Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DlTI8rMBTct1FO-14qD6Gfgb7yM.roa
File: DlTI8rMBTct1FO-14qD6Gfgb7yM.roa (raw, json)
Hash identifier: F2tC6ZHwjxE2GSuY4PlMK84Dv6RC2AByS98FGdOItmQ=
Subject key identifier: 0E:54:C8:F2:B3:01:4D:CB:75:14:EF:B5:E2:A0:FA:19:F8:1B:EF:23
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 385A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DlTI8rMBTct1FO-14qD6Gfgb7yM.roa
Signing time: Wed 03 Apr 2024 17:22:18 +0000
ROA not before: Wed 03 Apr 2024 17:22:18 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14426 (0x385a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 3 17:22:18 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0E54C8F2B3014DCB7514EFB5E2A0FA19F81BEF23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:7e:be:1c:32:4d:16:93:7d:7f:f2:b8:20:c3:
a9:4c:3c:c8:66:59:03:26:87:9b:1b:68:1e:59:3d:
00:1a:89:c3:7a:97:8f:9d:7e:a6:8a:23:3f:3e:d2:
63:82:ac:c2:f9:d1:08:d9:f2:74:0a:2a:d0:19:40:
51:c4:a6:87:53:63:53:f9:c0:57:39:da:9b:37:d8:
0c:c9:39:63:a5:21:a9:1d:cd:cb:77:a0:f1:23:9b:
6e:9f:fc:75:57:ab:3d:2f:2e:35:c6:6b:9f:e5:7a:
43:0e:01:58:9c:b2:b7:36:48:5e:b9:0e:b8:2e:4f:
6a:a1:2d:5b:9f:f3:2e:26:4e:21:76:99:92:bf:af:
c0:88:51:46:3c:93:c0:3d:7f:3a:e6:53:28:16:20:
f3:02:c1:79:ab:66:1f:06:34:af:ba:b7:42:56:bd:
33:a0:d6:ce:cb:43:e7:8f:a8:10:ec:00:ce:35:6f:
38:2a:ed:24:bf:8a:31:e6:3f:17:08:a7:93:a5:95:
c1:3b:4b:d9:d7:e0:75:fe:87:93:d9:ba:ee:d2:b7:
bf:21:80:4a:ea:49:5f:02:4b:99:a0:42:c6:01:ea:
6c:f2:89:8a:11:9c:4b:49:44:c1:d1:9b:ec:e4:cc:
d3:df:1c:88:67:4e:6d:04:d8:68:7a:cf:0d:a5:7d:
eb:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:54:C8:F2:B3:01:4D:CB:75:14:EF:B5:E2:A0:FA:19:F8:1B:EF:23
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DlTI8rMBTct1FO-14qD6Gfgb7yM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4f:ad:71:d3:0f:45:cc:17:d7:5c:7d:67:97:a2:e4:fc:89:1b:
03:5c:dd:ff:22:9b:1a:c7:6d:10:f2:a0:75:93:eb:f4:e4:55:
4c:89:78:bf:99:50:83:c9:01:9a:c9:90:7b:1e:8d:98:0b:0a:
fe:2c:b8:b0:29:b3:aa:56:e8:a8:3e:e0:6c:60:f5:fc:17:67:
49:a0:fd:ea:41:7a:ec:e2:c4:df:12:9f:2d:cf:44:7d:3d:dd:
cc:49:a8:4c:98:b0:21:35:e8:a8:85:b4:66:e7:29:5f:4b:05:
9d:56:76:cc:db:9a:f0:71:26:7d:ba:2c:cf:39:5d:07:f0:4f:
f5:90:f6:7c:38:b0:68:8c:f8:6d:89:d2:b5:ec:fa:67:22:0b:
9a:47:70:35:dc:4e:5c:79:4c:c9:d1:79:59:23:24:44:b4:a5:
5f:16:5b:69:46:fe:b9:3a:7c:87:72:69:e2:68:0e:2f:89:6b:
96:08:11:dc:0d:d4:4b:54:5e:87:74:71:86:41:2d:eb:6a:4e:
3b:5e:c6:80:ed:72:d6:3b:c4:a2:13:46:b2:17:24:7a:d3:89:
62:b0:33:fa:bc:15:b5:6f:a9:9b:d1:a1:d1:b2:e5:4b:d9:c6:
16:46:00:1b:0b:fa:cc:17:e3:c9:7d:f8:f1:7b:2b:d8:9b:2a:
59:7a:12:73
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOFowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDMx
NzIyMThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBFNTRDOEYyQjMwMTRE
Q0I3NTE0RUZCNUUyQTBGQTE5RjgxQkVGMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDlfr4cMk0Wk31/8rggw6lMPMhmWQMmh5sbaB5ZPQAaicN6l4+d
fqaKIz8+0mOCrML50QjZ8nQKKtAZQFHEpodTY1P5wFc52ps32AzJOWOlIakdzct3
oPEjm26f/HVXqz0vLjXGa5/lekMOAVicsrc2SF65DrguT2qhLVuf8y4mTiF2mZK/
r8CIUUY8k8A9fzrmUygWIPMCwXmrZh8GNK+6t0JWvTOg1s7LQ+ePqBDsAM41bzgq
7SS/ijHmPxcIp5OllcE7S9nX4HX+h5PZuu7St78hgErqSV8CS5mgQsYB6mzyiYoR
nEtJRMHRm+zkzNPfHIhnTm0E2Gh6zw2lfeu7AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUDlTI8rMBTct1FO+14qD6Gfgb7yMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RsVEk4ck1CVGN0MUZP
LTE0cUQ2R2ZnYjd5TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAT61x0w9FzBfXXH1nl6Lk/IkbA1zd/yKb
GsdtEPKgdZPr9ORVTIl4v5lQg8kBmsmQex6NmAsK/iy4sCmzqlboqD7gbGD1/Bdn
SaD96kF67OLE3xKfLc9EfT3dzEmoTJiwITXoqIW0ZucpX0sFnVZ2zNua8HEmfbos
zzldB/BP9ZD2fDiwaIz4bYnStez6ZyILmkdwNdxOXHlMydF5WSMkRLSlXxZbaUb+
uTp8h3Jp4mgOL4lrlggR3A3US1Reh3RxhkEt62pOO17GgO1y1jvEohNGshcketOJ
YrAz+rwVtW+pm9Gh0bLlS9nGFkYAGwv6zBfjyX348Xsr2JsqWXoScw==
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:36:07 2025 by rpki-client