Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/JTKG0rv7RWeif6CH8Jw1sEJFnno.roa
File: JTKG0rv7RWeif6CH8Jw1sEJFnno.roa (raw, json)
Hash identifier: jdlGzoWaksJFFMHHpwdNEmrWzBtWZiT2wAAAI/I8JM8=
Subject key identifier: 25:32:86:D2:BB:FB:45:67:A2:7F:A0:87:F0:9C:35:B0:42:45:9E:7A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5042
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JTKG0rv7RWeif6CH8Jw1sEJFnno.roa
Signing time: Sun 05 May 2024 14:23:49 +0000
ROA not before: Sun 05 May 2024 14:23:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20546 (0x5042)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 14:23:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=253286D2BBFB4567A27FA087F09C35B042459E7A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:00:db:0d:cc:1f:66:be:4f:68:8b:aa:fd:bf:
9a:50:b8:4f:fe:c6:b3:08:1f:c5:18:3e:ca:f5:b8:
c1:48:2b:c0:c4:a3:b0:ae:d3:c3:1e:f4:46:91:9d:
88:42:95:16:b0:e9:80:c0:1a:02:b7:7c:97:51:9d:
4e:04:9d:a5:88:7a:74:5d:cc:6f:c4:59:4a:b4:c6:
e3:d5:ea:1b:b1:23:e8:7d:d1:93:0a:d5:37:aa:72:
98:e4:fa:ce:c9:d6:bc:32:24:25:e7:29:df:64:f9:
79:c3:3e:aa:4c:86:74:46:2d:b7:24:68:90:f6:aa:
89:55:5e:d1:38:2a:2a:65:f4:ea:2b:1d:16:8c:51:
60:d2:ff:5e:5e:ba:b5:83:93:5e:86:bb:aa:fa:b3:
85:54:1d:a6:77:cc:19:fb:1d:fe:08:fb:75:13:5a:
d0:89:40:70:e1:69:af:1c:74:20:2f:08:b3:0f:64:
81:84:e5:dd:1f:98:a3:56:60:a1:99:38:1b:2e:d0:
06:ea:d6:99:29:55:be:8e:b2:f7:4e:e3:dc:50:1b:
fa:14:c2:2f:60:b9:84:52:09:c0:66:cb:3b:98:ce:
6c:3c:54:78:af:d1:ab:d2:58:52:ff:f4:fc:7d:77:
46:c9:41:a5:11:14:a8:d1:2a:a4:c1:ca:9b:9a:97:
fa:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:32:86:D2:BB:FB:45:67:A2:7F:A0:87:F0:9C:35:B0:42:45:9E:7A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JTKG0rv7RWeif6CH8Jw1sEJFnno.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4d:7f:01:3b:25:ea:c3:35:e8:73:68:c8:a1:f6:b1:a8:de:6d:
15:52:90:74:3d:eb:cb:56:a9:4b:ba:2c:b3:35:48:e3:fb:2a:
d4:c0:29:84:ed:bd:56:3d:b4:41:d2:0c:87:01:1f:73:69:82:
bb:04:59:86:5e:6f:60:36:c1:6f:b2:5b:31:71:84:22:ea:8b:
86:70:b1:d8:03:93:3e:5d:69:26:b0:e9:36:72:65:b2:6c:99:
a7:93:09:b8:09:f4:11:40:67:1f:b6:de:6a:03:8a:ac:b4:76:
ac:8e:1a:5f:5d:7b:3f:3b:3f:da:bc:1a:eb:a8:f8:6f:11:8f:
10:fd:24:a1:ba:b8:20:5d:35:a4:16:ee:54:24:0d:c1:8a:f9:
fe:92:43:c6:a5:cb:f7:47:eb:a7:bf:20:06:7b:8f:3d:a6:4c:
b3:16:44:3c:c5:86:44:1e:1d:fb:98:4c:e7:92:40:65:f9:8e:
9a:7f:b7:c4:db:f0:75:e4:2e:95:c7:18:15:15:17:30:76:b7:
88:d8:24:f1:c5:0e:8e:86:09:d3:dc:c9:7e:76:3f:ae:71:cf:
c5:df:b7:18:94:e0:b9:5c:cb:74:3a:58:3f:d1:62:7c:ff:8e:
f2:c5:fa:c9:d5:57:93:9e:1c:d5:4f:40:eb:79:39:65:eb:ea:
fb:83:59:7e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICUEIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUx
NDIzNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI1MzI4NkQyQkJGQjQ1
NjdBMjdGQTA4N0YwOUMzNUIwNDI0NTlFN0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKANsNzB9mvk9oi6r9v5pQuE/+xrMIH8UYPsr1uMFIK8DEo7Cu
08Me9EaRnYhClRaw6YDAGgK3fJdRnU4EnaWIenRdzG/EWUq0xuPV6huxI+h90ZMK
1Teqcpjk+s7J1rwyJCXnKd9k+XnDPqpMhnRGLbckaJD2qolVXtE4Kipl9OorHRaM
UWDS/15eurWDk16Gu6r6s4VUHaZ3zBn7Hf4I+3UTWtCJQHDhaa8cdCAvCLMPZIGE
5d0fmKNWYKGZOBsu0Abq1pkpVb6OsvdO49xQG/oUwi9guYRSCcBmyzuYzmw8VHiv
0avSWFL/9Px9d0bJQaURFKjRKqTBypual/prAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUJTKG0rv7RWeif6CH8Jw1sEJFnnowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0pUS0cwcnY3UldlaWY2
Q0g4Sncxc0VKRm5uby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEATX8BOyXqwzXoc2jIofaxqN5tFVKQdD3r
y1apS7osszVI4/sq1MAphO29Vj20QdIMhwEfc2mCuwRZhl5vYDbBb7JbMXGEIuqL
hnCx2AOTPl1pJrDpNnJlsmyZp5MJuAn0EUBnH7beagOKrLR2rI4aX117Pzs/2rwa
66j4bxGPEP0kobq4IF01pBbuVCQNwYr5/pJDxqXL90frp78gBnuPPaZMsxZEPMWG
RB4d+5hM55JAZfmOmn+3xNvwdeQulccYFRUXMHa3iNgk8cUOjoYJ09zJfnY/rnHP
xd+3GJTguVzLdDpYP9FifP+O8sX6ydVXk54c1U9A63k5Zevq+4NZfg==
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:34 2025 by rpki-client