Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7kpWDEt1y3tKxhV1Bs8iN7xKFP8.roa
File: 7kpWDEt1y3tKxhV1Bs8iN7xKFP8.roa (raw, json)
Hash identifier: Y5p/iozbC3RFKiQ34S6PYrF41ma+VSVlADw759B2QDI=
Subject key identifier: EE:4A:56:0C:4B:75:CB:7B:4A:C6:15:75:06:CF:22:37:BC:4A:14:FF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C46
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7kpWDEt1y3tKxhV1Bs8iN7xKFP8.roa
Signing time: Mon 08 Apr 2024 22:52:40 +0000
ROA not before: Mon 08 Apr 2024 22:52:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15430 (0x3c46)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 22:52:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EE4A560C4B75CB7B4AC6157506CF2237BC4A14FF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:48:61:97:45:d3:d3:5a:dd:cb:6d:6f:52:03:
3c:7a:59:6e:ec:13:45:79:04:1d:b4:8a:62:9e:05:
62:fb:3a:b0:4b:4b:e1:28:b7:e4:58:83:c3:c2:06:
90:47:b8:ba:16:9b:46:b3:bb:a0:bd:44:2c:91:9d:
ea:c7:ca:c3:8e:83:18:b1:8a:03:1b:49:8d:40:42:
15:a1:a5:27:cb:fd:5b:c7:ab:ca:ff:71:a9:1e:27:
91:3d:12:d4:64:d2:00:28:6e:55:08:2a:fb:89:b3:
91:bf:df:69:0e:58:9e:82:dd:7f:0b:d4:10:f3:cf:
c5:d4:33:3f:0f:58:65:1a:6a:7d:44:10:cc:c0:b7:
ea:2e:8e:ae:46:b0:2b:bb:58:8b:ba:67:39:ff:3a:
99:74:bb:67:89:24:95:c8:7f:d9:9a:3c:9a:9c:2e:
84:71:a8:75:df:ab:67:5c:d8:03:ba:02:45:d8:a1:
4d:09:ec:ed:77:7c:a9:1a:11:68:af:a6:cc:0f:60:
d6:dc:d0:16:d3:c1:8d:a9:f9:fd:80:f8:85:7c:63:
3a:3a:57:98:b9:49:31:8c:7a:ff:90:5e:57:f5:8f:
09:7b:cb:c6:92:72:31:1b:31:2e:fa:4e:8d:64:78:
50:60:5b:65:27:5d:46:eb:cc:e1:72:3c:7f:f3:de:
57:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:4A:56:0C:4B:75:CB:7B:4A:C6:15:75:06:CF:22:37:BC:4A:14:FF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7kpWDEt1y3tKxhV1Bs8iN7xKFP8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2e:4b:ba:86:3c:96:f0:34:98:f6:71:73:49:07:78:8f:c0:c9:
12:f6:65:f8:6a:fd:b8:ea:ce:b2:02:71:3b:b5:a3:3f:94:dd:
5a:54:7f:38:81:15:51:4e:d9:e8:a9:a4:7d:18:e6:bb:57:ce:
98:60:af:f7:77:d1:67:f9:26:cf:21:7b:75:27:c1:7c:3f:81:
7f:f2:c0:1e:53:54:8f:d1:74:4c:30:35:b7:f7:4b:0a:4d:2e:
4c:4c:9a:4b:28:46:dd:ad:f9:41:e6:a2:33:83:91:8b:dc:1f:
93:99:b4:71:fa:9a:25:7a:78:b7:22:c7:2a:4e:c5:b6:5c:e0:
05:d9:4a:53:dc:fb:7a:3f:29:9e:38:31:a8:43:18:39:25:d7:
35:49:5c:1d:5d:94:9d:15:ca:cc:bf:a3:50:be:1a:18:ae:76:
a4:4e:0c:c3:84:0c:5a:9e:20:4e:1b:bc:b2:af:d9:7c:38:56:
64:3b:67:86:23:4e:a8:85:85:25:09:1b:e7:df:bb:a1:87:a1:
3a:3c:32:4a:a7:a4:c3:ec:f9:de:1f:31:08:ae:ca:6e:13:bb:
0e:63:a8:d1:d1:ce:6c:3d:5b:35:51:9d:9a:06:2e:c0:f7:37:
7a:af:ef:5d:ec:10:66:0f:9f:f2:ca:ba:84:06:21:f0:bf:68:
b0:5b:65:a1
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPEYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgy
MjUyNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVFNEE1NjBDNEI3NUNC
N0I0QUM2MTU3NTA2Q0YyMjM3QkM0QTE0RkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDoSGGXRdPTWt3LbW9SAzx6WW7sE0V5BB20imKeBWL7OrBLS+Eo
t+RYg8PCBpBHuLoWm0azu6C9RCyRnerHysOOgxixigMbSY1AQhWhpSfL/VvHq8r/
cakeJ5E9EtRk0gAoblUIKvuJs5G/32kOWJ6C3X8L1BDzz8XUMz8PWGUaan1EEMzA
t+oujq5GsCu7WIu6Zzn/Opl0u2eJJJXIf9maPJqcLoRxqHXfq2dc2AO6AkXYoU0J
7O13fKkaEWivpswPYNbc0BbTwY2p+f2A+IV8Yzo6V5i5STGMev+QXlf1jwl7y8aS
cjEbMS76To1keFBgW2UnXUbrzOFyPH/z3ledAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU7kpWDEt1y3tKxhV1Bs8iN7xKFP8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdrcFdERXQxeTN0S3ho
VjFCczhpTjd4S0ZQOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEALku6hjyW8DSY9nFzSQd4j8DJEvZl+Gr9
uOrOsgJxO7WjP5TdWlR/OIEVUU7Z6KmkfRjmu1fOmGCv93fRZ/kmzyF7dSfBfD+B
f/LAHlNUj9F0TDA1t/dLCk0uTEyaSyhG3a35QeaiM4ORi9wfk5m0cfqaJXp4tyLH
Kk7FtlzgBdlKU9z7ej8pnjgxqEMYOSXXNUlcHV2UnRXKzL+jUL4aGK52pE4Mw4QM
Wp4gThu8sq/ZfDhWZDtnhiNOqIWFJQkb59+7oYehOjwySqekw+z53h8xCK7KbhO7
DmOo0dHObD1bNVGdmgYuwPc3eq/vXewQZg+f8sq6hAYh8L9osFtloQ==
-----END CERTIFICATE-----
Generated at Sun Jun 22 07:12:20 2025 by rpki-client