Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MtLAouPb305qk6fBbwH-Ol6YLVc.roa
File: MtLAouPb305qk6fBbwH-Ol6YLVc.roa (raw, json)
Hash identifier: Cke8ZSTRjkHAfm99GrTOSyWtqatl1NWqtvTr+yRjugI=
Subject key identifier: 32:D2:C0:A2:E3:DB:DF:4E:6A:93:A7:C1:6F:01:FE:3A:5E:98:2D:57
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 417E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MtLAouPb305qk6fBbwH-Ol6YLVc.roa
Signing time: Mon 15 Apr 2024 21:53:21 +0000
ROA not before: Mon 15 Apr 2024 21:53:21 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16766 (0x417e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 21:53:21 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=32D2C0A2E3DBDF4E6A93A7C16F01FE3A5E982D57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:d0:3c:4a:f7:31:d3:57:25:3d:93:cd:b7:8e:
d8:55:b5:4f:4a:0c:bc:6e:e8:79:60:7d:a5:1f:71:
55:dd:ea:e3:3c:24:4e:a8:91:f8:14:25:6e:3d:7c:
b6:e2:ad:b9:74:1c:14:87:3f:97:4e:ce:09:bf:d8:
cf:6d:4f:49:bc:0e:cc:a5:56:81:d5:c1:98:63:3a:
c6:ba:f9:dd:51:26:b9:f6:de:ea:f6:04:75:8c:44:
1b:6c:89:42:e2:f4:e2:2d:91:31:c2:27:e4:51:60:
9f:25:e9:5d:92:41:70:d7:94:05:32:7b:ed:d8:2f:
c0:12:a2:49:f2:57:ee:62:99:73:21:97:87:3e:70:
78:0e:57:9e:b0:5f:78:86:74:9f:0f:43:00:09:02:
ae:bd:1f:ea:4d:0c:3d:aa:8a:6c:71:34:ec:51:30:
3f:65:b4:50:c6:dc:7c:9a:41:7a:b2:ea:30:73:a8:
ea:c0:75:36:20:ba:8c:8c:09:85:46:49:70:6d:7b:
21:b6:7d:31:af:a2:71:6d:f5:21:ca:61:ce:9a:23:
30:e1:c1:e1:d7:44:17:99:d8:04:09:c2:ea:0c:41:
d4:fc:c0:57:69:f4:f1:5a:d7:b4:1a:cd:d3:0e:ef:
5c:4a:b0:c4:7a:d2:4c:2f:32:b7:e7:ce:60:4b:f6:
27:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:D2:C0:A2:E3:DB:DF:4E:6A:93:A7:C1:6F:01:FE:3A:5E:98:2D:57
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MtLAouPb305qk6fBbwH-Ol6YLVc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3f:c0:d5:4d:66:22:70:15:98:4d:9a:90:4c:7d:d2:6b:92:46:
34:9b:91:08:74:4d:06:09:3b:1d:be:1f:53:96:c5:75:1d:85:
8c:b3:73:2b:d8:24:78:a1:60:74:e8:73:10:7d:09:51:6f:d6:
b8:26:a4:48:c2:0a:6e:ec:2e:51:d5:e5:c8:f0:c9:b6:f1:0f:
75:7c:e3:a3:4f:69:3e:a5:e0:c4:60:53:93:02:2a:4e:0a:cf:
27:6a:5a:cf:42:6d:c8:f6:ea:67:ed:54:b0:99:f8:13:6d:d3:
5b:7d:68:1a:bd:96:1d:c4:ad:30:22:31:49:7d:f8:80:10:bb:
fe:b8:96:1b:90:17:49:1d:75:c3:16:76:f8:16:57:ab:2b:be:
36:99:7d:25:51:da:15:88:02:ad:16:10:a4:6a:fd:d7:80:88:
ea:79:cd:bf:4f:7c:4c:32:4d:c6:7a:6b:0f:91:79:b6:f7:41:
10:64:1e:39:d1:2c:f7:2c:a8:37:66:e0:cc:0b:da:f4:d6:fd:
f5:4d:91:0d:27:58:cd:78:c5:53:4a:a5:12:36:a3:59:38:20:
4a:1f:37:cf:18:06:97:20:d6:3b:2c:d7:72:17:07:22:f2:39:
13:32:a7:6b:5b:8f:2b:d6:67:09:8e:35:a0:30:fd:1c:46:66:
0d:a4:5f:4c
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQX4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUy
MTUzMjFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDMyRDJDMEEyRTNEQkRG
NEU2QTkzQTdDMTZGMDFGRTNBNUU5ODJENTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDU0DxK9zHTVyU9k823jthVtU9KDLxu6HlgfaUfcVXd6uM8JE6o
kfgUJW49fLbirbl0HBSHP5dOzgm/2M9tT0m8DsylVoHVwZhjOsa6+d1RJrn23ur2
BHWMRBtsiULi9OItkTHCJ+RRYJ8l6V2SQXDXlAUye+3YL8ASoknyV+5imXMhl4c+
cHgOV56wX3iGdJ8PQwAJAq69H+pNDD2qimxxNOxRMD9ltFDG3HyaQXqy6jBzqOrA
dTYguoyMCYVGSXBteyG2fTGvonFt9SHKYc6aIzDhweHXRBeZ2AQJwuoMQdT8wFdp
9PFa17QazdMO71xKsMR60kwvMrfnzmBL9iflAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUMtLAouPb305qk6fBbwH+Ol6YLVcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L010TEFvdVBiMzA1cWs2
ZkJid0gtT2w2WUxWYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAP8DVTWYicBWYTZqQTH3Sa5JGNJuRCHRN
Bgk7Hb4fU5bFdR2FjLNzK9gkeKFgdOhzEH0JUW/WuCakSMIKbuwuUdXlyPDJtvEP
dXzjo09pPqXgxGBTkwIqTgrPJ2paz0JtyPbqZ+1UsJn4E23TW31oGr2WHcStMCIx
SX34gBC7/riWG5AXSR11wxZ2+BZXqyu+Npl9JVHaFYgCrRYQpGr914CI6nnNv098
TDJNxnprD5F5tvdBEGQeOdEs9yyoN2bgzAva9Nb99U2RDSdYzXjFU0qlEjajWTgg
Sh83zxgGlyDWOyzXchcHIvI5EzKna1uPK9ZnCY41oDD9HEZmDaRfTA==
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:10:25 2025 by rpki-client