Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Hd4pHbip_mB2Z4u0pqHGN2I7q1Y.roa
File: Hd4pHbip_mB2Z4u0pqHGN2I7q1Y.roa (raw, json)
Hash identifier: wnHbFzY8/9HOq99Pi01UhiwzYDoJzCV1EuNjdKkHRhE=
Subject key identifier: 1D:DE:29:1D:B8:A9:FE:60:76:67:8B:B4:A6:A1:C6:37:62:3B:AB:56
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4DBE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Hd4pHbip_mB2Z4u0pqHGN2I7q1Y.roa
Signing time: Thu 02 May 2024 05:53:43 +0000
ROA not before: Thu 02 May 2024 05:53:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19902 (0x4dbe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 05:53:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1DDE291DB8A9FE6076678BB4A6A1C637623BAB56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:59:49:1e:a4:18:a9:74:6e:64:21:aa:a5:fb:
5e:3c:95:5d:4f:5a:eb:7e:f8:d4:9d:c0:ac:a3:1c:
50:5a:b8:2f:db:af:36:89:c7:56:a9:60:64:23:62:
11:b0:44:32:b1:88:9f:14:3f:30:25:a3:17:0d:3b:
4a:9c:fa:57:51:65:0d:21:0a:2b:f3:87:ea:ee:3c:
63:c1:e2:82:b2:69:92:8b:a0:3f:82:04:40:1b:ba:
3c:c1:32:cf:f1:73:fc:12:57:0d:a7:a7:f0:dd:87:
d2:c5:48:23:68:8b:54:a8:00:4c:29:b6:bb:ac:33:
0c:3a:00:38:9b:10:5b:26:53:91:8b:32:78:57:bc:
d7:7d:2f:57:c0:8c:d4:37:32:ba:1e:46:f2:eb:95:
de:d9:13:cd:02:2e:ee:56:85:11:cb:49:f3:e6:84:
ed:f2:5f:ae:84:08:48:1e:fe:29:55:2b:20:53:7b:
bf:9c:89:0f:15:aa:95:b5:51:af:08:db:89:7e:39:
60:b2:8c:16:1c:20:27:a3:2a:94:67:84:2e:03:ca:
d6:f2:1c:b0:90:c9:ce:c1:93:cf:67:18:0e:04:cf:
22:21:4d:0e:10:55:05:d7:45:d9:17:c7:bd:c0:f4:
84:ee:99:be:fa:fc:01:1f:fb:04:71:d6:36:8e:84:
80:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:DE:29:1D:B8:A9:FE:60:76:67:8B:B4:A6:A1:C6:37:62:3B:AB:56
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Hd4pHbip_mB2Z4u0pqHGN2I7q1Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a7:b5:d7:d9:a9:8b:2c:8a:16:03:1a:a0:b5:ce:70:c7:b3:64:
0b:c3:68:d5:5c:88:b2:20:40:16:32:31:b7:32:e4:9e:fe:04:
23:0a:81:c3:eb:7a:6d:ff:e4:7a:8b:b6:50:07:4b:26:5b:1a:
e9:c0:89:59:9c:8a:5f:cc:ad:d6:5d:a2:c3:8c:8f:52:34:ce:
84:8b:c4:e4:12:5b:d7:b6:e9:75:83:77:17:d5:62:44:93:ee:
3c:a1:f1:48:d8:eb:c5:02:93:1c:24:54:62:85:0b:c1:49:1f:
da:ee:69:c8:7c:89:9a:d3:59:08:10:69:bf:30:12:2d:50:d5:
f1:25:32:6e:b1:cc:15:46:a1:59:91:d2:2b:f5:ad:bc:30:07:
f0:7a:62:02:fc:d3:eb:64:8a:8f:c9:0b:24:7a:5d:13:7a:f9:
37:a9:a9:16:25:c4:e3:de:a0:38:27:77:bf:76:ff:33:e8:5d:
0e:34:0f:d7:f5:c2:10:c4:b2:37:12:7f:1d:3e:9d:29:87:e5:
80:e9:ee:06:0f:7a:4c:67:f2:bf:cb:3d:e5:64:e5:f3:25:ec:
e2:5f:f5:f6:56:ef:73:c7:27:76:fe:43:9b:ea:d0:16:70:7b:
51:03:65:ce:64:f2:ad:40:49:c3:03:f3:ad:c3:50:b0:a9:d9:
28:b5:5e:7a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTb4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIw
NTUzNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFEREUyOTFEQjhBOUZF
NjA3NjY3OEJCNEE2QTFDNjM3NjIzQkFCNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0WUkepBipdG5kIaql+148lV1PWut++NSdwKyjHFBauC/brzaJ
x1apYGQjYhGwRDKxiJ8UPzAloxcNO0qc+ldRZQ0hCivzh+ruPGPB4oKyaZKLoD+C
BEAbujzBMs/xc/wSVw2np/Ddh9LFSCNoi1SoAEwptrusMww6ADibEFsmU5GLMnhX
vNd9L1fAjNQ3MroeRvLrld7ZE80CLu5WhRHLSfPmhO3yX66ECEge/ilVKyBTe7+c
iQ8VqpW1Ua8I24l+OWCyjBYcICejKpRnhC4DytbyHLCQyc7Bk89nGA4EzyIhTQ4Q
VQXXRdkXx73A9ITumb76/AEf+wRx1jaOhIDzAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUHd4pHbip/mB2Z4u0pqHGN2I7q1YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0hkNHBIYmlwX21CMlo0
dTBwcUhHTjJJN3ExWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAp7XX2amLLIoWAxqgtc5wx7NkC8No1VyI
siBAFjIxtzLknv4EIwqBw+t6bf/keou2UAdLJlsa6cCJWZyKX8yt1l2iw4yPUjTO
hIvE5BJb17bpdYN3F9ViRJPuPKHxSNjrxQKTHCRUYoULwUkf2u5pyHyJmtNZCBBp
vzASLVDV8SUybrHMFUahWZHSK/WtvDAH8HpiAvzT62SKj8kLJHpdE3r5N6mpFiXE
496gOCd3v3b/M+hdDjQP1/XCEMSyNxJ/HT6dKYflgOnuBg96TGfyv8s95WTl8yXs
4l/19lbvc8cndv5Dm+rQFnB7UQNlzmTyrUBJwwPzrcNQsKnZKLVeeg==
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:15:00 2025 by rpki-client