Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7TMl2SFxmoiWY0MMPeYuHbo3niQ.roa
File: 7TMl2SFxmoiWY0MMPeYuHbo3niQ.roa (raw, json)
Hash identifier: 6q18zzcCzxZGD73GMJuyKOuO27YkLWUBXC+4xFdXtsw=
Subject key identifier: ED:33:25:D9:21:71:9A:88:96:63:43:0C:3D:E6:2E:1D:BA:37:9E:24
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 40F2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7TMl2SFxmoiWY0MMPeYuHbo3niQ.roa
Signing time: Mon 15 Apr 2024 04:22:52 +0000
ROA not before: Mon 15 Apr 2024 04:22:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16626 (0x40f2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 04:22:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ED3325D921719A889663430C3DE62E1DBA379E24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:c4:ca:61:5d:23:48:fa:2a:cd:58:e9:b9:86:
38:76:73:32:fa:41:1f:fb:95:56:e4:e9:77:6d:f9:
96:75:e5:38:96:cb:b9:e1:50:a8:5a:ee:4d:88:30:
61:e3:b3:e1:10:6f:68:d9:26:44:1c:e8:5a:c5:c8:
d5:3c:98:d7:d9:3f:33:ad:42:22:bb:f2:50:4f:78:
d3:67:0e:8f:8a:44:6a:13:11:f6:02:72:55:08:12:
d3:b5:d5:18:43:ef:30:36:0e:08:a5:6e:9a:18:0b:
f2:af:c9:1c:10:85:0b:65:46:1b:32:29:91:61:f9:
f0:fc:f2:ca:e9:e4:70:7a:11:15:9b:3c:26:fc:a4:
e3:43:bf:74:75:83:9d:69:74:a6:ed:d8:d4:ac:81:
08:93:04:0a:b0:0d:66:c0:67:c3:d6:29:2a:a7:58:
85:1a:74:42:70:30:0c:18:26:82:f4:28:e1:90:15:
73:97:36:f0:be:70:22:a0:95:45:0b:ae:c4:0e:a5:
e0:c8:f8:fe:c8:da:1f:af:1e:98:b5:e9:e7:4d:02:
2b:23:fa:ac:db:1f:08:bf:82:52:1e:12:59:1a:1f:
70:ce:fd:51:55:3e:7a:30:72:e5:df:32:ba:b2:37:
9f:d7:d7:28:a8:81:bd:8e:bf:a1:82:3f:d2:25:4d:
bd:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:33:25:D9:21:71:9A:88:96:63:43:0C:3D:E6:2E:1D:BA:37:9E:24
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7TMl2SFxmoiWY0MMPeYuHbo3niQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1c:89:bb:df:f4:84:97:cc:65:56:69:66:8b:3a:6e:74:d4:c1:
6f:3c:b4:9d:1c:88:0d:e2:92:4e:da:48:b6:d6:6b:37:fe:36:
be:c9:c1:da:3a:a1:39:30:84:d5:49:ea:65:39:e8:e3:a0:a5:
f4:11:61:8d:1e:65:7a:84:e1:ba:1b:d5:f5:38:65:d7:93:17:
c0:86:15:27:64:ad:a5:a6:10:e5:c0:88:fb:02:a9:a1:3f:a8:
94:ef:b6:73:a2:c0:4a:bc:85:22:1c:f9:ce:aa:b1:1e:78:07:
92:48:17:87:57:f9:65:91:b8:f1:e6:5c:d6:dd:b0:fe:2f:72:
57:f6:53:2f:6a:8d:4f:dc:d7:59:5d:bd:6b:2e:24:0b:4e:fe:
41:c2:84:70:cf:a3:f6:79:65:02:55:93:2e:91:c1:c1:60:6f:
34:43:14:4f:d1:68:fb:be:a5:20:7e:a3:40:0e:a0:52:31:e7:
e1:f5:7e:c1:91:9a:c2:1b:3c:b0:77:d6:9b:30:94:ac:9c:b0:
f2:5f:69:e9:56:1d:79:91:a8:94:90:29:c6:7c:f4:c3:80:df:
81:34:5e:05:81:9f:bb:54:07:f8:63:ad:71:09:56:5e:42:99:
ba:70:fa:45:a3:37:1c:fc:d3:cd:a1:07:10:7b:b6:89:08:fc:
40:4d:5f:e9
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQPIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUw
NDIyNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVEMzMyNUQ5MjE3MTlB
ODg5NjYzNDMwQzNERTYyRTFEQkEzNzlFMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAxMphXSNI+irNWOm5hjh2czL6QR/7lVbk6Xdt+ZZ15TiWy7nh
UKha7k2IMGHjs+EQb2jZJkQc6FrFyNU8mNfZPzOtQiK78lBPeNNnDo+KRGoTEfYC
clUIEtO11RhD7zA2DgilbpoYC/KvyRwQhQtlRhsyKZFh+fD88srp5HB6ERWbPCb8
pONDv3R1g51pdKbt2NSsgQiTBAqwDWbAZ8PWKSqnWIUadEJwMAwYJoL0KOGQFXOX
NvC+cCKglUULrsQOpeDI+P7I2h+vHpi16edNAisj+qzbHwi/glIeElkaH3DO/VFV
PnowcuXfMrqyN5/X1yiogb2Ov6GCP9IlTb17AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU7TMl2SFxmoiWY0MMPeYuHbo3niQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdUTWwyU0Z4bW9pV1kw
TU1QZVl1SGJvM25pUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAHIm73/SEl8xlVmlmizpudNTBbzy0nRyI
DeKSTtpIttZrN/42vsnB2jqhOTCE1UnqZTno46Cl9BFhjR5leoThuhvV9Thl15MX
wIYVJ2StpaYQ5cCI+wKpoT+olO+2c6LASryFIhz5zqqxHngHkkgXh1f5ZZG48eZc
1t2w/i9yV/ZTL2qNT9zXWV29ay4kC07+QcKEcM+j9nllAlWTLpHBwWBvNEMUT9Fo
+76lIH6jQA6gUjHn4fV+wZGawhs8sHfWmzCUrJyw8l9p6VYdeZGolJApxnz0w4Df
gTReBYGfu1QH+GOtcQlWXkKZunD6RaM3HPzTzaEHEHu2iQj8QE1f6Q==
-----END CERTIFICATE-----
Generated at Sat Jun 21 12:01:36 2025 by rpki-client