Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GyKj8qW9oWR4PlIKBZf7qfrhlZg.roa
File: GyKj8qW9oWR4PlIKBZf7qfrhlZg.roa (raw, json)
Hash identifier: beSJFwYFGXqACzlnvx3tomQXeqKsuVylSkDqIcKwYDg=
Subject key identifier: 1B:22:A3:F2:A5:BD:A1:64:78:3E:52:0A:05:97:FB:A9:FA:E1:95:98
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5816
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GyKj8qW9oWR4PlIKBZf7qfrhlZg.roa
Signing time: Thu 16 May 2024 00:54:14 +0000
ROA not before: Thu 16 May 2024 00:54:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22550 (0x5816)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 00:54:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1B22A3F2A5BDA164783E520A0597FBA9FAE19598
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:92:49:ff:b5:64:ae:e0:4c:32:6c:40:fb:30:
3e:ee:58:4b:6f:38:18:1f:7c:c6:23:49:88:e4:96:
f9:28:ae:98:1b:7d:27:cc:ad:e7:62:72:80:63:f7:
20:5a:58:db:d3:bf:9b:5c:16:97:e1:72:ef:e4:cc:
fc:9b:19:1c:60:d7:bd:11:7f:9b:8c:07:81:ce:7b:
83:f1:5a:9e:72:1d:96:d2:a9:e5:c6:cd:de:a3:c2:
3a:87:48:03:3b:44:57:eb:90:dc:79:a6:eb:be:a8:
b1:8e:27:70:f6:40:90:af:65:6a:91:92:0b:02:28:
cd:e1:0d:26:97:c1:14:ee:ab:54:cd:57:ed:a9:c2:
74:db:04:ec:ec:7e:a2:18:54:c8:e7:55:80:b0:6c:
cf:65:cd:50:22:fa:2a:19:76:cf:3d:00:64:89:21:
15:92:36:94:e9:55:32:a8:04:be:3f:68:95:69:ec:
66:0b:e3:eb:b3:8b:1c:fd:20:8a:c0:83:44:ef:07:
08:92:3d:9f:f9:e9:4b:3c:76:7c:26:11:15:c3:5a:
49:e9:d0:7e:b6:e7:d0:0f:93:cb:c1:86:04:36:cb:
83:56:25:4e:3d:9d:b4:39:76:74:e9:2d:87:4c:46:
c9:43:8b:16:b7:1f:1a:02:93:63:a5:eb:1b:c0:8d:
e7:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:22:A3:F2:A5:BD:A1:64:78:3E:52:0A:05:97:FB:A9:FA:E1:95:98
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GyKj8qW9oWR4PlIKBZf7qfrhlZg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
01:e4:c2:8c:34:4a:63:8c:1b:64:23:92:cd:bf:95:90:fd:ed:
e0:d6:40:4b:fd:b7:91:c0:7c:75:67:17:ec:6b:c4:60:6a:0a:
69:61:f1:45:94:38:72:74:6f:d6:5f:6d:65:75:56:02:d0:6f:
16:c2:b7:b6:7c:30:7b:41:56:9c:4a:07:f0:c5:ec:07:16:24:
a0:89:67:9b:88:3c:11:14:d5:9b:58:95:f4:80:d5:55:b2:15:
25:58:e0:b2:73:83:ec:ae:bb:83:cc:0e:d3:48:6f:b9:29:9f:
05:42:b2:9e:52:13:f6:a9:8b:ce:fd:18:8b:44:40:d3:b0:53:
b8:29:84:28:f6:cd:48:43:78:cf:a9:0f:59:6e:12:53:36:88:
7a:06:de:84:c1:dd:7a:8e:0e:6b:3b:e4:5c:41:fe:c9:12:32:
64:35:ae:e7:ce:86:41:96:02:9c:ce:f4:03:73:20:86:40:dc:
1c:65:0a:18:6d:02:cb:df:ea:ff:85:56:56:7a:2a:0b:88:21:
a1:fe:c7:3e:9a:a3:78:50:c8:4f:cf:b2:e7:45:f4:88:52:1e:
a9:75:45:fa:0e:fc:8a:fb:6a:99:08:58:25:04:c8:21:a7:0c:
11:d6:72:a2:e2:b8:b0:a7:7e:76:9a:39:c3:d4:be:a9:8a:18:
28:8f:c6:b9
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICWBYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTYw
MDU0MTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFCMjJBM0YyQTVCREEx
NjQ3ODNFNTIwQTA1OTdGQkE5RkFFMTk1OTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzkkn/tWSu4EwybED7MD7uWEtvOBgffMYjSYjklvkorpgbfSfM
redicoBj9yBaWNvTv5tcFpfhcu/kzPybGRxg170Rf5uMB4HOe4PxWp5yHZbSqeXG
zd6jwjqHSAM7RFfrkNx5puu+qLGOJ3D2QJCvZWqRkgsCKM3hDSaXwRTuq1TNV+2p
wnTbBOzsfqIYVMjnVYCwbM9lzVAi+ioZds89AGSJIRWSNpTpVTKoBL4/aJVp7GYL
4+uzixz9IIrAg0TvBwiSPZ/56Us8dnwmERXDWknp0H6259APk8vBhgQ2y4NWJU49
nbQ5dnTpLYdMRslDixa3HxoCk2Ol6xvAjedPAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUGyKj8qW9oWR4PlIKBZf7qfrhlZgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0d5S2o4cVc5b1dSNFBs
SUtCWmY3cWZyaGxaZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAAeTCjDRKY4wbZCOSzb+VkP3t4NZAS/23
kcB8dWcX7GvEYGoKaWHxRZQ4cnRv1l9tZXVWAtBvFsK3tnwwe0FWnEoH8MXsBxYk
oIlnm4g8ERTVm1iV9IDVVbIVJVjgsnOD7K67g8wO00hvuSmfBUKynlIT9qmLzv0Y
i0RA07BTuCmEKPbNSEN4z6kPWW4SUzaIegbehMHdeo4OazvkXEH+yRIyZDWu586G
QZYCnM70A3MghkDcHGUKGG0Cy9/q/4VWVnoqC4ghof7HPpqjeFDIT8+y50X0iFIe
qXVF+g78ivtqmQhYJQTIIacMEdZyouK4sKd+dpo5w9S+qYoYKI/GuQ==
-----END CERTIFICATE-----
Generated at Sat Jun 21 06:48:43 2025 by rpki-client