Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/JFq1tZJLAraxkplitETFITD4pZ4.roa
File: JFq1tZJLAraxkplitETFITD4pZ4.roa (raw, json)
Hash identifier: eJSHJXAgVO5wCYn6Kr34S7Pz6NPo7+yGPfTML/GTPDM=
Subject key identifier: 24:5A:B5:B5:92:4B:02:B6:B1:92:99:62:B4:44:C5:21:30:F8:A5:9E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 403A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JFq1tZJLAraxkplitETFITD4pZ4.roa
Signing time: Sun 14 Apr 2024 05:22:55 +0000
ROA not before: Sun 14 Apr 2024 05:22:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16442 (0x403a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 05:22:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=245AB5B5924B02B6B1929962B444C52130F8A59E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:42:32:f1:5a:33:a8:a3:38:30:f6:dc:b6:31:
61:47:67:74:f1:eb:b1:2c:db:b9:6c:14:48:b4:73:
e0:c5:9d:b1:53:ea:6f:0b:46:9b:b7:87:0f:f1:93:
a8:9c:94:6d:c3:08:ec:24:da:b0:6c:22:f4:44:67:
13:98:86:6b:fc:d4:07:33:4e:de:f9:57:b8:8e:38:
e9:d6:d1:be:9b:96:33:7f:2d:d5:45:9d:0c:54:8a:
c6:b5:63:15:87:53:3d:84:d6:e3:22:c4:8a:d4:db:
75:c2:08:0a:5e:15:8d:a4:58:bc:34:c6:7b:4c:39:
00:85:45:1d:96:64:0a:e6:b9:97:63:79:1f:61:9f:
7c:8b:8b:29:b9:87:ef:1a:7e:45:bd:01:4d:5b:ad:
8e:4e:7c:45:1c:cd:d4:0e:b7:a0:66:83:cc:16:ff:
95:54:1d:48:08:33:16:70:a8:62:00:91:32:6c:4e:
f9:e5:51:63:9e:a1:0c:e5:9b:96:de:7e:22:83:da:
11:1c:4b:d7:c5:d3:ad:03:5e:f9:9e:e0:b0:66:7a:
4a:17:21:ec:49:84:52:8b:bc:93:c8:54:63:ef:14:
71:a9:4f:a7:a9:64:fb:41:c3:c4:31:3c:b0:91:f8:
ce:58:b8:97:54:bf:e0:27:e8:0e:1f:57:2b:eb:37:
68:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:5A:B5:B5:92:4B:02:B6:B1:92:99:62:B4:44:C5:21:30:F8:A5:9E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JFq1tZJLAraxkplitETFITD4pZ4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
25:92:b3:c7:9c:e8:6a:de:d6:34:5b:e0:a7:3b:ed:00:80:b5:
ab:22:6c:3f:20:b3:77:12:40:ca:dc:f6:0b:4c:28:5f:16:3f:
ab:94:6d:09:7b:f6:03:7f:d9:8a:85:58:3a:96:6a:b4:58:8a:
9a:6c:54:f3:1f:cd:7c:e7:f8:f6:ea:d4:43:1e:27:da:1d:86:
98:0a:11:ce:dd:03:0e:9f:0c:a2:f6:90:a8:71:99:58:92:28:
83:dc:df:c1:59:76:f4:36:06:51:34:3a:4b:d0:b1:2c:24:09:
5d:9b:e0:cb:ba:65:94:03:0c:54:96:03:e3:89:53:df:67:bb:
71:60:33:36:4d:65:cb:6c:d3:82:53:56:8a:fd:1d:9c:c6:80:
e1:76:3d:fe:e1:b1:72:81:02:2a:cf:f8:0a:b3:e7:95:5e:60:
05:dd:5d:fa:21:ff:d2:c5:7f:76:bb:a1:96:29:63:b6:9e:de:
95:1c:58:ae:04:e4:a3:52:44:0b:2e:6e:53:f5:cd:97:4c:fe:
eb:2b:d0:c9:41:8c:06:dc:61:4c:7a:4a:d7:9d:5b:72:95:58:
48:ec:37:ee:8d:ac:b8:03:0a:6f:a5:56:be:7e:a3:54:51:d2:
2f:2c:39:1d:15:40:0c:6f:64:12:0c:20:08:86:2a:54:44:35:
28:a8:ec:85
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQDowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQw
NTIyNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI0NUFCNUI1OTI0QjAy
QjZCMTkyOTk2MkI0NDRDNTIxMzBGOEE1OUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6QjLxWjOoozgw9ty2MWFHZ3Tx67Es27lsFEi0c+DFnbFT6m8L
Rpu3hw/xk6iclG3DCOwk2rBsIvREZxOYhmv81AczTt75V7iOOOnW0b6bljN/LdVF
nQxUisa1YxWHUz2E1uMixIrU23XCCApeFY2kWLw0xntMOQCFRR2WZArmuZdjeR9h
n3yLiym5h+8afkW9AU1brY5OfEUczdQOt6Bmg8wW/5VUHUgIMxZwqGIAkTJsTvnl
UWOeoQzlm5befiKD2hEcS9fF060DXvme4LBmekoXIexJhFKLvJPIVGPvFHGpT6ep
ZPtBw8QxPLCR+M5YuJdUv+An6A4fVyvrN2gXAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUJFq1tZJLAraxkplitETFITD4pZ4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0pGcTF0WkpMQXJheGtw
bGl0RVRGSVRENHBaNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAJZKzx5zoat7WNFvgpzvtAIC1qyJsPyCz
dxJAytz2C0woXxY/q5RtCXv2A3/ZioVYOpZqtFiKmmxU8x/NfOf49urUQx4n2h2G
mAoRzt0DDp8MovaQqHGZWJIog9zfwVl29DYGUTQ6S9CxLCQJXZvgy7pllAMMVJYD
44lT32e7cWAzNk1ly2zTglNWiv0dnMaA4XY9/uGxcoECKs/4CrPnlV5gBd1d+iH/
0sV/druhliljtp7elRxYrgTko1JECy5uU/XNl0z+6yvQyUGMBtxhTHpK151bcpVY
SOw37o2suAMKb6VWvn6jVFHSLyw5HRVADG9kEgwgCIYqVEQ1KKjshQ==
-----END CERTIFICATE-----
Generated at Sun Jun 22 07:38:27 2025 by rpki-client