0E45FBA42FFA1315FDBE13315F7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:cf:3d:a3:bd:e6:93:52:26:7c:4b:6d:aa:4f:
52:2b:1b:fd:80:1f:d7:90:c8:d6:75:db:29:77:93:
83:47:44:b3:98:f4:f6:c3:68:ed:52:74:a4:7d:ef:
cf:e3:ed:1e:20:94:77:28:ca:e5:a8:0b:3c:66:e6:
10:83:b8:2c:43:b4:09:5b:97:5c:64:23:14:77:3e:
15:23:58:a4:6b:4a:87:24:c6:46:e8:f6:c1:49:53:
b8:5e:a3:54:b0:1b:97:49:84:92:9d:c7:1e:8a:2f:
d6:8d:33:f5:3f:32:1e:88:ba:2d:9e:a3:ae:74:28:
64:4f:1a:d8:64:e5:8f:12:db:cf:c2:97:49:04:a4:
1f:51:23:2f:d1:aa:e2:63:2e:e2:cf:2f:40:18:10:
1e:d3:84:17:c1:be:bd:07:d9:51:9e:4c:71:dd:f9:
e1:8a:5a:50:20:79:b5:5f:69:26:8d:a9:9c:91:a9:
c9:86:cf:31:f9:e2:3f:a6:cf:ad:b4:6b:9b:cb:1c:
a0:6b:22:0e:85:2f:bc:28:bc:d9:65:58:91:e0:32:
6c:6b:62:27:86:b2:e2:19:07:a9:a8:f0:e3:f4:73:
c4:50:b7:ae:67:8d:85:52:c5:ab:96:ac:25:bf:ac:
d0:74:07:c7:98:60:2a:de:95:51:b6:12:b2:07:0e:
7f:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:0B:07:3C:B8:EE:A0:E4:5F:BA:42:FF:A1:31:5F:DB:E1:33:15:F7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vAsHPLjuoORfukL_oTFf2-EzFfc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
80:58:b2:36:af:bc:c7:ca:94:cc:fe:42:c5:af:c1:8d:b4:07:
81:49:ae:e3:63:93:27:1e:77:64:1c:04:0a:9c:1f:31:58:b3:
da:7e:cf:4e:ed:03:e0:00:ae:a8:b2:05:f8:a1:16:25:e9:85:
89:39:86:17:42:4f:71:61:2d:f0:74:2d:dc:6b:da:4c:83:c2:
ee:25:15:c3:1b:a9:9c:57:19:c1:ee:44:e1:7c:cd:29:d3:f2:
2d:c0:c9:66:9d:fa:c4:42:00:2f:ad:17:ee:02:1c:90:ad:cf:
c6:19:53:86:c8:3d:d3:f2:dc:1f:26:7c:01:9f:db:55:42:38:
55:8f:7b:cb:ab:bc:3b:32:4e:37:8b:59:d7:a2:99:fc:07:f3:
36:b7:a7:c3:ee:43:0d:36:8d:e0:3a:2e:84:b3:bd:7d:33:f0:
bb:26:a9:fa:51:30:1b:87:4b:ef:79:b3:e4:fe:85:3b:89:df:
ce:8c:86:e9:a3:87:06:95:29:65:d9:78:bd:b6:35:7f:2a:a2:
fb:21:13:95:5e:06:36:2f:a1:50:0e:da:04:31:97:5e:c3:26:
bd:24:bc:5e:76:2d:b8:13:ed:79:ee:8a:30:cb:a5:1b:f3:fd:
75:f1:5a:59:d2:e5:03:ed:b8:ae:11:15:bf:3b:55:7b:bb:fc:
2b:69:0f:08
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICU4YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDky
MjU0MDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJDMEIwNzNDQjhFRUEw
RTQ1RkJBNDJGRkExMzE1RkRCRTEzMzE1RjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzzz2jveaTUiZ8S22qT1IrG/2AH9eQyNZ12yl3k4NHRLOY9PbD
aO1SdKR978/j7R4glHcoyuWoCzxm5hCDuCxDtAlbl1xkIxR3PhUjWKRrSockxkbo
9sFJU7heo1SwG5dJhJKdxx6KL9aNM/U/Mh6Iui2eo650KGRPGthk5Y8S28/Cl0kE
pB9RIy/RquJjLuLPL0AYEB7ThBfBvr0H2VGeTHHd+eGKWlAgebVfaSaNqZyRqcmG
zzH54j+mz620a5vLHKBrIg6FL7wovNllWJHgMmxrYieGsuIZB6mo8OP0c8RQt65n
jYVSxauWrCW/rNB0B8eYYCrelVG2ErIHDn9tAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUvAsHPLjuoORfukL/oTFf2+EzFfcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZBc0hQTGp1b09SZnVr
TF9vVEZmMi1FekZmYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAgFiyNq+8x8qUzP5Cxa/BjbQHgUmu42OT
Jx53ZBwECpwfMViz2n7PTu0D4ACuqLIF+KEWJemFiTmGF0JPcWEt8HQt3GvaTIPC
7iUVwxupnFcZwe5E4XzNKdPyLcDJZp36xEIAL60X7gIckK3PxhlThsg90/LcHyZ8
AZ/bVUI4VY97y6u8OzJON4tZ16KZ/AfzNrenw+5DDTaN4DouhLO9fTPwuyap+lEw
G4dL73mz5P6FO4nfzoyG6aOHBpUpZdl4vbY1fyqi+yETlV4GNi+hUA7aBDGXXsMm
vSS8XnYtuBPtee6KMMulG/P9dfFaWdLlA+24rhEVvztVe7v8K2kPCA==
-----END CERTIFICATE-----
Generated at Sun May 18 04:54:14 2025 by rpki-client