Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vD_Al1pMSMiYTr4-aOOTlomh9jo.roa
File: vD_Al1pMSMiYTr4-aOOTlomh9jo.roa (raw, json)
Hash identifier: ZIjo0ZOGjNEVsTuA2Z2nYit+shfUWNe91w07TviKrzQ=
Subject key identifier: BC:3F:C0:97:5A:4C:48:C8:98:4E:BE:3E:68:E3:93:96:89:A1:F6:3A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4B1A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vD_Al1pMSMiYTr4-aOOTlomh9jo.roa
Signing time: Sun 28 Apr 2024 17:23:26 +0000
ROA not before: Sun 28 Apr 2024 17:23:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19226 (0x4b1a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 17:23:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=BC3FC0975A4C48C8984EBE3E68E3939689A1F63A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:df:3e:66:a3:bd:c2:62:a1:f9:58:73:12:82:
19:06:ed:8e:06:a0:9a:ef:51:f0:22:af:7f:a1:2b:
26:74:7c:3e:c2:c9:6d:e7:76:6a:96:d9:f9:89:99:
f0:06:76:c7:ab:ac:d7:2a:aa:06:ae:08:0a:17:80:
83:00:51:7f:28:74:ff:40:ff:16:e5:ff:2d:53:32:
f5:c5:bd:0f:de:72:4b:64:0d:f8:e8:d4:8f:98:a0:
74:18:14:9c:2f:8f:aa:5e:c9:73:02:e7:e9:30:40:
4d:9a:bb:b5:0d:8a:b0:b1:6e:30:2b:2c:42:3d:f8:
ad:fc:b6:e1:dc:4b:19:68:dd:6d:30:2f:e0:19:49:
5c:59:3e:67:83:82:42:41:79:0f:fe:f4:52:98:75:
d2:1a:04:8e:b1:7a:ad:9f:da:d7:71:b0:d1:6d:21:
9b:e8:30:24:ab:c0:43:d1:97:4a:23:02:63:8e:a7:
1b:26:f3:25:5f:56:02:91:65:e3:05:e6:aa:b6:e7:
b4:fa:73:d2:75:23:f7:ba:a3:66:af:b2:30:f2:74:
06:cb:bb:72:09:c4:1f:a2:ed:95:c8:29:10:53:5e:
0c:7c:bd:08:59:3d:c3:49:45:68:25:39:55:73:0d:
b5:62:8d:53:6b:41:91:a4:eb:0d:88:e5:65:9e:25:
96:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:3F:C0:97:5A:4C:48:C8:98:4E:BE:3E:68:E3:93:96:89:A1:F6:3A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vD_Al1pMSMiYTr4-aOOTlomh9jo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
56:0a:0b:1b:10:18:da:31:de:60:29:39:08:56:38:be:1f:04:
9d:a8:cd:65:f1:a1:4e:61:25:81:a5:8d:a1:7e:f9:7d:3e:96:
8c:d2:6c:06:c5:ca:ab:46:37:5d:23:26:00:bc:56:7e:ea:b8:
f1:2d:af:18:3e:ad:a6:5b:d6:4a:34:13:f1:a6:26:f8:a4:0f:
de:28:2c:77:a4:e7:78:52:e6:4c:ae:dd:b3:23:0e:96:59:ad:
20:e2:3c:f0:19:98:0d:2b:2a:b0:d8:4c:cb:6c:ec:2a:26:e9:
28:a1:12:8f:25:b3:dc:e7:f1:5a:4e:40:4b:8b:92:fc:df:34:
98:9f:6d:6b:de:e1:6a:34:7b:cc:89:69:ef:c2:1d:26:52:19:
74:be:b4:af:27:25:e9:55:18:78:a8:97:3c:a3:97:99:be:d3:
7b:12:9e:87:d4:64:c6:64:7a:1f:c9:d9:fa:b9:8d:b3:4d:d9:
4d:03:16:62:23:22:57:5d:ff:53:00:49:17:b0:a7:8a:bb:a4:
06:ec:0e:5b:79:8c:b5:a8:b3:45:81:03:77:9d:c3:da:91:5b:
66:93:2d:29:c6:8b:69:21:4a:ea:93:e9:e2:cd:bd:ff:3d:45:
31:13:8d:de:63:f4:cf:3f:19:f2:ae:f0:2c:0d:74:f2:63:71:
a0:e8:45:14
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSxowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgx
NzIzMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJDM0ZDMDk3NUE0QzQ4
Qzg5ODRFQkUzRTY4RTM5Mzk2ODlBMUY2M0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCq3z5mo73CYqH5WHMSghkG7Y4GoJrvUfAir3+hKyZ0fD7CyW3n
dmqW2fmJmfAGdserrNcqqgauCAoXgIMAUX8odP9A/xbl/y1TMvXFvQ/ecktkDfjo
1I+YoHQYFJwvj6peyXMC5+kwQE2au7UNirCxbjArLEI9+K38tuHcSxlo3W0wL+AZ
SVxZPmeDgkJBeQ/+9FKYddIaBI6xeq2f2tdxsNFtIZvoMCSrwEPRl0ojAmOOpxsm
8yVfVgKRZeMF5qq257T6c9J1I/e6o2avsjDydAbLu3IJxB+i7ZXIKRBTXgx8vQhZ
PcNJRWglOVVzDbVijVNrQZGk6w2I5WWeJZZTAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUvD/Al1pMSMiYTr4+aOOTlomh9jowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZEX0FsMXBNU01pWVRy
NC1hT09UbG9taDlqby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAVgoLGxAY2jHeYCk5CFY4vh8EnajNZfGh
TmElgaWNoX75fT6WjNJsBsXKq0Y3XSMmALxWfuq48S2vGD6tplvWSjQT8aYm+KQP
3igsd6TneFLmTK7dsyMOllmtIOI88BmYDSsqsNhMy2zsKibpKKESjyWz3OfxWk5A
S4uS/N80mJ9ta97hajR7zIlp78IdJlIZdL60rycl6VUYeKiXPKOXmb7TexKeh9Rk
xmR6H8nZ+rmNs03ZTQMWYiMiV13/UwBJF7CnirukBuwOW3mMtaizRYEDd53D2pFb
ZpMtKcaLaSFK6pPp4s29/z1FMRON3mP0zz8Z8q7wLA108mNxoOhFFA==
-----END CERTIFICATE-----
Generated at Sun May 18 02:01:36 2025 by rpki-client