Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GqVc7FAcoie8_xKuAmqIbO4_dsU.roa
File: GqVc7FAcoie8_xKuAmqIbO4_dsU.roa (raw, json)
Hash identifier: sqJYwstDLh+y96CuREzCzu7pcJXIYtXSYrqeD6s3qV8=
Subject key identifier: 1A:A5:5C:EC:50:1C:A2:27:BC:FF:12:AE:02:6A:88:6C:EE:3F:76:C5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3376
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GqVc7FAcoie8_xKuAmqIbO4_dsU.roa
Signing time: Thu 28 Mar 2024 04:52:01 +0000
ROA not before: Thu 28 Mar 2024 04:52:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13174 (0x3376)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 04:52:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1AA55CEC501CA227BCFF12AE026A886CEE3F76C5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:49:98:0b:ed:1f:77:b7:3b:ba:a2:fd:a0:3e:
a8:8f:e7:46:65:42:70:46:f3:0d:3f:89:6f:52:a9:
27:f5:ae:d3:71:9e:20:2f:2f:bc:a8:61:28:64:b4:
51:19:df:53:48:7d:0b:de:96:7b:c1:f9:28:43:4a:
c3:37:10:5e:6f:a7:09:35:6e:c6:6a:2e:cf:58:c3:
8d:3e:bc:89:b9:6a:a4:d7:e4:22:e0:fe:ea:1b:cc:
ea:30:0d:1b:51:a7:90:f7:b0:db:a0:cb:8a:be:8b:
45:0f:4f:d0:31:31:6d:56:ef:0a:d7:53:de:34:42:
da:76:21:85:74:5c:20:88:11:4b:b4:a8:68:c1:a5:
c1:a7:30:db:f5:da:3e:9d:34:c6:25:bc:ec:df:de:
e1:e1:6f:b4:d2:a3:f2:d8:77:7c:8a:d7:cd:1f:06:
7b:38:47:96:3b:25:f6:eb:6d:ed:56:61:80:cd:9d:
29:91:63:4f:10:7f:53:9b:50:a8:1d:39:7f:74:e9:
e4:6c:2b:46:99:3b:41:87:a5:77:70:52:1e:cb:13:
a1:e5:b1:e9:82:56:0a:55:1e:6f:eb:c8:65:1f:13:
8f:52:22:3d:69:94:f9:47:32:65:69:28:11:46:ea:
02:03:bc:26:88:97:57:8d:a5:78:b8:b3:41:c9:4d:
07:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:A5:5C:EC:50:1C:A2:27:BC:FF:12:AE:02:6A:88:6C:EE:3F:76:C5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GqVc7FAcoie8_xKuAmqIbO4_dsU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
94:ba:be:23:b2:ff:27:c1:fd:d9:44:38:c1:13:ca:c9:b8:11:
f7:94:4d:e7:38:64:fb:17:c3:94:04:c0:7a:26:ba:1b:de:08:
63:8d:d1:e1:ff:cd:63:f8:f9:42:82:85:35:8c:36:bb:c9:e8:
41:be:03:4d:ff:79:8d:8b:2a:55:f3:d0:80:b5:bc:59:0e:79:
ed:33:48:11:70:d4:74:41:f9:6e:fe:16:7f:6d:d3:7c:d4:06:
b2:59:c5:d0:98:a3:20:f0:5c:56:79:44:66:a9:ca:cd:30:d0:
0c:68:2c:8a:25:d5:d7:6d:cf:f3:6a:05:0f:e0:c1:41:c7:d5:
05:5c:de:4a:d3:19:88:8c:46:4b:82:4f:87:7e:71:5d:b8:5d:
89:1a:4d:bd:1b:0d:c3:d9:4f:a6:24:45:f1:74:e2:c2:24:a3:
16:82:e4:4b:90:4b:3e:53:95:50:c0:a0:a5:87:9d:5b:7b:27:
22:4a:b9:ad:8c:33:f1:ef:3e:a1:c9:e4:c5:95:61:14:bd:b1:
7b:7f:90:94:f8:cf:2d:48:07:e9:6f:bc:9f:d0:6f:c2:73:b1:
bd:a1:35:dd:39:20:0a:7a:c4:eb:4c:33:3b:f0:ba:9d:20:16:
86:a2:1c:5c:ec:56:1c:5a:2d:57:8b:84:c8:dc:3b:d5:cc:b1:
53:34:df:e3
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICM3YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgw
NDUyMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFBQTU1Q0VDNTAxQ0Ey
MjdCQ0ZGMTJBRTAyNkE4ODZDRUUzRjc2QzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7SZgL7R93tzu6ov2gPqiP50ZlQnBG8w0/iW9SqSf1rtNxniAv
L7yoYShktFEZ31NIfQvelnvB+ShDSsM3EF5vpwk1bsZqLs9Yw40+vIm5aqTX5CLg
/uobzOowDRtRp5D3sNugy4q+i0UPT9AxMW1W7wrXU940Qtp2IYV0XCCIEUu0qGjB
pcGnMNv12j6dNMYlvOzf3uHhb7TSo/LYd3yK180fBns4R5Y7Jfbrbe1WYYDNnSmR
Y08Qf1ObUKgdOX906eRsK0aZO0GHpXdwUh7LE6HlsemCVgpVHm/ryGUfE49SIj1p
lPlHMmVpKBFG6gIDvCaIl1eNpXi4s0HJTQcXAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUGqVc7FAcoie8/xKuAmqIbO4/dsUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dxVmM3RkFjb2llOF94
S3VBbXFJYk80X2RzVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAlLq+I7L/J8H92UQ4wRPKybgR95RN5zhk
+xfDlATAeia6G94IY43R4f/NY/j5QoKFNYw2u8noQb4DTf95jYsqVfPQgLW8WQ55
7TNIEXDUdEH5bv4Wf23TfNQGslnF0JijIPBcVnlEZqnKzTDQDGgsiiXV123P82oF
D+DBQcfVBVzeStMZiIxGS4JPh35xXbhdiRpNvRsNw9lPpiRF8XTiwiSjFoLkS5BL
PlOVUMCgpYedW3snIkq5rYwz8e8+ocnkxZVhFL2xe3+QlPjPLUgH6W+8n9BvwnOx
vaE13TkgCnrE60wzO/C6nSAWhqIcXOxWHFotV4uEyNw71cyxUzTf4w==
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:53:02 2025 by rpki-client