Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/49UWt4MGx9Z-9UNDDwrTBfkr4XA.roa
File: 49UWt4MGx9Z-9UNDDwrTBfkr4XA.roa (raw, json)
Hash identifier: /ln1j6jWKqYLm61W95BiOGLe2GK8yT2H/d53ycPWCyw=
Subject key identifier: E3:D5:16:B7:83:06:C7:D6:7E:F5:43:43:0F:0A:D3:05:F9:2B:E1:70
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E72
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/49UWt4MGx9Z-9UNDDwrTBfkr4XA.roa
Signing time: Fri 03 May 2024 04:23:47 +0000
ROA not before: Fri 03 May 2024 04:23:47 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20082 (0x4e72)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 04:23:47 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E3D516B78306C7D67EF543430F0AD305F92BE170
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:84:77:d4:d1:b5:a3:70:9c:18:ce:8d:27:79:
06:59:32:40:9a:a4:1a:20:62:1e:4b:0f:33:c7:c8:
d8:83:c4:83:99:ed:6d:09:2c:ba:1c:34:d9:96:50:
0e:c7:89:8a:6e:92:f9:16:0b:7c:9a:85:4b:e4:05:
e4:da:b8:ed:4f:60:51:fe:2d:b4:e4:1f:ec:58:7e:
05:1e:53:65:62:96:be:ea:9f:5c:3f:13:ba:ba:f7:
bb:e0:11:b1:ae:15:cc:e3:52:5d:c1:99:a9:ab:5b:
59:d1:97:84:4f:b3:66:3e:11:46:44:a5:dd:9b:61:
f0:a4:47:10:95:f1:ea:6a:5e:f6:19:eb:f0:1d:e9:
9a:12:40:87:8d:0a:8b:25:a5:c7:c8:0f:7a:d0:90:
70:14:21:e0:20:05:30:89:44:b1:7b:28:c2:a4:b2:
52:c3:d3:39:55:95:b6:0b:92:64:8c:2d:4e:64:db:
49:fd:7b:8a:a3:c1:2c:4d:a3:bb:dd:f8:4d:8c:f9:
a7:59:f3:40:6e:7c:31:7d:6e:bb:bd:78:c9:e7:48:
d1:ef:36:5e:8c:ff:e0:86:33:4a:d5:56:8f:23:ea:
52:7f:08:79:a7:25:44:20:fe:2f:6d:ae:07:6f:ff:
0b:20:6d:d7:52:6e:d0:72:ab:7e:77:68:1a:0a:77:
a1:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:D5:16:B7:83:06:C7:D6:7E:F5:43:43:0F:0A:D3:05:F9:2B:E1:70
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/49UWt4MGx9Z-9UNDDwrTBfkr4XA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5e:36:bb:ab:39:f9:27:e5:2c:e0:5b:58:a1:fd:2e:2c:e2:7e:
3e:9a:00:dd:77:9b:10:34:18:80:db:66:c0:b1:87:ea:5b:c6:
31:66:72:63:25:e6:49:7c:d0:03:4d:3f:6e:90:ed:e0:cc:e5:
72:64:3c:a7:7e:d5:c5:b9:8c:4a:45:2a:64:52:e2:ff:ac:72:
21:48:4a:b4:f5:40:c8:71:6a:b4:40:c5:78:6d:c8:68:73:5a:
1d:e9:cf:0d:f3:ae:93:56:43:a4:a2:41:0a:42:8c:8a:61:fa:
41:8e:ff:37:92:70:53:45:20:5f:26:06:4c:a0:5c:b7:65:d5:
dc:a4:e3:b5:e9:b4:8c:fc:76:cd:4d:69:a4:f2:e6:89:97:c0:
f9:34:69:04:b6:f0:7b:04:44:97:7b:ec:f9:de:f5:be:e6:50:
15:77:53:a6:44:9a:31:d9:39:63:da:1f:9e:5f:3b:b1:e0:7c:
33:2a:c9:15:b1:0f:3a:7c:fd:0b:66:7f:53:fa:a0:7c:e5:b0:
31:55:45:81:c3:90:89:51:1d:02:91:8e:7b:0a:9a:fe:72:77:
1c:41:d6:c6:f1:21:4b:2a:0f:a4:dd:1b:90:9f:e2:ab:2a:20:
eb:9d:39:63:b3:3b:16:3b:7d:d7:fe:2c:36:b1:14:cb:21:5e:
6d:59:9f:8d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTnIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMw
NDIzNDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUzRDUxNkI3ODMwNkM3
RDY3RUY1NDM0MzBGMEFEMzA1RjkyQkUxNzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxhHfU0bWjcJwYzo0neQZZMkCapBogYh5LDzPHyNiDxIOZ7W0J
LLocNNmWUA7HiYpukvkWC3yahUvkBeTauO1PYFH+LbTkH+xYfgUeU2Vilr7qn1w/
E7q697vgEbGuFczjUl3BmamrW1nRl4RPs2Y+EUZEpd2bYfCkRxCV8epqXvYZ6/Ad
6ZoSQIeNCoslpcfID3rQkHAUIeAgBTCJRLF7KMKkslLD0zlVlbYLkmSMLU5k20n9
e4qjwSxNo7vd+E2M+adZ80BufDF9bru9eMnnSNHvNl6M/+CGM0rVVo8j6lJ/CHmn
JUQg/i9trgdv/wsgbddSbtByq353aBoKd6GHAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU49UWt4MGx9Z+9UNDDwrTBfkr4XAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzQ5VVd0NE1HeDlaLTlV
TkREd3JUQmZrcjRYQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAXja7qzn5J+Us4FtYof0uLOJ+PpoA3Xeb
EDQYgNtmwLGH6lvGMWZyYyXmSXzQA00/bpDt4MzlcmQ8p37VxbmMSkUqZFLi/6xy
IUhKtPVAyHFqtEDFeG3IaHNaHenPDfOuk1ZDpKJBCkKMimH6QY7/N5JwU0UgXyYG
TKBct2XV3KTjtem0jPx2zU1ppPLmiZfA+TRpBLbwewREl3vs+d71vuZQFXdTpkSa
Mdk5Y9ofnl87seB8MyrJFbEPOnz9C2Z/U/qgfOWwMVVFgcOQiVEdApGOewqa/nJ3
HEHWxvEhSyoPpN0bkJ/iqyog6505Y7M7Fjt91/4sNrEUyyFebVmfjQ==
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:20:34 2025 by rpki-client