Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BMoLHxbwuhy1Zgilm56BjJALqu4.roa
File: BMoLHxbwuhy1Zgilm56BjJALqu4.roa (raw, json)
Hash identifier: lYC2/9R6Q5fHzAuZ7tAswf5mHDYnh36kyZp5DAPO+qU=
Subject key identifier: 04:CA:0B:1F:16:F0:BA:1C:B5:66:08:A5:9B:9E:81:8C:90:0B:AA:EE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3646
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BMoLHxbwuhy1Zgilm56BjJALqu4.roa
Signing time: Sun 31 Mar 2024 22:52:10 +0000
ROA not before: Sun 31 Mar 2024 22:52:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13894 (0x3646)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 22:52:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=04CA0B1F16F0BA1CB56608A59B9E818C900BAAEE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:13:8e:82:9c:07:c1:8f:ca:19:97:25:45:62:
9e:dd:48:49:bc:40:4a:3f:db:74:51:38:4c:87:fc:
05:3e:7c:77:f0:c3:3b:cc:b4:c0:12:b5:9d:9a:0f:
5c:3f:80:01:7d:4e:4e:7f:eb:70:03:d3:1f:f2:59:
e2:3a:da:59:f4:13:6b:e3:05:41:66:24:91:ad:3b:
f7:f2:87:65:6f:3a:e3:6a:a3:47:36:2f:76:8f:52:
e1:40:30:39:67:d1:1d:a5:07:66:5b:b5:7f:bb:3d:
f5:f7:d7:04:e0:ab:1d:3b:2e:e6:2b:65:2d:69:bd:
a7:d5:1b:bf:ad:7b:51:ae:de:1f:ab:59:49:7c:d8:
cd:ea:c0:e0:2f:36:9f:87:52:be:8f:cf:bb:d4:66:
63:20:da:28:32:bc:01:99:de:49:6f:b9:81:fa:d1:
85:f0:5b:ca:46:11:8b:e5:77:4b:a1:3d:35:4f:4b:
46:1f:39:9f:10:03:08:2e:a4:af:a8:2b:6d:99:45:
9e:86:fa:ed:e1:4f:7f:9f:38:4c:07:ef:e9:ca:ee:
9b:01:7f:7c:2b:e6:12:4e:eb:96:4e:cc:bd:3b:da:
80:cd:45:23:0c:a4:13:e5:b1:53:3a:4b:51:d8:d8:
72:e9:27:b8:1b:d9:4d:2d:0e:65:2a:3b:eb:b5:ac:
94:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:CA:0B:1F:16:F0:BA:1C:B5:66:08:A5:9B:9E:81:8C:90:0B:AA:EE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BMoLHxbwuhy1Zgilm56BjJALqu4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4b:2b:55:96:86:c9:bf:34:22:d8:8b:14:c2:aa:bb:41:b7:da:
24:c0:1f:14:34:3b:77:38:77:87:a0:e4:15:b4:69:25:02:2b:
ad:17:ef:d6:8e:3c:6a:bf:1f:af:af:00:6f:46:14:7d:61:d3:
75:55:dd:65:9e:09:da:5a:02:45:4b:9a:b8:05:ef:0a:88:3d:
4d:61:8d:1f:c3:3b:37:b5:6c:ea:a8:d2:43:20:ef:15:ea:2c:
74:c8:62:c9:ac:4b:d1:02:4f:09:39:57:e8:45:bb:d2:e0:8b:
4a:da:f9:18:ec:56:f7:17:8b:4f:f2:45:69:00:1c:b9:e2:c4:
89:98:a5:f6:c7:53:2d:15:da:d7:d9:59:a0:29:33:b5:38:9a:
f5:c4:b4:bb:56:0a:4a:d0:1f:68:c7:89:5d:b9:5e:58:04:3a:
dc:67:9d:e9:6d:75:98:ff:75:63:47:8e:fc:12:14:49:03:3d:
ac:00:94:dd:0f:4b:ad:f2:8e:9a:3d:3d:ce:2e:35:e5:18:1f:
fb:dc:c6:54:2e:75:31:aa:84:56:66:32:a7:0d:15:55:68:31:
57:bb:7f:b4:dd:2b:22:d5:65:40:cb:f7:57:88:78:a6:f7:3a:
ab:b7:ee:c1:b1:8f:ff:c9:37:e1:34:78:6f:57:4e:fe:c5:31:
1e:eb:d0:d8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNkYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEy
MjUyMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA0Q0EwQjFGMTZGMEJB
MUNCNTY2MDhBNTlCOUU4MThDOTAwQkFBRUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCE46CnAfBj8oZlyVFYp7dSEm8QEo/23RROEyH/AU+fHfwwzvM
tMAStZ2aD1w/gAF9Tk5/63AD0x/yWeI62ln0E2vjBUFmJJGtO/fyh2VvOuNqo0c2
L3aPUuFAMDln0R2lB2ZbtX+7PfX31wTgqx07LuYrZS1pvafVG7+te1Gu3h+rWUl8
2M3qwOAvNp+HUr6Pz7vUZmMg2igyvAGZ3klvuYH60YXwW8pGEYvld0uhPTVPS0Yf
OZ8QAwgupK+oK22ZRZ6G+u3hT3+fOEwH7+nK7psBf3wr5hJO65ZOzL072oDNRSMM
pBPlsVM6S1HY2HLpJ7gb2U0tDmUqO+u1rJQLAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUBMoLHxbwuhy1Zgilm56BjJALqu4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JNb0xIeGJ3dWh5MVpn
aWxtNTZCakpBTHF1NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEASytVlobJvzQi2IsUwqq7QbfaJMAfFDQ7
dzh3h6DkFbRpJQIrrRfv1o48ar8fr68Ab0YUfWHTdVXdZZ4J2loCRUuauAXvCog9
TWGNH8M7N7Vs6qjSQyDvFeosdMhiyaxL0QJPCTlX6EW70uCLStr5GOxW9xeLT/JF
aQAcueLEiZil9sdTLRXa19lZoCkztTia9cS0u1YKStAfaMeJXbleWAQ63Ged6W11
mP91Y0eO/BIUSQM9rACU3Q9LrfKOmj09zi415Rgf+9zGVC51MaqEVmYypw0VVWgx
V7t/tN0rItVlQMv3V4h4pvc6q7fuwbGP/8k34TR4b1dO/sUxHuvQ2A==
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:54:00 2025 by rpki-client