Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/G1Y5Sn9lJU76NguhtX58nenzjA0.roa
File: G1Y5Sn9lJU76NguhtX58nenzjA0.roa (raw, json)
Hash identifier: 8hvsNGBjFpq0NnMrZP/5OaBGDTQazKHTVQWMzN5sHoU=
Subject key identifier: 1B:56:39:4A:7F:65:25:4E:FA:36:0B:A1:B5:7E:7C:9D:E9:F3:8C:0D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 55E2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G1Y5Sn9lJU76NguhtX58nenzjA0.roa
Signing time: Mon 13 May 2024 02:24:06 +0000
ROA not before: Mon 13 May 2024 02:24:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21986 (0x55e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 02:24:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1B56394A7F65254EFA360BA1B57E7C9DE9F38C0D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:ec:1d:d7:a8:10:eb:2d:ec:bf:b3:f3:bd:3f:
16:22:93:b6:a7:b1:fd:8b:82:91:3c:5c:28:f2:e2:
aa:8b:99:5f:fd:4a:9e:ca:22:89:1d:f0:3b:3d:d3:
e9:63:f4:68:ce:97:83:89:1f:80:e8:e9:cf:3a:85:
9d:44:4f:34:b4:5d:f4:48:85:34:f9:ae:34:66:8d:
7f:92:ea:eb:b4:3c:8a:14:88:14:4d:64:48:87:74:
88:37:3d:2c:e4:04:f5:79:e3:45:06:f0:72:ff:fb:
6b:4c:62:b1:b6:0e:17:f1:b9:35:80:1e:b3:c4:00:
a9:b5:97:80:4b:41:06:2c:9d:88:97:08:66:1c:98:
3d:36:eb:35:bc:7d:b2:cd:af:18:3e:2e:c2:2c:d2:
a0:41:28:c3:f5:c9:f2:e9:e0:9b:29:0e:d0:2a:b5:
8d:eb:72:ee:31:55:f7:8b:a8:a2:14:49:09:32:d0:
66:84:ae:af:80:5a:c9:5b:bd:6e:69:48:c6:00:ed:
16:39:ea:34:4f:26:08:b2:60:ac:fc:54:d5:22:06:
47:33:3e:11:54:96:a4:db:ee:f9:c9:b8:3c:28:3c:
81:2e:32:32:07:04:2c:48:5b:44:6e:3d:99:ae:c4:
4c:07:85:0f:cb:b2:60:a2:2c:9e:0d:a9:9b:25:92:
d2:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:56:39:4A:7F:65:25:4E:FA:36:0B:A1:B5:7E:7C:9D:E9:F3:8C:0D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G1Y5Sn9lJU76NguhtX58nenzjA0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
65:d5:3e:5b:79:b5:51:f8:9f:ab:87:84:d9:0f:24:79:b5:3a:
6a:3b:96:f7:02:0d:10:37:52:61:fc:e7:75:57:dd:43:a3:cb:
91:ee:17:91:e4:77:9e:8f:a2:fa:07:be:0f:8e:0b:ef:44:ab:
c0:9f:0c:87:e4:41:35:b6:ee:37:dc:ea:70:87:f8:1c:08:26:
f9:2c:2b:71:99:55:d8:e8:5f:48:47:78:88:0c:1b:a5:a7:ef:
d0:66:ca:e0:e6:5f:04:c5:3f:0c:ed:47:e0:5b:a2:0a:8b:80:
6a:7d:ec:b5:cc:81:76:8e:a7:ac:41:27:d8:39:5e:c7:4c:cf:
1d:84:86:e5:4f:43:4e:4c:86:a3:c0:51:3f:c4:18:64:3e:14:
6e:4a:be:19:1d:f3:88:11:11:b3:fd:a2:b5:00:d1:06:40:26:
59:58:92:e2:42:eb:9c:51:95:be:f1:d8:cf:f5:b3:20:69:f4:
06:53:72:78:af:f2:af:6f:98:6c:49:64:06:64:58:7e:2a:d8:
3f:5c:2b:69:5d:3e:aa:f8:17:98:bf:40:f1:1b:55:29:f7:93:
41:37:53:dd:46:bb:12:04:89:33:f1:a6:0f:29:17:2b:35:96:
cc:c4:e1:7c:a5:6a:53:da:bd:e5:7c:68:74:79:7b:e1:53:e0:
93:df:e9:2c
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVeIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMw
MjI0MDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFCNTYzOTRBN0Y2NTI1
NEVGQTM2MEJBMUI1N0U3QzlERTlGMzhDMEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDN7B3XqBDrLey/s/O9PxYik7ansf2LgpE8XCjy4qqLmV/9Sp7K
Iokd8Ds90+lj9GjOl4OJH4Do6c86hZ1ETzS0XfRIhTT5rjRmjX+S6uu0PIoUiBRN
ZEiHdIg3PSzkBPV540UG8HL/+2tMYrG2DhfxuTWAHrPEAKm1l4BLQQYsnYiXCGYc
mD026zW8fbLNrxg+LsIs0qBBKMP1yfLp4JspDtAqtY3rcu4xVfeLqKIUSQky0GaE
rq+AWslbvW5pSMYA7RY56jRPJgiyYKz8VNUiBkczPhFUlqTb7vnJuDwoPIEuMjIH
BCxIW0RuPZmuxEwHhQ/LsmCiLJ4NqZslktKLAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUG1Y5Sn9lJU76NguhtX58nenzjA0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0cxWTVTbjlsSlU3Nk5n
dWh0WDU4bmVuempBMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAZdU+W3m1Ufifq4eE2Q8kebU6ajuW9wIN
EDdSYfzndVfdQ6PLke4XkeR3no+i+ge+D44L70SrwJ8Mh+RBNbbuN9zqcIf4HAgm
+SwrcZlV2OhfSEd4iAwbpafv0GbK4OZfBMU/DO1H4FuiCouAan3stcyBdo6nrEEn
2Dlex0zPHYSG5U9DTkyGo8BRP8QYZD4Ubkq+GR3ziBERs/2itQDRBkAmWViS4kLr
nFGVvvHYz/WzIGn0BlNyeK/yr2+YbElkBmRYfirYP1wraV0+qvgXmL9A8RtVKfeT
QTdT3Ua7EgSJM/GmDykXKzWWzMThfKVqU9q95XxodHl74VPgk9/pLA==
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:54:24 2025 by rpki-client