Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0GEZMPnokzu8EH_y24_wmYHVAK0.roa
File: 0GEZMPnokzu8EH_y24_wmYHVAK0.roa (raw, json)
Hash identifier: rn0QCymmyknrSFFOKYLvtYUEcvd1tpWTAPRiK/KxLAk=
Subject key identifier: D0:61:19:30:F9:E8:93:3B:BC:10:7F:F2:DB:8F:F0:99:81:D5:00:AD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 407E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0GEZMPnokzu8EH_y24_wmYHVAK0.roa
Signing time: Sun 14 Apr 2024 13:52:55 +0000
ROA not before: Sun 14 Apr 2024 13:52:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16510 (0x407e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 13:52:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D0611930F9E8933BBC107FF2DB8FF09981D500AD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:15:01:18:10:21:80:47:04:8c:36:d2:b0:0b:
32:ee:d1:f8:e4:ec:7a:07:cb:70:f9:83:6b:7a:18:
fd:43:13:67:8c:41:31:3a:f7:f9:5b:3d:8f:f6:1d:
bb:cd:01:7f:7a:75:a9:8d:8a:ae:33:b4:ce:21:60:
3c:a9:ea:7e:f7:31:f8:96:5c:20:e9:1e:09:ae:1f:
8b:5e:62:d7:ee:a6:10:dd:11:9a:27:94:89:d8:9d:
e0:4b:90:c8:e0:4b:73:a8:f9:1f:06:df:b8:92:db:
b2:ed:d3:3b:db:cd:4a:c3:e5:ba:58:f0:18:c4:c7:
31:fd:85:dc:e1:e6:16:1d:31:0d:e6:fa:6d:13:d4:
92:f9:b0:5f:07:e8:89:b0:42:f4:a2:5a:8c:d4:fb:
c4:5a:c1:dc:53:86:4c:a2:4c:e0:9c:0f:e9:5a:ed:
de:8b:b4:dd:6c:38:75:dd:55:9f:29:ff:7a:9e:20:
08:78:55:1e:03:6a:81:d1:c0:1d:b3:bf:48:55:1b:
e3:b4:71:62:54:d5:43:08:ca:1a:53:12:f8:d9:75:
f2:7c:97:f2:89:00:af:b7:41:1c:dc:3c:d9:87:06:
82:ae:74:49:2a:0f:70:62:b7:65:35:32:f8:43:f6:
59:a8:91:8b:49:97:1c:c4:66:69:0a:63:87:38:bb:
75:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:61:19:30:F9:E8:93:3B:BC:10:7F:F2:DB:8F:F0:99:81:D5:00:AD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0GEZMPnokzu8EH_y24_wmYHVAK0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
16:75:59:5f:df:65:a1:9f:56:7b:5b:35:db:79:ef:9e:04:89:
ac:f8:1f:57:0b:e9:5a:87:0e:6d:e2:5b:55:27:02:e9:66:45:
52:5e:90:4e:07:92:7a:32:68:4d:e4:bd:31:d4:05:ee:e1:ba:
16:fe:d2:08:e0:28:d9:4d:9a:8d:d1:b6:b5:f9:c3:d1:85:0c:
8e:78:00:17:78:c8:fb:fe:3c:cf:a4:46:d5:b2:70:62:e3:b8:
c5:49:09:4b:6c:f0:99:94:49:64:18:f3:ff:e6:7f:94:b0:84:
d3:96:77:1d:85:a9:90:d8:e6:33:70:41:8a:21:b1:10:82:f8:
1e:b5:b9:43:f0:df:54:44:a6:b6:af:ea:18:59:51:32:ca:fc:
21:3e:59:ef:66:ea:14:bc:41:dd:30:63:9d:9d:b5:10:23:87:
f0:f6:13:29:e9:1d:1c:24:8d:ce:f6:cc:3d:4e:97:c0:23:a7:
cb:e6:85:65:cf:3b:b0:0e:47:f4:76:8c:f1:3d:b4:8d:7b:79:
74:30:37:a8:6c:f2:0e:a9:bd:33:a2:7b:93:cd:56:6c:48:94:
c2:f1:fa:56:93:b4:40:ac:6f:2e:8d:8d:f5:ff:54:8a:23:41:
ad:a5:63:e0:1b:8c:28:c2:84:d1:42:d9:7b:21:91:43:ff:f8:
46:a6:b9:31
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQH4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQx
MzUyNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQwNjExOTMwRjlFODkz
M0JCQzEwN0ZGMkRCOEZGMDk5ODFENTAwQUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD1FQEYECGARwSMNtKwCzLu0fjk7HoHy3D5g2t6GP1DE2eMQTE6
9/lbPY/2HbvNAX96damNiq4ztM4hYDyp6n73MfiWXCDpHgmuH4teYtfuphDdEZon
lInYneBLkMjgS3Oo+R8G37iS27Lt0zvbzUrD5bpY8BjExzH9hdzh5hYdMQ3m+m0T
1JL5sF8H6ImwQvSiWozU+8RawdxThkyiTOCcD+la7d6LtN1sOHXdVZ8p/3qeIAh4
VR4DaoHRwB2zv0hVG+O0cWJU1UMIyhpTEvjZdfJ8l/KJAK+3QRzcPNmHBoKudEkq
D3Bit2U1MvhD9lmokYtJlxzEZmkKY4c4u3VjAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU0GEZMPnokzu8EH/y24/wmYHVAK0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBHRVpNUG5va3p1OEVI
X3kyNF93bVlIVkFLMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAFnVZX99loZ9We1s123nvngSJrPgfVwvp
WocObeJbVScC6WZFUl6QTgeSejJoTeS9MdQF7uG6Fv7SCOAo2U2ajdG2tfnD0YUM
jngAF3jI+/48z6RG1bJwYuO4xUkJS2zwmZRJZBjz/+Z/lLCE05Z3HYWpkNjmM3BB
iiGxEIL4HrW5Q/DfVESmtq/qGFlRMsr8IT5Z72bqFLxB3TBjnZ21ECOH8PYTKekd
HCSNzvbMPU6XwCOny+aFZc87sA5H9HaM8T20jXt5dDA3qGzyDqm9M6J7k81WbEiU
wvH6VpO0QKxvLo2N9f9UiiNBraVj4BuMKMKE0ULZeyGRQ//4Rqa5MQ==
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:05:18 2025 by rpki-client