Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MuvnCzjhowIeMVgd5VLTIyarZL0.roa
File: MuvnCzjhowIeMVgd5VLTIyarZL0.roa (raw, json)
Hash identifier: rzKkD5Mvag6QH6y8AEh5Di/lO2fzqwGo9A0umV2vw0g=
Subject key identifier: 32:EB:E7:0B:38:E1:A3:02:1E:31:58:1D:E5:52:D3:23:26:AB:64:BD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42A6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MuvnCzjhowIeMVgd5VLTIyarZL0.roa
Signing time: Wed 17 Apr 2024 10:53:09 +0000
ROA not before: Wed 17 Apr 2024 10:53:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17062 (0x42a6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 10:53:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=32EBE70B38E1A3021E31581DE552D32326AB64BD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:74:c0:5a:89:7f:ca:c7:a9:2c:4f:56:14:f4:
67:01:ec:de:e2:39:ad:cc:2d:7e:b2:37:5b:24:47:
af:d9:60:36:63:a8:3f:43:00:e4:f6:24:19:cb:e3:
df:b0:20:2b:62:92:80:31:a3:cb:0a:bb:bd:e7:60:
29:12:cf:7a:7e:06:f8:c2:f8:7e:5c:fb:f9:97:43:
68:a4:60:d7:47:e5:ad:30:09:e3:4a:66:c0:ef:0d:
9e:ec:d8:d3:46:1a:fd:e4:96:ce:ba:74:45:e4:96:
57:7c:52:57:43:25:36:87:0c:03:3d:10:4f:a0:b7:
83:a9:ed:72:c7:ea:5b:0b:2a:3d:18:e1:82:6c:1c:
70:53:20:fe:14:b7:f4:01:bc:96:39:9d:13:35:80:
46:27:18:9e:49:36:78:8d:4d:ce:58:51:53:c9:a5:
9c:59:f6:d9:8b:45:18:b6:af:c1:b4:55:4b:9f:e1:
19:77:72:11:fe:dd:43:a6:22:68:19:9e:b1:12:53:
67:4f:8c:ee:4e:8f:22:65:46:b0:21:59:10:e9:b9:
c6:b8:9c:00:68:9e:4e:56:7f:21:3c:59:94:75:e4:
58:bc:04:35:aa:c6:50:00:e9:52:ab:71:84:1d:05:
5f:a8:c1:97:92:d6:a7:c9:66:30:72:f3:21:31:7c:
c3:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:EB:E7:0B:38:E1:A3:02:1E:31:58:1D:E5:52:D3:23:26:AB:64:BD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MuvnCzjhowIeMVgd5VLTIyarZL0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
64:70:86:6e:94:a2:c9:f6:d2:eb:66:4d:eb:99:fe:3f:05:7d:
23:38:f8:5c:92:93:d1:d5:a2:86:cc:93:58:43:f1:24:ef:19:
bf:15:9c:e7:52:90:7a:95:88:a0:e3:a1:3b:4a:cd:4a:29:87:
aa:b4:27:2c:70:dd:27:e2:3a:5e:89:a9:9c:9a:19:ec:7a:92:
50:07:1d:41:84:d1:39:be:85:13:89:68:1b:c1:28:18:42:3d:
db:bf:78:0c:20:27:5e:22:fc:2f:2e:df:bf:12:b4:39:e4:d8:
40:e1:37:53:65:39:86:66:1b:eb:35:c5:da:9f:65:4b:df:e7:
8c:0f:a2:0b:2d:da:e4:33:1d:ea:75:21:36:5e:0b:19:78:9b:
5a:11:a3:bd:6d:3e:13:df:eb:fc:29:7b:dc:11:50:18:73:63:
60:dd:3d:ec:25:fc:8a:50:8b:ad:0c:89:00:71:ab:4c:31:5f:
d6:1a:6e:3b:a0:c9:34:d2:e5:7c:0f:19:79:52:91:df:35:f2:
79:de:92:e5:5e:d1:4f:56:e1:59:5f:a9:f3:b1:a6:e5:7a:82:
7c:dd:11:40:7e:97:6c:7c:d8:42:c3:a7:4e:11:23:a4:f9:57:
e5:6f:3b:ce:ce:19:65:30:dc:34:28:55:45:57:d6:38:a9:67:
83:1b:18:3e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQqYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcx
MDUzMDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDMyRUJFNzBCMzhFMUEz
MDIxRTMxNTgxREU1NTJEMzIzMjZBQjY0QkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6dMBaiX/Kx6ksT1YU9GcB7N7iOa3MLX6yN1skR6/ZYDZjqD9D
AOT2JBnL49+wICtikoAxo8sKu73nYCkSz3p+BvjC+H5c+/mXQ2ikYNdH5a0wCeNK
ZsDvDZ7s2NNGGv3kls66dEXklld8UldDJTaHDAM9EE+gt4Op7XLH6lsLKj0Y4YJs
HHBTIP4Ut/QBvJY5nRM1gEYnGJ5JNniNTc5YUVPJpZxZ9tmLRRi2r8G0VUuf4Rl3
chH+3UOmImgZnrESU2dPjO5OjyJlRrAhWRDpuca4nABonk5WfyE8WZR15Fi8BDWq
xlAA6VKrcYQdBV+owZeS1qfJZjBy8yExfMOxAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUMuvnCzjhowIeMVgd5VLTIyarZL0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L011dm5Dempob3dJZU1W
Z2Q1VkxUSXlhclpMMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAZHCGbpSiyfbS62ZN65n+PwV9Izj4XJKT
0dWihsyTWEPxJO8ZvxWc51KQepWIoOOhO0rNSimHqrQnLHDdJ+I6XompnJoZ7HqS
UAcdQYTROb6FE4loG8EoGEI92794DCAnXiL8Ly7fvxK0OeTYQOE3U2U5hmYb6zXF
2p9lS9/njA+iCy3a5DMd6nUhNl4LGXibWhGjvW0+E9/r/Cl73BFQGHNjYN097CX8
ilCLrQyJAHGrTDFf1hpuO6DJNNLlfA8ZeVKR3zXyed6S5V7RT1bhWV+p87Gm5XqC
fN0RQH6XbHzYQsOnThEjpPlX5W87zs4ZZTDcNChVRVfWOKlngxsYPg==
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:48:45 2025 by rpki-client