Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NmT4S_qWs2WO-IThdMQA4vcycqQ.roa
File: NmT4S_qWs2WO-IThdMQA4vcycqQ.roa (raw, json)
Hash identifier: 3ZU9NPXKhRgFZ3MgFkOS3BpnsORxSR7hCqVoDFPq7U8=
Subject key identifier: 36:64:F8:4B:FA:96:B3:65:8E:F8:84:E1:74:C4:00:E2:F7:32:72:A4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 544A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NmT4S_qWs2WO-IThdMQA4vcycqQ.roa
Signing time: Fri 10 May 2024 23:24:04 +0000
ROA not before: Fri 10 May 2024 23:24:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21578 (0x544a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 23:24:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3664F84BFA96B3658EF884E174C400E2F73272A4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:9d:52:ac:85:29:14:02:41:23:7a:b4:8d:22:
4a:b8:ba:74:bc:cb:b4:9e:e7:52:f6:87:0d:9c:49:
60:25:09:d2:37:d4:4a:34:cd:0a:61:44:98:41:88:
95:3e:13:e0:96:d8:4a:d7:1a:d2:7d:17:2a:bb:81:
dc:8e:74:44:09:a3:26:a6:62:bc:9c:51:14:2a:e6:
9e:11:ca:98:a6:4f:1d:64:37:fe:91:a7:d8:19:15:
fe:4d:42:ce:c6:02:12:14:9d:9c:cd:46:c2:7a:25:
f5:d7:e5:3e:b6:d2:a3:eb:20:1c:7f:e5:f0:8f:61:
39:9d:3e:09:99:50:5c:86:83:1e:d8:38:90:bc:f4:
2d:08:cb:f9:ef:dd:44:25:cf:2e:de:8e:84:3b:07:
6e:78:db:cf:4e:06:b8:5e:d9:9a:5d:37:63:2d:c5:
f4:f8:b0:c2:57:15:be:0c:85:65:1d:3d:64:2a:26:
04:dd:f6:1c:4a:6f:be:98:1a:9b:ac:49:55:e8:21:
78:58:a5:26:4b:38:90:94:14:87:75:34:c3:df:90:
6d:5a:c1:8b:6d:b1:cb:c4:ec:47:a8:93:7b:98:62:
1d:84:96:41:85:14:ac:11:25:e1:5d:2e:c2:a9:8f:
65:ac:aa:7d:03:5c:33:b1:d6:29:de:90:e0:a8:47:
2d:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:64:F8:4B:FA:96:B3:65:8E:F8:84:E1:74:C4:00:E2:F7:32:72:A4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NmT4S_qWs2WO-IThdMQA4vcycqQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
57:d0:bf:2d:0a:1e:9e:16:e1:2c:e8:47:20:2a:e8:d7:a7:a5:
d2:fa:47:95:26:66:d6:5d:7c:6c:82:53:86:64:19:89:40:de:
7a:6b:6f:ff:dc:39:8a:5c:33:fe:9a:34:0f:c8:ad:5c:c6:84:
e7:30:a2:04:13:5c:91:27:55:e1:67:2d:e5:7c:ec:ba:c4:0d:
66:80:3e:33:f6:32:df:cf:5d:bf:df:45:20:29:e9:f1:2b:48:
b6:83:bb:81:17:01:aa:e5:ae:52:17:71:3e:b9:b5:06:5f:45:
8d:7e:d5:cf:d5:00:2c:fd:52:a1:e5:87:f9:3f:53:12:67:41:
83:9c:78:91:1c:23:80:6e:3a:1b:b4:63:d0:28:da:82:e2:28:
f1:ff:2f:6f:34:88:9f:52:2c:e9:6c:a8:d8:44:42:c1:b3:3d:
73:c8:45:28:81:1f:10:2a:9f:05:86:ed:c7:58:f6:cb:18:fd:
4e:b6:dd:a1:b3:73:d7:d3:35:2a:4d:56:71:c6:17:2d:ca:40:
b6:95:27:5d:ac:56:35:07:9b:93:22:6d:16:0f:aa:10:40:31:
44:6d:8e:9d:e8:10:ce:a4:e9:be:f2:f1:b2:4c:90:d8:88:38:
24:5c:6a:66:37:09:ed:ca:a2:2c:e4:03:ee:32:42:63:52:c8:
71:aa:3f:c5
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVEowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAy
MzI0MDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM2NjRGODRCRkE5NkIz
NjU4RUY4ODRFMTc0QzQwMEUyRjczMjcyQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxnVKshSkUAkEjerSNIkq4unS8y7Se51L2hw2cSWAlCdI31Eo0
zQphRJhBiJU+E+CW2ErXGtJ9Fyq7gdyOdEQJoyamYrycURQq5p4RypimTx1kN/6R
p9gZFf5NQs7GAhIUnZzNRsJ6JfXX5T620qPrIBx/5fCPYTmdPgmZUFyGgx7YOJC8
9C0Iy/nv3UQlzy7ejoQ7B254289OBrhe2ZpdN2MtxfT4sMJXFb4MhWUdPWQqJgTd
9hxKb76YGpusSVXoIXhYpSZLOJCUFId1NMPfkG1awYttscvE7Eeok3uYYh2ElkGF
FKwRJeFdLsKpj2Wsqn0DXDOx1inekOCoRy03AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUNmT4S/qWs2WO+IThdMQA4vcycqQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05tVDRTX3FXczJXTy1J
VGhkTVFBNHZjeWNxUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAV9C/LQoenhbhLOhHICro16el0vpHlSZm
1l18bIJThmQZiUDeemtv/9w5ilwz/po0D8itXMaE5zCiBBNckSdV4Wct5XzsusQN
ZoA+M/Yy389dv99FICnp8StItoO7gRcBquWuUhdxPrm1Bl9FjX7Vz9UALP1SoeWH
+T9TEmdBg5x4kRwjgG46G7Rj0CjaguIo8f8vbzSIn1Is6Wyo2ERCwbM9c8hFKIEf
ECqfBYbtx1j2yxj9TrbdobNz19M1Kk1WccYXLcpAtpUnXaxWNQebkyJtFg+qEEAx
RG2OnegQzqTpvvLxskyQ2Ig4JFxqZjcJ7cqiLOQD7jJCY1LIcao/xQ==
-----END CERTIFICATE-----
Generated at Sun Jun 22 16:44:34 2025 by rpki-client