Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/63zBv-2-yCW1aX_cyMZLVvbjo30.roa
File: 63zBv-2-yCW1aX_cyMZLVvbjo30.roa (raw, json)
Hash identifier: X72UwUoLBLQwkFyUTRW6zFqbkP6Y18uAcypk1LxQ0Uo=
Subject key identifier: EB:7C:C1:BF:ED:BE:C8:25:B5:69:7F:DC:C8:C6:4B:56:F6:E3:A3:7D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E16
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/63zBv-2-yCW1aX_cyMZLVvbjo30.roa
Signing time: Thu 11 Apr 2024 08:52:45 +0000
ROA not before: Thu 11 Apr 2024 08:52:45 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15894 (0x3e16)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 08:52:45 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EB7CC1BFEDBEC825B5697FDCC8C64B56F6E3A37D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:b3:21:7c:ea:1f:7a:da:b7:63:45:6c:8e:66:
87:e6:51:73:a5:19:82:05:14:38:92:92:90:92:ec:
eb:b9:52:a9:f9:1c:bd:7c:64:61:c9:1f:5f:52:03:
b7:40:64:9b:02:a8:20:68:83:f8:1b:6f:35:aa:b4:
d1:5d:95:99:31:26:b2:6c:5e:40:19:42:31:60:73:
04:d0:de:75:d2:39:e5:70:71:2f:54:61:56:de:3d:
5b:fe:72:9a:7b:85:e5:5a:2f:b5:de:38:1a:a9:d1:
63:b6:d9:b0:b3:aa:2b:1c:d2:3c:5d:bb:a4:c1:b8:
d6:1c:8e:d6:d5:de:9e:3d:74:27:9b:fb:3b:1e:27:
1b:59:e3:9f:0c:24:0b:de:bd:8a:c7:47:59:44:e6:
cc:30:ad:d5:00:62:d3:44:0f:18:91:e8:41:ab:e6:
4b:ed:16:cb:17:4c:84:19:34:77:a6:b1:87:64:27:
7b:4b:8c:26:8c:4a:23:f7:b1:db:d3:d7:a0:30:b6:
44:20:7d:ae:02:27:8e:d4:07:80:85:76:1d:c2:e4:
3f:55:27:cc:44:3f:aa:3f:b5:1d:e6:fc:9d:4e:92:
5a:cd:dd:d9:c3:cd:2b:58:7c:c8:28:4d:d0:0e:ec:
f8:c0:cb:ec:fd:26:6f:a3:7c:92:20:56:d7:f2:19:
72:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:7C:C1:BF:ED:BE:C8:25:B5:69:7F:DC:C8:C6:4B:56:F6:E3:A3:7D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/63zBv-2-yCW1aX_cyMZLVvbjo30.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
35:34:bb:10:1a:89:61:a2:c8:63:f6:98:e6:68:0e:59:45:16:
a1:46:b2:ab:80:0f:e6:bb:61:9b:0b:fc:1b:c4:db:2f:da:01:
10:a4:a2:b9:6a:d5:f3:9d:e0:b1:cf:50:24:10:fa:c8:fc:c8:
e5:ec:a0:28:cc:ec:a5:b6:ab:6f:65:82:4b:9e:dd:d7:bd:86:
f2:e8:2f:aa:1c:24:3a:48:45:13:d9:58:de:fd:3e:6a:a8:d1:
ad:7c:b7:aa:22:df:45:41:07:60:0e:0b:b0:06:82:6d:cb:8c:
b2:13:07:7a:a4:36:9b:2a:10:6b:38:a2:8d:69:70:98:1e:88:
c3:98:e3:2a:1c:6f:cb:f3:ef:26:c5:63:a4:da:85:be:37:86:
dd:fe:7f:4c:ac:46:0a:63:c9:14:ee:55:62:0d:34:27:a0:80:
10:b7:3e:70:20:61:83:95:55:bc:06:93:4b:10:02:0b:c7:09:
90:e0:d3:68:ec:b8:f3:88:5a:35:02:6d:1e:30:ef:aa:37:da:
2a:f5:fc:7f:41:0e:49:d6:56:4b:3d:01:82:5c:fe:8d:67:0e:
ad:80:e8:8e:0b:ca:a8:dd:0a:6c:ab:14:fc:3d:04:a5:ef:4b:
99:62:97:3b:90:3a:00:8c:c2:8a:c0:39:8e:c3:10:7a:c7:38:
2c:c9:71:68
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPhYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEw
ODUyNDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVCN0NDMUJGRURCRUM4
MjVCNTY5N0ZEQ0M4QzY0QjU2RjZFM0EzN0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6syF86h962rdjRWyOZofmUXOlGYIFFDiSkpCS7Ou5Uqn5HL18
ZGHJH19SA7dAZJsCqCBog/gbbzWqtNFdlZkxJrJsXkAZQjFgcwTQ3nXSOeVwcS9U
YVbePVv+cpp7heVaL7XeOBqp0WO22bCzqisc0jxdu6TBuNYcjtbV3p49dCeb+zse
JxtZ458MJAvevYrHR1lE5swwrdUAYtNEDxiR6EGr5kvtFssXTIQZNHemsYdkJ3tL
jCaMSiP3sdvT16AwtkQgfa4CJ47UB4CFdh3C5D9VJ8xEP6o/tR3m/J1OklrN3dnD
zStYfMgoTdAO7PjAy+z9Jm+jfJIgVtfyGXI3AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU63zBv+2+yCW1aX/cyMZLVvbjo30wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzYzekJ2LTIteUNXMWFY
X2N5TVpMVnZiam8zMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEANTS7EBqJYaLIY/aY5mgOWUUWoUayq4AP
5rthmwv8G8TbL9oBEKSiuWrV853gsc9QJBD6yPzI5eygKMzspbarb2WCS57d172G
8ugvqhwkOkhFE9lY3v0+aqjRrXy3qiLfRUEHYA4LsAaCbcuMshMHeqQ2myoQazii
jWlwmB6Iw5jjKhxvy/PvJsVjpNqFvjeG3f5/TKxGCmPJFO5VYg00J6CAELc+cCBh
g5VVvAaTSxACC8cJkODTaOy484haNQJtHjDvqjfaKvX8f0EOSdZWSz0Bglz+jWcO
rYDojgvKqN0KbKsU/D0Epe9LmWKXO5A6AIzCisA5jsMQesc4LMlxaA==
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:19:42 2025 by rpki-client