Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MCagFQ6ofEcxyqXtr-bVWegKTfI.roa
File: MCagFQ6ofEcxyqXtr-bVWegKTfI.roa (raw, json)
Hash identifier: aCZzFiJT1iyB7uCylkUyu55R+lNdhzGkZtE9hPQa6EQ=
Subject key identifier: 30:26:A0:15:0E:A8:7C:47:31:CA:A5:ED:AF:E6:D5:59:E8:0A:4D:F2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35B6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MCagFQ6ofEcxyqXtr-bVWegKTfI.roa
Signing time: Sun 31 Mar 2024 04:52:10 +0000
ROA not before: Sun 31 Mar 2024 04:52:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13750 (0x35b6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 04:52:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3026A0150EA87C4731CAA5EDAFE6D559E80A4DF2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:9c:94:38:10:03:48:d1:fc:ea:76:1a:18:31:
20:ef:77:1e:4a:6c:6f:9e:28:ca:7d:c0:d5:db:42:
ad:25:ad:27:ab:01:65:05:56:bf:ee:49:f5:b5:15:
b5:b3:07:65:01:e4:78:53:3c:71:7f:dc:9c:98:3b:
87:ca:7a:f1:96:de:ea:af:93:55:94:e3:18:72:35:
7d:0f:45:89:29:70:ae:dd:92:d8:99:5d:9e:32:8a:
74:73:7d:98:6c:62:be:03:3b:3a:6c:76:2a:c3:62:
13:de:67:80:21:bd:6c:b5:eb:89:f5:af:ea:53:2b:
b9:b8:88:47:09:83:66:9b:02:a7:7c:d9:4a:44:bd:
cf:4c:e5:d2:10:ec:0b:cc:7b:44:33:e3:b8:1b:1f:
2c:02:f6:23:03:fb:ca:2e:9c:4a:88:6d:04:12:e4:
fd:f6:c5:f8:2a:c3:ab:c0:58:38:26:f3:4d:f8:3a:
9a:05:3b:9f:d2:ea:55:2c:9a:a6:5e:8e:c8:d0:6e:
7e:3f:f7:9c:9a:3d:99:f9:7d:46:92:4f:12:e4:68:
5b:34:6f:70:f5:4b:12:cd:1e:4d:a6:7b:23:36:ac:
6e:7d:05:07:ad:7b:01:fd:47:cf:e4:f0:12:0f:e1:
41:92:73:a0:30:db:91:4e:32:71:ce:24:0a:28:fa:
aa:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:26:A0:15:0E:A8:7C:47:31:CA:A5:ED:AF:E6:D5:59:E8:0A:4D:F2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MCagFQ6ofEcxyqXtr-bVWegKTfI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
26:31:20:9f:af:e1:cd:f1:bb:ff:6e:53:7f:99:06:96:48:20:
03:ec:51:4b:dc:18:ac:ab:af:e3:46:a3:07:bc:16:a6:2b:2d:
23:8e:c3:6b:a5:6a:91:f8:e8:04:a3:3b:d5:92:3a:28:71:ef:
26:69:c4:af:fe:d8:1b:96:2d:b5:fe:a7:ce:90:dd:39:34:24:
d4:2d:1f:c0:88:c3:ce:15:e1:36:df:6c:e3:df:f6:35:b6:1b:
c6:20:46:0d:9e:15:40:e6:ba:cf:85:f1:bb:6b:c6:f9:94:03:
3b:0c:61:d9:b7:79:02:28:b1:14:df:16:54:51:c5:e9:1c:45:
3d:8d:6d:0a:41:29:69:21:d5:73:2d:0a:e8:f1:c5:5d:be:b0:
ca:db:b3:d2:d9:75:2c:3f:f4:2c:6e:60:c1:91:41:a1:18:d2:
ec:0d:e5:29:0c:86:81:02:14:8c:b2:6f:39:56:60:2e:39:60:
5d:b3:d4:04:63:c2:60:15:ad:58:da:bd:a7:cc:b3:52:a5:8e:
72:9a:12:73:02:e0:94:11:36:bb:c7:0d:d3:c4:73:dd:8a:ed:
fe:f0:06:7a:e8:0d:f1:e7:df:8c:b8:b6:72:5f:a7:1e:08:ed:
6e:ed:01:e3:01:7d:9e:3c:f6:52:e1:b2:19:62:57:89:46:64:
64:5f:de:be
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNbYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
NDUyMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDMwMjZBMDE1MEVBODdD
NDczMUNBQTVFREFGRTZENTU5RTgwQTRERjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCunJQ4EANI0fzqdhoYMSDvdx5KbG+eKMp9wNXbQq0lrSerAWUF
Vr/uSfW1FbWzB2UB5HhTPHF/3JyYO4fKevGW3uqvk1WU4xhyNX0PRYkpcK7dktiZ
XZ4yinRzfZhsYr4DOzpsdirDYhPeZ4AhvWy164n1r+pTK7m4iEcJg2abAqd82UpE
vc9M5dIQ7AvMe0Qz47gbHywC9iMD+8ounEqIbQQS5P32xfgqw6vAWDgm8034OpoF
O5/S6lUsmqZejsjQbn4/95yaPZn5fUaSTxLkaFs0b3D1SxLNHk2meyM2rG59BQet
ewH9R8/k8BIP4UGSc6Aw25FOMnHOJAoo+qo/AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUMCagFQ6ofEcxyqXtr+bVWegKTfIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01DYWdGUTZvZkVjeHlx
WHRyLWJWV2VnS1RmSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAJjEgn6/hzfG7/25Tf5kGlkggA+xRS9wY
rKuv40ajB7wWpistI47Da6VqkfjoBKM71ZI6KHHvJmnEr/7YG5Yttf6nzpDdOTQk
1C0fwIjDzhXhNt9s49/2NbYbxiBGDZ4VQOa6z4Xxu2vG+ZQDOwxh2bd5AiixFN8W
VFHF6RxFPY1tCkEpaSHVcy0K6PHFXb6wytuz0tl1LD/0LG5gwZFBoRjS7A3lKQyG
gQIUjLJvOVZgLjlgXbPUBGPCYBWtWNq9p8yzUqWOcpoScwLglBE2u8cN08Rz3Yrt
/vAGeugN8effjLi2cl+nHgjtbu0B4wF9njz2UuGyGWJXiUZkZF/evg==
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:20:38 2025 by rpki-client