Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DaDxYSKeJEm8aSneHK20-1fDnjw.roa
File: DaDxYSKeJEm8aSneHK20-1fDnjw.roa (raw, json)
Hash identifier: +7C5pUOPNJ/Dnt3Hm8u2SSXCy+rrIn9W1juSB+2mqyc=
Subject key identifier: 0D:A0:F1:61:22:9E:24:49:BC:69:29:DE:1C:AD:B4:FB:57:C3:9E:3C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 454A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DaDxYSKeJEm8aSneHK20-1fDnjw.roa
Signing time: Sat 20 Apr 2024 23:23:06 +0000
ROA not before: Sat 20 Apr 2024 23:23:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17738 (0x454a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 23:23:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0DA0F161229E2449BC6929DE1CADB4FB57C39E3C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:dd:c5:50:bb:27:9e:54:1b:ef:65:bb:fd:58:
34:03:94:cb:12:06:d6:04:08:ff:3e:3d:b2:0d:dc:
44:7b:f9:97:de:73:3a:7d:13:ac:4a:01:d8:37:25:
d6:9e:83:e6:4f:2b:d9:e5:0a:59:f3:ba:fe:61:c0:
c8:d4:d2:fa:9a:c7:c0:e2:4c:22:ee:78:74:0d:8e:
ec:14:90:db:40:8e:18:68:21:57:a2:6f:5b:ae:36:
a9:56:e6:f9:9f:51:e9:c5:c7:36:96:c9:b1:54:d7:
d0:5d:00:56:69:8f:ec:00:e9:34:85:42:84:f9:18:
ac:38:69:3b:66:cb:a7:c6:25:65:9f:ea:e5:38:5f:
6f:d5:20:a4:a1:6b:7a:e1:59:ba:3d:53:1b:92:b1:
21:21:89:80:74:f0:6f:cd:5a:ef:05:d9:e3:62:8f:
a4:d9:99:e7:97:a1:80:b8:3a:28:42:8a:2a:17:8d:
62:28:bd:8e:27:12:77:80:ef:7a:ed:66:33:29:79:
19:cc:c3:e6:54:e5:32:91:6a:c2:2a:e7:13:ba:cb:
a1:2d:1a:67:17:35:54:f8:d3:9a:00:e8:2d:03:82:
b3:ce:c8:27:96:2b:52:a8:8c:83:79:04:52:7d:31:
d0:9f:38:64:b5:7b:ee:be:3b:ac:44:cc:32:4b:04:
79:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:A0:F1:61:22:9E:24:49:BC:69:29:DE:1C:AD:B4:FB:57:C3:9E:3C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DaDxYSKeJEm8aSneHK20-1fDnjw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a7:2d:03:44:71:c2:5c:ca:c1:10:55:15:4b:38:b6:bb:e7:07:
3c:9f:9d:fa:f2:a0:e0:a3:33:14:31:1c:ce:43:b1:74:bd:be:
07:68:71:ba:af:ef:25:ee:3c:cf:5a:d1:91:7e:20:82:04:8a:
53:4e:ff:41:d7:f3:8b:f3:a7:7f:61:a4:7a:ea:51:28:b9:9b:
36:5e:65:4b:1d:8f:0c:1f:8b:5a:04:f6:79:19:e4:a0:2e:64:
bd:54:a0:6e:4d:98:0a:56:3e:7e:9b:b1:b4:b7:b6:91:6d:25:
9c:4f:a7:ac:bd:26:9b:aa:2d:bc:7b:8a:8e:e4:d8:ee:88:f3:
84:52:e7:4b:bf:a6:a9:a9:ec:04:4f:f7:a1:40:12:6c:b4:f6:
ab:42:9f:b3:c4:8c:17:72:d8:bb:ee:8f:4e:de:52:28:e0:5a:
41:b4:e7:8e:f5:4d:22:72:32:cc:aa:12:d1:91:4d:b2:2a:23:
09:02:07:47:34:e1:91:c5:78:58:b9:cc:da:2e:5a:2f:c8:5f:
b8:0d:d7:48:ca:16:86:a2:3c:9c:6e:9f:8b:51:2e:9f:06:09:
a6:2d:2a:02:2a:6a:95:c5:d1:2b:50:00:f1:1e:65:35:ba:4e:
80:8c:7c:1f:72:1f:35:6f:5f:60:b0:f8:6d:f4:c5:5e:7f:30:
38:08:5b:48
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRUowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAy
MzIzMDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBEQTBGMTYxMjI5RTI0
NDlCQzY5MjlERTFDQURCNEZCNTdDMzlFM0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCy3cVQuyeeVBvvZbv9WDQDlMsSBtYECP8+PbIN3ER7+Zfeczp9
E6xKAdg3Jdaeg+ZPK9nlClnzuv5hwMjU0vqax8DiTCLueHQNjuwUkNtAjhhoIVei
b1uuNqlW5vmfUenFxzaWybFU19BdAFZpj+wA6TSFQoT5GKw4aTtmy6fGJWWf6uU4
X2/VIKSha3rhWbo9UxuSsSEhiYB08G/NWu8F2eNij6TZmeeXoYC4OihCiioXjWIo
vY4nEneA73rtZjMpeRnMw+ZU5TKRasIq5xO6y6EtGmcXNVT405oA6C0DgrPOyCeW
K1KojIN5BFJ9MdCfOGS1e+6+O6xEzDJLBHkdAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUDaDxYSKeJEm8aSneHK20+1fDnjwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RhRHhZU0tlSkVtOGFT
bmVISzIwLTFmRG5qdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEApy0DRHHCXMrBEFUVSzi2u+cHPJ+d+vKg
4KMzFDEczkOxdL2+B2hxuq/vJe48z1rRkX4gggSKU07/Qdfzi/Onf2GkeupRKLmb
Nl5lSx2PDB+LWgT2eRnkoC5kvVSgbk2YClY+fpuxtLe2kW0lnE+nrL0mm6otvHuK
juTY7ojzhFLnS7+mqansBE/3oUASbLT2q0Kfs8SMF3LYu+6PTt5SKOBaQbTnjvVN
InIyzKoS0ZFNsiojCQIHRzThkcV4WLnM2i5aL8hfuA3XSMoWhqI8nG6fi1EunwYJ
pi0qAipqlcXRK1AA8R5lNbpOgIx8H3IfNW9fYLD4bfTFXn8wOAhbSA==
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:38:29 2025 by rpki-client