Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/S2Ug4VfjsqDR_L0DNPPEaDlQgOM.roa
File: S2Ug4VfjsqDR_L0DNPPEaDlQgOM.roa (raw, json)
Hash identifier: nPeIncH15bxZOaEjmOzETElkx3OeQqeC3k02UnjjDo4=
Subject key identifier: 4B:65:20:E1:57:E3:B2:A0:D1:FC:BD:03:34:F3:C4:68:39:50:80:E3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E92
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S2Ug4VfjsqDR_L0DNPPEaDlQgOM.roa
Signing time: Fri 12 Apr 2024 00:23:15 +0000
ROA not before: Fri 12 Apr 2024 00:23:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16018 (0x3e92)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 00:23:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4B6520E157E3B2A0D1FCBD0334F3C468395080E3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:87:9f:90:a1:37:a3:15:b7:56:dc:39:a3:5e:
72:42:25:97:e3:5e:d4:69:4b:ae:18:46:ee:96:08:
1f:41:6a:66:30:ea:a1:5b:fd:6a:b5:08:ec:35:8f:
2e:87:a4:11:23:13:a9:4a:98:c0:c2:d9:e0:4f:1d:
a4:53:53:74:af:85:4d:c7:d0:60:2d:f5:4f:57:5c:
03:21:76:d7:fb:97:4e:fa:4f:af:91:2d:88:0c:f6:
eb:e0:c6:53:ec:24:f8:a4:53:c0:d1:bd:a4:2c:c8:
15:8a:8f:e0:a3:71:96:2a:6c:84:e2:e7:0f:07:bf:
58:c4:e9:a7:a5:33:7a:1f:33:7a:70:f4:18:47:60:
dd:a7:f7:6e:74:55:63:10:ee:a6:b7:40:02:e8:a0:
cc:03:9e:2a:55:0d:5f:05:f0:40:00:69:3a:93:54:
ae:27:78:aa:42:41:0f:b2:6d:f0:80:c1:74:00:17:
c0:c2:0c:06:07:6b:6c:09:0c:4c:35:56:11:52:0d:
0d:a7:bb:c6:18:77:47:33:47:26:5c:a7:76:1f:bb:
af:9c:67:05:8a:6b:75:27:95:7f:d9:ad:11:bc:c5:
e8:5f:f3:61:1d:a3:fb:83:83:13:73:2a:d4:60:9b:
d3:19:fa:5c:31:20:b2:d2:cb:07:1d:ab:3a:fa:6d:
6a:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:65:20:E1:57:E3:B2:A0:D1:FC:BD:03:34:F3:C4:68:39:50:80:E3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S2Ug4VfjsqDR_L0DNPPEaDlQgOM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
99:a6:3b:ae:b0:a4:27:c7:ae:2a:fd:a2:4d:be:c3:4c:93:22:
bf:5a:96:df:8e:86:34:8f:cc:05:68:8e:16:7c:9d:18:fd:8d:
03:46:a3:e2:80:4e:80:c1:c6:e8:38:ff:fd:58:3e:77:b4:18:
9b:9f:e0:ec:1c:92:48:7b:7a:35:0b:17:be:db:95:bb:0c:88:
b4:04:25:6b:ce:0d:c4:fb:bf:40:5a:e7:ae:b5:5e:ac:c8:9a:
79:6c:42:cf:4e:0c:39:5d:9b:cd:b7:03:39:1b:00:b0:d6:ff:
54:8e:f7:e9:d3:e2:45:b0:33:15:fb:01:69:20:d3:bc:a0:30:
42:4d:97:7f:7b:b4:50:c6:1d:33:57:ea:9e:a1:c4:e1:5e:c4:
fc:6b:74:49:b9:1a:b5:64:60:a1:d9:d2:4d:24:8f:91:9b:24:
26:4f:35:fa:d7:32:14:01:40:99:c6:0e:8f:e2:94:6b:c9:f1:
05:d9:44:2c:a5:b2:fd:6c:51:4b:33:38:79:4a:aa:d7:5a:bd:
9e:7a:ce:60:5e:51:fb:1d:aa:16:ee:27:ef:45:b4:fc:05:ad:
ae:c3:23:43:af:4c:76:62:09:be:b7:70:b4:91:c7:97:f6:16:
ce:e8:2d:e5:55:f5:03:e3:e5:d9:25:2b:03:76:c3:15:ca:b4:
33:f1:9f:9b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPpIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIw
MDIzMTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRCNjUyMEUxNTdFM0Iy
QTBEMUZDQkQwMzM0RjNDNDY4Mzk1MDgwRTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7h5+QoTejFbdW3DmjXnJCJZfjXtRpS64YRu6WCB9BamYw6qFb
/Wq1COw1jy6HpBEjE6lKmMDC2eBPHaRTU3SvhU3H0GAt9U9XXAMhdtf7l076T6+R
LYgM9uvgxlPsJPikU8DRvaQsyBWKj+CjcZYqbITi5w8Hv1jE6aelM3ofM3pw9BhH
YN2n9250VWMQ7qa3QALooMwDnipVDV8F8EAAaTqTVK4neKpCQQ+ybfCAwXQAF8DC
DAYHa2wJDEw1VhFSDQ2nu8YYd0czRyZcp3Yfu6+cZwWKa3UnlX/ZrRG8xehf82Ed
o/uDgxNzKtRgm9MZ+lwxILLSywcdqzr6bWqJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUS2Ug4VfjsqDR/L0DNPPEaDlQgOMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1MyVWc0VmZqc3FEUl9M
MEROUFBFYURsUWdPTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAmaY7rrCkJ8euKv2iTb7DTJMiv1qW346G
NI/MBWiOFnydGP2NA0aj4oBOgMHG6Dj//Vg+d7QYm5/g7BySSHt6NQsXvtuVuwyI
tAQla84NxPu/QFrnrrVerMiaeWxCz04MOV2bzbcDORsAsNb/VI736dPiRbAzFfsB
aSDTvKAwQk2Xf3u0UMYdM1fqnqHE4V7E/Gt0SbkatWRgodnSTSSPkZskJk81+tcy
FAFAmcYOj+KUa8nxBdlELKWy/WxRSzM4eUqq11q9nnrOYF5R+x2qFu4n70W0/AWt
rsMjQ69MdmIJvrdwtJHHl/YWzugt5VX1A+Pl2SUrA3bDFcq0M/Gfmw==
-----END CERTIFICATE-----
Generated at Sun Jun 22 05:28:18 2025 by rpki-client