Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Br20aYPkcKwvLyfEMntYcKjxZjk.roa
File: Br20aYPkcKwvLyfEMntYcKjxZjk.roa (raw, json)
Hash identifier: fxDWint65Pl2wms0Ecmne3pIXi4YqQgMdD/EAvZM3uU=
Subject key identifier: 06:BD:B4:69:83:E4:70:AC:2F:2F:27:C4:32:7B:58:70:A8:F1:66:39
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 43C6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Br20aYPkcKwvLyfEMntYcKjxZjk.roa
Signing time: Thu 18 Apr 2024 22:53:24 +0000
ROA not before: Thu 18 Apr 2024 22:53:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17350 (0x43c6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 22:53:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=06BDB46983E470AC2F2F27C4327B5870A8F16639
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:4a:d1:50:43:0f:a6:b2:d0:7f:65:2c:a2:d8:
3e:c1:23:b1:5b:98:75:a9:3d:82:0e:be:d7:fe:e9:
ba:7e:2d:fe:fe:e3:7c:d7:09:cd:e3:ce:fa:3e:62:
e4:99:81:2c:82:df:23:53:fb:3a:5b:07:e7:92:87:
af:2e:b0:0c:f9:51:e1:c5:c9:24:38:94:73:83:72:
87:41:35:d0:ea:3e:34:ec:79:50:06:6a:cc:5e:4f:
d3:f1:0b:25:f0:ad:e5:58:17:06:b5:46:7d:fb:fc:
4e:bc:f2:e8:71:95:c7:ec:dd:65:5e:37:1d:70:bb:
e2:39:7e:8e:6d:4d:60:6a:44:4d:27:33:9c:cf:c8:
f7:59:07:32:67:5c:72:83:8c:3b:b5:7a:97:76:26:
2b:dd:81:3c:eb:9f:5f:bd:30:b3:f9:90:cf:1e:58:
b3:4b:ae:4f:ad:5c:05:6f:d5:43:af:93:f0:66:08:
c4:42:69:1b:76:2e:1d:b8:a2:71:87:6f:a7:5a:43:
25:ce:3d:31:9c:b7:2f:5d:ac:e5:88:3d:95:a8:ef:
91:74:f5:dc:24:d6:42:95:22:b1:76:fd:d0:4b:c0:
1c:a8:83:bb:6f:4a:9d:d6:1a:5e:59:bc:d8:01:30:
65:a7:47:80:8e:ea:fb:d9:aa:67:2f:3f:fe:b6:94:
c6:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:BD:B4:69:83:E4:70:AC:2F:2F:27:C4:32:7B:58:70:A8:F1:66:39
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Br20aYPkcKwvLyfEMntYcKjxZjk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
77:9a:4c:1f:92:b7:bd:cd:bb:8c:d7:ea:4a:29:bd:cb:8d:42:
39:18:67:e4:01:62:e1:0d:ab:85:c1:0b:6d:05:d9:1d:65:79:
dd:b5:e2:10:aa:1a:7d:69:16:14:be:c5:bb:e7:0b:8e:06:26:
e7:dd:c3:88:67:72:3f:79:a4:b0:94:8f:dc:e4:da:fb:33:5b:
84:f1:c6:2e:c5:36:b2:e7:22:d2:8c:a6:2d:dd:0c:56:d6:ca:
6d:e1:b9:e7:4d:76:64:e4:66:55:8f:7c:56:ad:8e:0c:e4:cb:
50:3d:60:b5:0c:16:33:55:21:93:c2:58:f3:b5:d7:d6:39:00:
3b:50:aa:75:69:ee:24:b1:17:5f:87:39:e4:00:0b:f3:76:1b:
27:9a:8c:a2:ad:3c:82:61:fa:cb:4a:20:a2:0d:a0:32:c6:03:
a9:e6:4e:b6:6a:60:ca:71:2b:a4:8b:d4:d3:ef:ec:ce:bc:7e:
75:22:8d:d2:99:8c:3e:45:64:cf:3f:a3:67:0b:d5:6e:5c:93:
19:27:89:7e:39:22:08:69:ae:f8:f3:40:13:71:cf:fd:fc:b9:
71:97:3c:ce:c0:45:0c:70:eb:65:5c:6e:65:f9:15:3c:fa:fe:
c6:f8:9f:2e:a1:eb:94:65:78:9f:01:8a:f5:ef:6b:2c:e5:e8:
b4:a7:2a:ce
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQ8YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgy
MjUzMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA2QkRCNDY5ODNFNDcw
QUMyRjJGMjdDNDMyN0I1ODcwQThGMTY2MzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVStFQQw+mstB/ZSyi2D7BI7FbmHWpPYIOvtf+6bp+Lf7+43zX
Cc3jzvo+YuSZgSyC3yNT+zpbB+eSh68usAz5UeHFySQ4lHODcodBNdDqPjTseVAG
asxeT9PxCyXwreVYFwa1Rn37/E688uhxlcfs3WVeNx1wu+I5fo5tTWBqRE0nM5zP
yPdZBzJnXHKDjDu1epd2JivdgTzrn1+9MLP5kM8eWLNLrk+tXAVv1UOvk/BmCMRC
aRt2Lh24onGHb6daQyXOPTGcty9drOWIPZWo75F09dwk1kKVIrF2/dBLwByog7tv
Sp3WGl5ZvNgBMGWnR4CO6vvZqmcvP/62lMYjAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUBr20aYPkcKwvLyfEMntYcKjxZjkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JyMjBhWVBrY0t3dkx5
ZkVNbnRZY0tqeFpqay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAd5pMH5K3vc27jNfqSim9y41CORhn5AFi
4Q2rhcELbQXZHWV53bXiEKoafWkWFL7Fu+cLjgYm593DiGdyP3mksJSP3OTa+zNb
hPHGLsU2suci0oymLd0MVtbKbeG55012ZORmVY98Vq2ODOTLUD1gtQwWM1Uhk8JY
87XX1jkAO1CqdWnuJLEXX4c55AAL83YbJ5qMoq08gmH6y0ogog2gMsYDqeZOtmpg
ynErpIvU0+/szrx+dSKN0pmMPkVkzz+jZwvVblyTGSeJfjkiCGmu+PNAE3HP/fy5
cZc8zsBFDHDrZVxuZfkVPPr+xvifLqHrlGV4nwGK9e9rLOXotKcqzg==
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:20:27 2025 by rpki-client