Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wRuN6mvryPnfbz0K6AlPJiSTe0Q.roa
File: wRuN6mvryPnfbz0K6AlPJiSTe0Q.roa (raw, json)
Hash identifier: /IGfOcypEemdxlDyTf9MR3iBjfYj+oux9GhWZnIco18=
Subject key identifier: C1:1B:8D:EA:6B:EB:C8:F9:DF:6F:3D:0A:E8:09:4F:26:24:93:7B:44
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4D8A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wRuN6mvryPnfbz0K6AlPJiSTe0Q.roa
Signing time: Wed 01 May 2024 23:23:41 +0000
ROA not before: Wed 01 May 2024 23:23:41 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19850 (0x4d8a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 23:23:41 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C11B8DEA6BEBC8F9DF6F3D0AE8094F2624937B44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:f5:26:fc:69:7a:20:49:ee:c3:8d:26:0b:d9:
83:ab:26:35:07:4b:24:0a:95:2b:d1:61:bc:ba:de:
0f:59:21:1a:11:61:d4:8a:b3:c3:6c:1b:11:72:f4:
03:c1:bf:70:d4:78:0c:c9:83:aa:8d:55:37:c7:2a:
a6:1c:42:72:03:e9:96:02:cb:23:77:14:65:79:8e:
a3:dd:b5:07:94:8a:b4:30:72:dc:53:ae:a2:a2:51:
fe:2e:8a:ad:d1:dc:3c:02:70:ee:03:72:50:16:dc:
1b:71:9f:00:d4:13:3b:3a:50:70:89:90:b4:5b:b5:
e5:e6:8a:45:57:5e:05:66:3b:df:f5:f3:ab:b4:5c:
ab:23:b5:3e:6a:da:95:c3:9b:5b:7b:ae:cc:7e:19:
25:dd:89:9b:0e:38:a2:c1:59:80:44:1d:e3:58:1b:
86:ff:56:d2:d1:f9:44:59:4d:ad:4b:c5:7b:20:94:
f5:41:f4:1d:2e:74:71:36:b4:53:d6:04:dd:df:ac:
4f:c1:23:6d:91:eb:f3:29:ca:8f:9b:ec:cb:cc:d5:
a0:dc:79:6b:b7:4d:bb:5b:db:9a:d0:11:7b:5a:8d:
9a:75:e7:ec:d2:aa:fc:33:a2:bd:e7:44:9b:5d:e8:
c9:2f:26:ff:e1:0f:ad:c5:bf:87:e9:f8:be:02:9d:
1c:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:1B:8D:EA:6B:EB:C8:F9:DF:6F:3D:0A:E8:09:4F:26:24:93:7B:44
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wRuN6mvryPnfbz0K6AlPJiSTe0Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
91:82:51:16:e3:37:22:c4:b3:87:c8:0b:50:ee:25:71:94:0d:
56:39:08:97:1a:9f:cd:40:d2:42:1b:84:a1:4c:8b:50:67:62:
2b:6d:fc:56:20:40:18:f7:73:c7:62:3a:aa:2e:56:39:6f:83:
01:04:3d:2b:75:18:98:e4:e1:e8:aa:fb:63:2b:08:1f:32:b2:
43:96:f1:cf:d2:d7:63:2b:68:69:1a:cc:9e:07:4f:84:77:a1:
ea:fb:a5:e0:9a:35:76:6b:cc:ad:43:14:89:65:fa:20:2f:92:
6a:97:18:4c:2c:80:fe:f8:fb:44:fe:38:12:38:2d:39:a0:f4:
e3:b8:e5:fc:b5:d1:09:fc:ac:18:4a:07:25:45:b9:71:cc:62:
b3:c0:e3:36:96:e3:94:88:df:92:44:36:f8:cd:14:0b:4c:d9:
96:25:da:13:1b:86:17:16:4d:f9:02:a4:ba:27:e2:41:09:e6:
46:6b:04:5f:8a:35:7f:b5:03:a7:1e:35:62:1b:97:ec:8e:b4:
39:49:fd:cc:25:75:83:80:21:93:af:0b:08:6c:3c:f2:ac:9c:
f0:7b:c4:04:f1:c5:47:2f:98:b9:85:d6:cd:34:1a:8b:3f:74:
7d:fc:d4:5c:7c:2f:48:02:b8:62:ba:b2:f4:97:07:52:08:93:
4a:e7:b7:77
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTYowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEy
MzIzNDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEMxMUI4REVBNkJFQkM4
RjlERjZGM0QwQUU4MDk0RjI2MjQ5MzdCNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCf9Sb8aXogSe7DjSYL2YOrJjUHSyQKlSvRYby63g9ZIRoRYdSK
s8NsGxFy9APBv3DUeAzJg6qNVTfHKqYcQnID6ZYCyyN3FGV5jqPdtQeUirQwctxT
rqKiUf4uiq3R3DwCcO4DclAW3BtxnwDUEzs6UHCJkLRbteXmikVXXgVmO9/186u0
XKsjtT5q2pXDm1t7rsx+GSXdiZsOOKLBWYBEHeNYG4b/VtLR+URZTa1LxXsglPVB
9B0udHE2tFPWBN3frE/BI22R6/Mpyo+b7MvM1aDceWu3Tbtb25rQEXtajZp15+zS
qvwzor3nRJtd6MkvJv/hD63Fv4fp+L4CnRwPAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUwRuN6mvryPnfbz0K6AlPJiSTe0QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dSdU42bXZyeVBuZmJ6
MEs2QWxQSmlTVGUwUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAkYJRFuM3IsSzh8gLUO4lcZQNVjkIlxqf
zUDSQhuEoUyLUGdiK238ViBAGPdzx2I6qi5WOW+DAQQ9K3UYmOTh6Kr7YysIHzKy
Q5bxz9LXYytoaRrMngdPhHeh6vul4Jo1dmvMrUMUiWX6IC+SapcYTCyA/vj7RP44
EjgtOaD047jl/LXRCfysGEoHJUW5ccxis8DjNpbjlIjfkkQ2+M0UC0zZliXaExuG
FxZN+QKkuifiQQnmRmsEX4o1f7UDpx41YhuX7I60OUn9zCV1g4Ahk68LCGw88qyc
8HvEBPHFRy+YuYXWzTQaiz90ffzUXHwvSAK4Yrqy9JcHUgiTSue3dw==
-----END CERTIFICATE-----
Generated at Sat May 17 19:34:00 2025 by rpki-client