Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yQS4jE-ybKv5m2qB2pAgyVM8eU4.roa
File: yQS4jE-ybKv5m2qB2pAgyVM8eU4.roa (raw, json)
Hash identifier: vfiWIXUlonApIroT1AI425BYx1VuPOnNX/BIZr8PGL0=
Subject key identifier: C9:04:B8:8C:4F:B2:6C:AB:F9:9B:6A:81:DA:90:20:C9:53:3C:79:4E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3426
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yQS4jE-ybKv5m2qB2pAgyVM8eU4.roa
Signing time: Fri 29 Mar 2024 02:52:05 +0000
ROA not before: Fri 29 Mar 2024 02:52:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13350 (0x3426)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 02:52:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C904B88C4FB26CABF99B6A81DA9020C9533C794E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:43:65:ee:f8:e8:6f:69:57:c5:d2:05:07:7b:
6f:e0:75:de:b4:85:28:46:7e:40:40:cc:25:3b:53:
f4:76:98:dc:16:47:42:72:c6:7c:17:05:ea:0b:d0:
06:45:a5:e2:f3:6f:4b:71:4c:df:34:14:df:a8:b5:
e0:d7:7a:63:ab:bb:a6:30:d8:b0:6d:b6:82:44:58:
4d:07:42:57:bf:28:87:a4:fe:af:0e:99:64:16:7d:
75:00:b8:d8:9b:5d:c4:1b:84:81:09:e5:bd:c3:0a:
f5:dd:d9:5a:56:38:e5:99:61:05:69:c4:b7:53:c2:
07:3e:25:e5:c4:5d:d9:16:93:bc:fa:ce:a7:36:9b:
05:af:d7:63:8f:f8:e3:f1:98:18:39:e9:15:fa:f0:
04:8a:da:cb:3b:2d:ad:3f:f3:5b:18:82:71:39:ce:
fb:77:58:30:e8:2a:e7:0f:21:50:29:92:18:33:79:
f3:ff:51:21:2b:0e:98:01:fa:35:44:47:95:bc:f5:
fa:ad:76:56:0f:5e:6a:6c:8c:2d:37:a5:53:52:0a:
5d:c5:f5:80:69:a7:3e:5e:ed:9e:b0:d2:2f:60:8c:
c8:f6:da:da:f2:03:00:7c:c1:30:08:22:44:4a:e1:
7a:cf:de:83:bc:6d:55:a3:e2:20:6c:47:bd:32:b7:
d7:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:04:B8:8C:4F:B2:6C:AB:F9:9B:6A:81:DA:90:20:C9:53:3C:79:4E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yQS4jE-ybKv5m2qB2pAgyVM8eU4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a9:a4:80:7b:82:03:09:c0:72:4e:8b:05:bb:f5:92:8a:c6:3f:
8f:57:9c:2b:9a:36:de:83:c0:a9:7c:28:e6:64:b7:d9:bc:35:
77:cd:f7:55:75:dc:01:2c:ee:4f:82:20:72:59:42:c1:f8:5d:
51:53:2e:07:33:d3:dc:6d:f1:6a:6e:36:0e:72:9e:c1:f0:c7:
61:3d:de:8d:0c:6a:18:8e:b4:72:ac:72:54:ed:72:7a:4b:a1:
14:03:3b:ad:b5:72:0e:0d:85:e1:7f:5c:4d:66:4d:4a:07:c9:
8e:8f:7d:f9:0c:3b:6f:c1:5b:0a:f5:65:58:78:f5:1f:ee:f1:
c0:65:11:68:3e:cb:19:62:63:6f:f7:46:00:d5:5b:38:e2:5e:
69:a0:58:bd:1c:34:3e:af:45:61:84:a7:07:97:e8:0f:88:00:
39:fe:99:18:3b:70:99:8b:56:5f:81:f7:23:41:a7:12:f8:15:
f2:22:e9:03:eb:90:91:da:cb:08:cf:6c:51:45:7e:24:26:6c:
4d:04:5d:16:1c:41:fb:fc:93:4b:7f:e2:15:12:3d:38:d2:d4:
72:10:09:5a:56:97:c0:00:44:a8:23:a2:e5:0f:24:cc:04:fb:
55:27:72:c5:09:2f:85:b6:a7:ce:8f:fe:e0:fe:a9:70:f3:99:
89:4d:df:7d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNCYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkw
MjUyMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEM5MDRCODhDNEZCMjZD
QUJGOTlCNkE4MURBOTAyMEM5NTMzQzc5NEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUQ2Xu+OhvaVfF0gUHe2/gdd60hShGfkBAzCU7U/R2mNwWR0Jy
xnwXBeoL0AZFpeLzb0txTN80FN+oteDXemOru6Yw2LBttoJEWE0HQle/KIek/q8O
mWQWfXUAuNibXcQbhIEJ5b3DCvXd2VpWOOWZYQVpxLdTwgc+JeXEXdkWk7z6zqc2
mwWv12OP+OPxmBg56RX68ASK2ss7La0/81sYgnE5zvt3WDDoKucPIVApkhgzefP/
USErDpgB+jVER5W89fqtdlYPXmpsjC03pVNSCl3F9YBppz5e7Z6w0i9gjMj22try
AwB8wTAIIkRK4XrP3oO8bVWj4iBsR70yt9drAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUyQS4jE+ybKv5m2qB2pAgyVM8eU4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3lRUzRqRS15Ykt2NW0y
cUIycEFneVZNOGVVNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAqaSAe4IDCcByTosFu/WSisY/j1ecK5o2
3oPAqXwo5mS32bw1d833VXXcASzuT4IgcllCwfhdUVMuBzPT3G3xam42DnKewfDH
YT3ejQxqGI60cqxyVO1yekuhFAM7rbVyDg2F4X9cTWZNSgfJjo99+Qw7b8FbCvVl
WHj1H+7xwGURaD7LGWJjb/dGANVbOOJeaaBYvRw0Pq9FYYSnB5foD4gAOf6ZGDtw
mYtWX4H3I0GnEvgV8iLpA+uQkdrLCM9sUUV+JCZsTQRdFhxB+/yTS3/iFRI9ONLU
chAJWlaXwABEqCOi5Q8kzAT7VSdyxQkvhbanzo/+4P6pcPOZiU3ffQ==
-----END CERTIFICATE-----
Generated at Sat May 17 22:37:05 2025 by rpki-client