Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vbrYlVUtV_H_0QpdAOG8uYhupBY.roa
File: vbrYlVUtV_H_0QpdAOG8uYhupBY.roa (raw, json)
Hash identifier: jpYY2sB3VXviXcKIf5OZERhsr2Dreng20wlaxX1T574=
Subject key identifier: BD:BA:D8:95:55:2D:57:F1:FF:D1:0A:5D:00:E1:BC:B9:88:6E:A4:16
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4FD2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vbrYlVUtV_H_0QpdAOG8uYhupBY.roa
Signing time: Sun 05 May 2024 00:23:53 +0000
ROA not before: Sun 05 May 2024 00:23:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20434 (0x4fd2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 00:23:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=BDBAD895552D57F1FFD10A5D00E1BCB9886EA416
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:ce:c2:c8:fe:31:53:97:66:f4:1b:b2:46:05:
34:1e:6f:45:3b:03:88:78:2d:13:9a:ae:f0:1e:bb:
36:f0:a1:52:bc:43:07:33:e9:e2:10:b4:87:e9:2d:
a6:fd:f6:6b:3f:6b:f9:4a:2c:69:4e:2c:fd:62:05:
fd:ac:7a:25:af:8f:80:08:b7:d8:85:51:80:43:c7:
82:cd:b8:37:ae:8f:54:35:10:75:9b:a8:b3:44:36:
e0:9e:5b:0d:bb:b2:8c:43:08:d4:fe:3f:12:d6:43:
5b:07:4f:6d:8e:14:69:3a:89:41:3e:ec:b0:af:23:
34:f1:b3:2e:b8:61:b3:fa:9c:81:91:bc:61:6b:91:
2b:8b:0a:b8:c7:60:90:3e:ee:2a:a0:8b:29:4b:20:
bf:78:ff:c9:96:9e:e7:3c:4f:26:c4:7b:61:a3:92:
9b:2e:a8:34:cf:5c:76:f6:4b:c9:50:8a:20:85:57:
70:96:a9:2a:5a:b8:86:45:31:11:ed:92:ab:1a:04:
8f:ed:c7:b9:fc:da:a3:4a:28:72:b6:28:6c:20:40:
06:d4:15:ff:f2:c5:19:9b:3b:be:b7:12:0e:10:ce:
7e:4a:22:d5:b9:a9:ca:e5:0a:e5:47:70:47:fb:67:
76:54:77:78:3e:63:0e:88:2e:9d:a5:31:55:aa:e7:
5b:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:BA:D8:95:55:2D:57:F1:FF:D1:0A:5D:00:E1:BC:B9:88:6E:A4:16
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vbrYlVUtV_H_0QpdAOG8uYhupBY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a9:ef:64:b4:5b:71:63:57:81:a7:ec:3f:ec:16:e2:72:be:d5:
e1:dc:05:b8:1f:db:4b:a7:9b:8f:ad:20:4b:36:6c:75:12:26:
ca:11:89:59:e0:a1:a6:a2:48:41:cb:56:26:62:96:b7:61:e9:
62:0a:2e:22:f3:cf:d5:c5:40:80:86:14:69:58:63:b8:72:6f:
e5:c7:1f:17:13:12:03:86:95:dc:de:ef:21:8d:60:07:5b:b7:
86:fe:28:b5:57:ac:24:da:b0:e2:13:a3:8a:7c:03:5c:bf:b8:
6b:66:54:5c:94:1c:60:f2:7a:f5:3d:9d:67:a1:ed:45:42:32:
69:bf:ab:a9:e1:8f:07:29:86:44:6a:28:fa:86:a9:f5:fb:f1:
6a:8c:93:86:cc:35:b5:ee:49:2d:bf:82:a0:c6:07:e4:ba:0d:
e4:6a:ef:e3:02:71:40:e1:7e:9b:31:90:f9:d1:39:27:69:c1:
51:fb:b8:a5:54:e0:bb:06:d3:0f:e3:b0:20:c2:e1:94:f7:d1:
40:2e:fa:73:fc:ec:e9:33:70:1b:83:e7:76:f2:24:5b:11:99:
19:89:e6:db:2e:41:f1:36:4c:3f:5e:11:f6:5d:07:70:4b:ff:
d6:68:85:fc:8f:54:1c:8f:94:88:75:6c:73:4f:71:4a:12:99:
5a:75:a4:70
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICT9IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUw
MDIzNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJEQkFEODk1NTUyRDU3
RjFGRkQxMEE1RDAwRTFCQ0I5ODg2RUE0MTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCozsLI/jFTl2b0G7JGBTQeb0U7A4h4LROarvAeuzbwoVK8Qwcz
6eIQtIfpLab99ms/a/lKLGlOLP1iBf2seiWvj4AIt9iFUYBDx4LNuDeuj1Q1EHWb
qLNENuCeWw27soxDCNT+PxLWQ1sHT22OFGk6iUE+7LCvIzTxsy64YbP6nIGRvGFr
kSuLCrjHYJA+7iqgiylLIL94/8mWnuc8TybEe2GjkpsuqDTPXHb2S8lQiiCFV3CW
qSpauIZFMRHtkqsaBI/tx7n82qNKKHK2KGwgQAbUFf/yxRmbO763Eg4Qzn5KItW5
qcrlCuVHcEf7Z3ZUd3g+Yw6ILp2lMVWq51upAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUvbrYlVUtV/H/0QpdAOG8uYhupBYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZicllsVlV0Vl9IXzBR
cGRBT0c4dVlodXBCWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAqe9ktFtxY1eBp+w/7Bbicr7V4dwFuB/b
S6ebj60gSzZsdRImyhGJWeChpqJIQctWJmKWt2HpYgouIvPP1cVAgIYUaVhjuHJv
5ccfFxMSA4aV3N7vIY1gB1u3hv4otVesJNqw4hOjinwDXL+4a2ZUXJQcYPJ69T2d
Z6HtRUIyab+rqeGPBymGRGoo+oap9fvxaoyThsw1te5JLb+CoMYH5LoN5Grv4wJx
QOF+mzGQ+dE5J2nBUfu4pVTguwbTD+OwIMLhlPfRQC76c/zs6TNwG4PndvIkWxGZ
GYnm2y5B8TZMP14R9l0HcEv/1miF/I9UHI+UiHVsc09xShKZWnWkcA==
-----END CERTIFICATE-----
Generated at Sat May 17 22:00:22 2025 by rpki-client