Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/--keFKfjxHaAmCvKGSJGlbUQzr4.roa
File: --keFKfjxHaAmCvKGSJGlbUQzr4.roa (raw, json)
Hash identifier: B9DeciSc5hwJmtlcb2ojPURXIR8qJ7aNau+NjOcqPto=
Subject key identifier: FB:E9:1E:14:A7:E3:C4:76:80:98:2B:CA:19:22:46:95:B5:10:CE:BE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35D6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/--keFKfjxHaAmCvKGSJGlbUQzr4.roa
Signing time: Sun 31 Mar 2024 08:52:15 +0000
ROA not before: Sun 31 Mar 2024 08:52:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13782 (0x35d6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 08:52:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FBE91E14A7E3C47680982BCA19224695B510CEBE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:f5:a1:a0:f4:76:84:46:3d:e5:be:c6:69:42:
67:9f:22:df:73:41:6d:71:14:db:29:44:42:23:aa:
d9:2c:c8:cf:b7:80:42:ff:6a:ff:fb:2c:6a:49:04:
90:b7:fe:79:d8:7a:81:6f:35:df:65:f4:6e:9a:9a:
b4:f7:e8:ee:ed:22:c4:36:c7:56:45:2c:d3:ea:55:
2f:3d:1e:79:12:e0:07:c6:ca:f6:40:a3:58:c7:f7:
95:a4:08:27:b3:c5:d0:b7:8f:d7:03:47:dc:b1:36:
17:d7:96:1d:ab:01:63:04:b3:3e:6e:13:12:6b:6d:
ce:2b:d0:31:b5:e9:1f:4c:de:8c:1e:2f:f9:74:62:
24:ec:26:b8:3b:f3:6e:ae:52:1e:9e:af:60:3c:51:
98:e9:15:e9:a2:40:01:54:f8:09:09:a8:ce:8a:d9:
9f:84:2e:d1:1e:7a:3b:61:f5:5e:c0:c6:1e:08:d7:
a6:1b:a8:9e:bd:38:21:d1:2c:93:f3:b5:c5:6e:00:
a8:ce:a0:d3:17:20:60:d8:5e:57:69:8e:a6:e7:30:
ca:2c:0d:85:88:96:70:a8:aa:c2:3c:61:43:0d:d7:
9b:5e:c0:a4:ce:c9:44:af:31:df:b5:f7:22:00:22:
b2:5a:9e:6f:43:ae:20:de:39:a4:7f:3e:d6:a5:88:
9c:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:E9:1E:14:A7:E3:C4:76:80:98:2B:CA:19:22:46:95:B5:10:CE:BE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/--keFKfjxHaAmCvKGSJGlbUQzr4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b0:50:c1:f4:f2:58:fc:90:f9:90:fa:a1:f6:dd:a5:88:83:1d:
be:98:9b:48:23:6f:2e:4a:35:c5:64:5e:f4:ea:90:f3:c0:52:
8a:db:80:91:73:a3:0a:34:94:8f:ac:ab:d4:18:58:1a:03:e3:
02:5f:64:72:64:c9:8e:c8:01:43:58:ac:ca:04:31:5b:15:71:
8a:6a:7c:0d:1a:f0:63:4a:2e:0b:da:5a:21:36:ad:77:c5:0c:
bc:00:39:31:d9:b2:a6:50:64:50:e5:c8:88:b9:d3:2b:2b:de:
5c:a7:9e:e0:43:6a:3e:b4:5e:61:75:33:72:67:1e:2d:9a:ff:
b8:bf:e3:ab:e3:96:16:40:7a:7b:1f:7c:d4:ce:6a:8b:4e:d6:
79:44:bf:0e:e2:05:a2:46:92:8e:80:d3:00:fc:60:e2:e3:8a:
dd:ef:9c:e8:d9:85:60:8e:46:c6:56:7d:60:8c:04:b1:4b:dd:
53:1f:19:ef:27:38:66:00:be:2b:e1:bd:6b:ca:eb:96:28:46:
f4:5e:de:13:45:e7:9b:70:ee:f1:23:c8:4b:52:6f:66:b4:d7:
dd:f7:2d:8e:b5:78:2d:37:cc:15:c6:02:fd:c5:4f:33:ed:35:
cb:04:2a:2f:f8:4e:37:c7:fc:b6:21:ce:22:b7:df:6f:ac:76:
af:20:23:8e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNdYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
ODUyMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZCRTkxRTE0QTdFM0M0
NzY4MDk4MkJDQTE5MjI0Njk1QjUxMENFQkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCz9aGg9HaERj3lvsZpQmefIt9zQW1xFNspREIjqtksyM+3gEL/
av/7LGpJBJC3/nnYeoFvNd9l9G6amrT36O7tIsQ2x1ZFLNPqVS89HnkS4AfGyvZA
o1jH95WkCCezxdC3j9cDR9yxNhfXlh2rAWMEsz5uExJrbc4r0DG16R9M3oweL/l0
YiTsJrg7826uUh6er2A8UZjpFemiQAFU+AkJqM6K2Z+ELtEeejth9V7Axh4I16Yb
qJ69OCHRLJPztcVuAKjOoNMXIGDYXldpjqbnMMosDYWIlnCoqsI8YUMN15tewKTO
yUSvMd+19yIAIrJanm9DriDeOaR/PtaliJzNAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU++keFKfjxHaAmCvKGSJGlbUQzr4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly0ta2VGS2ZqeEhhQW1D
dktHU0pHbGJVUXpyNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAsFDB9PJY/JD5kPqh9t2liIMdvpibSCNv
Lko1xWRe9OqQ88BSituAkXOjCjSUj6yr1BhYGgPjAl9kcmTJjsgBQ1isygQxWxVx
imp8DRrwY0ouC9paITatd8UMvAA5MdmyplBkUOXIiLnTKyveXKee4ENqPrReYXUz
cmceLZr/uL/jq+OWFkB6ex981M5qi07WeUS/DuIFokaSjoDTAPxg4uOK3e+c6NmF
YI5GxlZ9YIwEsUvdUx8Z7yc4ZgC+K+G9a8rrlihG9F7eE0Xnm3Du8SPIS1JvZrTX
3fctjrV4LTfMFcYC/cVPM+01ywQqL/hON8f8tiHOIrffb6x2ryAjjg==
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:56:33 2025 by rpki-client