Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Fa8Vcaa_Z6E85Hb8wlAmYHAZdqI.roa
File: Fa8Vcaa_Z6E85Hb8wlAmYHAZdqI.roa (raw, json)
Hash identifier: JsVFkp82txcWsMJFpuElxa6Pxlss/N0jn1OgOeqYocA=
Subject key identifier: 15:AF:15:71:A6:BF:67:A1:3C:E4:76:FC:C2:50:26:60:70:19:76:A2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3D1A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Fa8Vcaa_Z6E85Hb8wlAmYHAZdqI.roa
Signing time: Wed 10 Apr 2024 01:22:39 +0000
ROA not before: Wed 10 Apr 2024 01:22:39 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15642 (0x3d1a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 01:22:39 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=15AF1571A6BF67A13CE476FCC2502660701976A2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:a7:df:9b:8b:cc:3a:bf:ba:5b:b4:ea:fb:b9:
f1:db:0d:3d:8a:ec:bb:56:73:ee:9e:c4:89:6d:31:
b5:45:62:ab:9e:e3:75:62:7a:a0:24:67:55:02:75:
ac:77:b2:b7:18:a9:ff:ca:a0:1b:bd:14:1c:9f:9e:
93:66:45:4f:c0:06:1a:c6:25:5e:5b:0c:9f:2c:ac:
85:19:54:0e:b1:e8:b9:d2:bc:64:4c:3b:2b:79:76:
f1:06:87:14:01:ba:2d:03:73:1d:84:00:11:07:ed:
e0:d4:49:bb:4e:2e:e1:21:71:10:a2:04:cb:e1:ba:
d1:6e:1c:c9:3a:e6:ee:de:51:45:93:aa:d4:2a:64:
e6:56:d7:45:fa:a8:48:15:7c:4f:19:75:09:9a:51:
91:ce:53:74:d1:0a:11:27:ec:98:f6:11:52:e7:d0:
99:c9:38:60:11:01:c4:d0:18:c9:77:66:b9:10:88:
3b:1a:1b:6f:0f:49:d2:0b:94:fb:39:36:08:1e:77:
ba:48:d3:0b:7f:ce:36:1b:89:a3:5b:0b:85:42:70:
6a:ec:ef:23:b4:60:22:16:62:83:16:3d:5b:df:02:
4d:91:9a:fd:cd:5b:1a:c8:fb:7c:4a:6d:cb:e0:23:
87:76:84:9a:40:1e:c5:20:93:be:b1:75:a1:51:fe:
f8:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:AF:15:71:A6:BF:67:A1:3C:E4:76:FC:C2:50:26:60:70:19:76:A2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Fa8Vcaa_Z6E85Hb8wlAmYHAZdqI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7f:6b:86:cf:5b:a9:d2:2b:ba:06:7d:7e:01:f1:8f:1c:32:f3:
90:63:28:cd:6d:41:34:5e:e1:b5:d4:f8:fe:2b:6a:c0:e8:a0:
db:f6:ee:f7:27:4e:7c:bc:de:9b:be:6a:2f:6b:7a:4b:c3:86:
c6:fe:ad:94:6c:ce:a6:44:17:ae:00:61:62:96:6d:71:ba:bf:
f2:7f:10:7d:5e:8e:50:6c:eb:4f:0e:39:77:1d:6f:dd:57:88:
b7:d7:45:7e:3f:bd:fe:89:0e:69:60:41:a0:3d:fd:ba:29:03:
08:ca:78:e1:59:8b:ce:62:99:27:4a:d2:03:e9:be:cf:fc:7f:
ee:8f:91:e9:f5:ae:38:27:b9:f4:df:62:c6:eb:1d:3d:bc:15:
7a:f2:fa:84:5d:2f:fc:58:64:f4:56:90:9b:cc:53:b2:13:f3:
7b:7e:7a:52:92:96:c9:86:35:7a:29:9c:d4:15:fd:c7:a0:10:
4e:6c:47:ac:02:91:30:44:f9:72:f9:15:f5:0c:17:82:30:60:
d2:73:dd:89:c0:e9:4e:54:e0:55:63:30:24:e7:58:0d:bf:2c:
fb:c9:64:85:8f:74:c2:13:98:88:22:3b:e7:73:28:6a:0e:2f:
35:6b:6a:fc:97:04:e2:94:e7:99:8c:99:01:dc:80:eb:99:10:
f1:e4:e1:c1
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPRowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAw
MTIyMzlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE1QUYxNTcxQTZCRjY3
QTEzQ0U0NzZGQ0MyNTAyNjYwNzAxOTc2QTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1p9+bi8w6v7pbtOr7ufHbDT2K7LtWc+6exIltMbVFYque43Vi
eqAkZ1UCdax3srcYqf/KoBu9FByfnpNmRU/ABhrGJV5bDJ8srIUZVA6x6LnSvGRM
Oyt5dvEGhxQBui0Dcx2EABEH7eDUSbtOLuEhcRCiBMvhutFuHMk65u7eUUWTqtQq
ZOZW10X6qEgVfE8ZdQmaUZHOU3TRChEn7Jj2EVLn0JnJOGARAcTQGMl3ZrkQiDsa
G28PSdILlPs5Ngged7pI0wt/zjYbiaNbC4VCcGrs7yO0YCIWYoMWPVvfAk2Rmv3N
WxrI+3xKbcvgI4d2hJpAHsUgk76xdaFR/vgbAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUFa8Vcaa/Z6E85Hb8wlAmYHAZdqIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ZhOFZjYWFfWjZFODVI
Yjh3bEFtWUhBWmRxSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAf2uGz1up0iu6Bn1+AfGPHDLzkGMozW1B
NF7htdT4/itqwOig2/bu9ydOfLzem75qL2t6S8OGxv6tlGzOpkQXrgBhYpZtcbq/
8n8QfV6OUGzrTw45dx1v3VeIt9dFfj+9/okOaWBBoD39uikDCMp44VmLzmKZJ0rS
A+m+z/x/7o+R6fWuOCe59N9ixusdPbwVevL6hF0v/Fhk9FaQm8xTshPze356UpKW
yYY1eimc1BX9x6AQTmxHrAKRMET5cvkV9QwXgjBg0nPdicDpTlTgVWMwJOdYDb8s
+8lkhY90whOYiCI753Moag4vNWtq/JcE4pTnmYyZAdyA65kQ8eThwQ==
-----END CERTIFICATE-----
Generated at Sat Jun 21 06:46:23 2025 by rpki-client