Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8DSrPeTmYuaSKK5NIppJzJpxNTE.roa
File: 8DSrPeTmYuaSKK5NIppJzJpxNTE.roa (raw, json)
Hash identifier: Fs4EqEIsxQgWxLp/9kpKqScFp1Zwf0aeEdHc/AneJk4=
Subject key identifier: F0:34:AB:3D:E4:E6:62:E6:92:28:AE:4D:22:9A:49:CC:9A:71:35:31
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3DF6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8DSrPeTmYuaSKK5NIppJzJpxNTE.roa
Signing time: Thu 11 Apr 2024 04:53:11 +0000
ROA not before: Thu 11 Apr 2024 04:53:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15862 (0x3df6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 04:53:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F034AB3DE4E662E69228AE4D229A49CC9A713531
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:1f:b1:1a:07:7c:43:74:0e:2d:b7:75:b8:d0:
9c:a2:31:37:a1:b7:3c:95:f4:06:d5:df:7f:79:bd:
16:b1:10:4f:f5:97:9a:7c:c6:a0:1c:d8:8e:19:23:
fa:da:d2:f2:af:10:4c:79:8c:63:4c:45:19:8d:8d:
0f:cb:61:9a:35:a8:b0:97:85:e6:b1:7a:3f:de:f6:
d6:61:b9:b1:3b:8f:d3:11:b9:4b:ce:2e:61:e8:56:
92:ba:9f:50:85:72:1a:5b:b4:33:72:8f:bb:24:29:
87:ce:08:95:bb:79:34:95:1b:d4:97:2a:20:88:51:
1c:52:6f:d3:82:93:65:a3:ba:db:f7:51:35:2b:16:
27:64:db:80:49:98:46:28:ef:d3:39:4b:81:a3:ce:
2e:3b:6a:04:d5:84:85:dc:3a:04:bf:77:46:cb:a1:
e4:3c:36:76:7c:a2:b1:5c:e0:c1:17:4b:42:08:f5:
e4:6a:3b:5d:bc:6d:9c:94:2d:21:7c:71:c5:88:c1:
0a:16:7f:05:42:15:85:b8:a4:33:8a:85:98:fc:32:
51:48:6d:7f:f7:cd:44:ee:74:7f:c0:84:51:15:d6:
fe:4d:ef:96:10:4b:4e:f3:5c:5f:bf:f7:d9:3f:73:
24:00:4f:44:80:68:36:6f:f3:0a:ba:ed:e9:90:c9:
2b:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:34:AB:3D:E4:E6:62:E6:92:28:AE:4D:22:9A:49:CC:9A:71:35:31
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8DSrPeTmYuaSKK5NIppJzJpxNTE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
01:6b:36:29:f7:82:d8:ac:3c:c7:95:95:8b:30:d0:81:9d:da:
a4:fd:7b:7b:c2:ec:76:e3:eb:3c:04:02:02:95:88:3e:ee:c7:
4b:97:84:1c:a8:ef:e8:17:b4:d3:31:5f:db:ae:b6:a5:bd:fa:
87:f4:b5:f5:09:fc:82:42:9a:1c:86:c8:78:cb:0c:f4:32:e4:
2f:6d:97:0c:5a:c3:ba:b4:16:e5:4d:cf:71:94:2b:a4:f9:ad:
74:70:f8:2d:ac:be:36:96:aa:b7:93:8b:39:52:c8:e1:ea:ec:
01:2d:34:17:25:ed:85:9c:28:d8:36:64:ab:6f:85:62:be:ed:
fe:ea:74:cf:20:50:24:97:b0:21:c8:5f:30:26:19:3e:b5:fb:
ab:57:e2:19:23:9f:4f:78:76:33:3b:39:8d:48:7a:75:36:6e:
33:9e:70:f8:54:1f:69:7d:ea:1e:82:fd:8e:c2:cd:44:77:01:
d9:c5:9a:43:b7:82:2c:8d:da:35:f2:f9:17:29:fe:23:42:b5:
53:91:0e:4a:80:ce:d5:59:04:1d:df:1a:5c:57:19:47:8c:fb:
83:f0:13:fa:b3:dc:f3:00:68:54:67:88:5a:5c:2b:28:92:a3:
63:3d:87:9e:b6:fb:39:a9:4d:24:68:5c:4d:b3:d9:35:35:4c:
5d:6d:2e:8b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPfYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEw
NDUzMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEYwMzRBQjNERTRFNjYy
RTY5MjI4QUU0RDIyOUE0OUNDOUE3MTM1MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCH7EaB3xDdA4tt3W40JyiMTehtzyV9AbV3395vRaxEE/1l5p8
xqAc2I4ZI/ra0vKvEEx5jGNMRRmNjQ/LYZo1qLCXheaxej/e9tZhubE7j9MRuUvO
LmHoVpK6n1CFchpbtDNyj7skKYfOCJW7eTSVG9SXKiCIURxSb9OCk2Wjutv3UTUr
Fidk24BJmEYo79M5S4Gjzi47agTVhIXcOgS/d0bLoeQ8NnZ8orFc4MEXS0II9eRq
O128bZyULSF8ccWIwQoWfwVCFYW4pDOKhZj8MlFIbX/3zUTudH/AhFEV1v5N75YQ
S07zXF+/99k/cyQAT0SAaDZv8wq67emQySu3AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU8DSrPeTmYuaSKK5NIppJzJpxNTEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhEU3JQZVRtWXVhU0tL
NU5JcHBKekpweE5URS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAAWs2KfeC2Kw8x5WVizDQgZ3apP17e8Ls
duPrPAQCApWIPu7HS5eEHKjv6Be00zFf2662pb36h/S19Qn8gkKaHIbIeMsM9DLk
L22XDFrDurQW5U3PcZQrpPmtdHD4Lay+Npaqt5OLOVLI4ersAS00FyXthZwo2DZk
q2+FYr7t/up0zyBQJJewIchfMCYZPrX7q1fiGSOfT3h2Mzs5jUh6dTZuM55w+FQf
aX3qHoL9jsLNRHcB2cWaQ7eCLI3aNfL5Fyn+I0K1U5EOSoDO1VkEHd8aXFcZR4z7
g/AT+rPc8wBoVGeIWlwrKJKjYz2Hnrb7OalNJGhcTbPZNTVMXW0uiw==
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:06:23 2025 by rpki-client