Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AYMOzvx59N21eAH7_m97TthF0hE.roa
File: AYMOzvx59N21eAH7_m97TthF0hE.roa (raw, json)
Hash identifier: dGuuQkXWSSRLCSKtRLAapljk7FzNb6x4356E7dfbYp0=
Subject key identifier: 01:83:0E:CE:FC:79:F4:DD:B5:78:01:FB:FE:6F:7B:4E:D8:45:D2:11
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C2E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AYMOzvx59N21eAH7_m97TthF0hE.roa
Signing time: Tue 30 Apr 2024 03:53:33 +0000
ROA not before: Tue 30 Apr 2024 03:53:33 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19502 (0x4c2e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 03:53:33 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=01830ECEFC79F4DDB57801FBFE6F7B4ED845D211
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:65:c2:69:9e:ba:a6:57:ea:73:10:e1:ed:d9:
de:05:13:2a:6b:1c:aa:62:9e:46:5b:6a:0d:33:5a:
33:0a:9e:a3:4e:7c:82:50:62:22:56:35:49:89:2b:
d7:5a:35:79:3e:2f:8f:7c:05:8a:6f:7a:8b:1a:9b:
69:06:b4:98:a0:42:c3:7b:ab:d3:d8:78:d9:0a:77:
35:b7:66:f6:8a:81:5b:89:f3:47:bd:c4:12:8e:cb:
6e:88:6d:c8:dc:d2:d6:4a:2b:9e:ca:20:a6:ae:fe:
9f:9e:e7:48:29:e3:9e:7c:f3:9c:42:a5:1e:f1:40:
8f:ba:72:2d:3c:8e:9f:50:7d:88:d5:a5:77:fc:bc:
d1:02:1d:63:43:15:ff:a6:50:1a:10:05:67:49:54:
9d:2f:31:7e:b3:2e:81:f5:0e:b0:1f:83:64:05:a3:
04:5d:0e:b9:58:3d:01:b4:88:2c:ad:ef:1d:ba:4e:
29:d3:3e:e8:9a:ff:04:5e:66:c5:da:45:7e:2d:52:
ac:b2:97:7d:19:d5:65:5b:e7:2d:ac:62:d5:ee:d1:
ef:56:20:f8:ac:52:85:a2:03:67:15:75:f9:c0:02:
63:d6:51:d8:bc:81:4e:09:e8:69:38:88:e2:bf:23:
34:26:6f:ec:c3:6b:23:9b:6e:17:64:5d:ba:46:8f:
37:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:83:0E:CE:FC:79:F4:DD:B5:78:01:FB:FE:6F:7B:4E:D8:45:D2:11
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AYMOzvx59N21eAH7_m97TthF0hE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2b:7c:82:24:4d:3f:cf:79:da:19:c1:83:a5:53:54:10:e7:ef:
7c:c0:cb:7e:46:0e:21:76:8d:43:44:29:f9:c7:9c:e6:33:49:
6c:38:6d:37:ca:19:e9:e7:53:61:f7:1e:6d:0e:d3:a4:98:e0:
04:25:2b:22:b4:1a:a3:ce:f8:6b:1b:6e:84:48:b0:fc:49:f0:
bc:db:d3:d2:9b:40:9c:89:8d:54:27:95:a3:f1:aa:32:ac:fb:
49:17:e9:ef:66:2d:94:62:78:98:91:c4:fd:ea:84:6a:b8:c6:
88:f4:13:67:8f:a4:49:d5:45:68:f4:0a:0c:5b:f0:6f:4c:d0:
0a:12:da:df:2b:56:01:3f:a8:5d:0e:96:4e:06:d2:5c:91:cc:
ba:d0:96:dd:85:91:1e:01:9f:aa:38:64:50:e0:c5:22:e4:f1:
d9:ce:7d:27:c6:06:9d:ea:70:c8:d0:d7:86:90:ce:24:7d:e7:
2c:2c:3e:07:b4:ac:4c:58:5e:f2:b9:fb:7a:14:83:61:52:e6:
c1:74:a5:2f:51:66:65:60:42:90:ad:e0:f8:2f:33:17:76:4c:
5c:b3:83:24:f5:e0:cb:dd:22:ab:74:c7:94:df:a6:b1:70:e1:
8d:3e:10:1b:b1:66:93:5b:bc:b7:9b:0e:e5:43:8a:e7:13:d2:
87:ce:24:94
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTC4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAw
MzUzMzNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAxODMwRUNFRkM3OUY0
RERCNTc4MDFGQkZFNkY3QjRFRDg0NUQyMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWZcJpnrqmV+pzEOHt2d4FEyprHKpinkZbag0zWjMKnqNOfIJQ
YiJWNUmJK9daNXk+L498BYpveosam2kGtJigQsN7q9PYeNkKdzW3ZvaKgVuJ80e9
xBKOy26Ibcjc0tZKK57KIKau/p+e50gp455885xCpR7xQI+6ci08jp9QfYjVpXf8
vNECHWNDFf+mUBoQBWdJVJ0vMX6zLoH1DrAfg2QFowRdDrlYPQG0iCyt7x26TinT
Puia/wReZsXaRX4tUqyyl30Z1WVb5y2sYtXu0e9WIPisUoWiA2cVdfnAAmPWUdi8
gU4J6Gk4iOK/IzQmb+zDayObbhdkXbpGjzdBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUAYMOzvx59N21eAH7/m97TthF0hEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FZTU96dng1OU4yMWVB
SDdfbTk3VHRoRjBoRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAK3yCJE0/z3naGcGDpVNUEOfvfMDLfkYO
IXaNQ0Qp+cec5jNJbDhtN8oZ6edTYfcebQ7TpJjgBCUrIrQao874axtuhEiw/Enw
vNvT0ptAnImNVCeVo/GqMqz7SRfp72YtlGJ4mJHE/eqEarjGiPQTZ4+kSdVFaPQK
DFvwb0zQChLa3ytWAT+oXQ6WTgbSXJHMutCW3YWRHgGfqjhkUODFIuTx2c59J8YG
nepwyNDXhpDOJH3nLCw+B7SsTFhe8rn7ehSDYVLmwXSlL1FmZWBCkK3g+C8zF3ZM
XLODJPXgy90iq3THlN+msXDhjT4QG7Fmk1u8t5sO5UOK5xPSh84klA==
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:48:43 2025 by rpki-client