Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Sa8Y8AhfUuDtVG-Cd3IMVILp3hM.roa
File: Sa8Y8AhfUuDtVG-Cd3IMVILp3hM.roa (raw, json)
Hash identifier: KcTonkz0u0MZWoyumSDKxuxlcqngavPlp92EKqZgPNA=
Subject key identifier: 49:AF:18:F0:08:5F:52:E0:ED:54:6F:82:77:72:0C:54:82:E9:DE:13
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C82
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Sa8Y8AhfUuDtVG-Cd3IMVILp3hM.roa
Signing time: Tue 09 Apr 2024 06:22:39 +0000
ROA not before: Tue 09 Apr 2024 06:22:39 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15490 (0x3c82)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 06:22:39 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=49AF18F0085F52E0ED546F8277720C5482E9DE13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:d9:c7:25:1b:77:ed:fa:5b:40:a7:c9:3f:b9:
42:06:bc:07:ec:1d:e7:eb:13:f2:39:ce:7d:db:66:
33:72:2b:ec:09:14:c3:d7:df:85:85:d3:84:a6:56:
08:bd:d7:9b:ca:17:bc:ba:21:b4:e3:cb:48:5d:0b:
b2:d9:8c:0c:56:c3:3d:1e:57:fd:46:7d:e4:d6:49:
8d:7f:69:91:87:25:1d:9d:a2:be:d5:63:53:ec:a6:
c8:0e:9c:e8:11:b9:08:14:f1:af:aa:ce:52:0d:06:
5e:38:4f:a6:46:dd:67:54:20:26:ec:60:af:25:4b:
26:53:0e:5a:ab:f9:b6:38:c2:07:1d:1b:d7:3f:ff:
11:e7:bd:cf:3d:ac:cb:e7:61:8c:4c:21:25:ff:04:
d5:46:2c:fe:41:8d:55:48:77:3f:70:f7:ee:89:ef:
26:1b:90:47:74:e6:b0:19:e5:f7:1b:88:cb:59:5d:
64:0d:55:68:25:99:71:8d:57:09:3a:dc:e7:b4:77:
ee:0b:b1:aa:ca:54:b9:4e:30:f3:4c:e4:47:aa:46:
8d:c9:8f:de:12:c1:0d:ac:f8:5e:e6:f9:bb:c6:7d:
34:2e:ae:30:98:42:52:19:bd:41:17:6b:b5:9d:2b:
b5:95:21:7a:23:f7:6d:f5:0e:ec:93:0d:41:dc:19:
6e:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:AF:18:F0:08:5F:52:E0:ED:54:6F:82:77:72:0C:54:82:E9:DE:13
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Sa8Y8AhfUuDtVG-Cd3IMVILp3hM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
84:d6:24:96:10:de:8c:ec:b2:62:b3:d0:97:9e:87:57:c7:fa:
35:39:62:1d:f8:19:13:87:bb:f1:18:2a:c6:42:8b:e0:5b:10:
7d:11:54:53:7a:ec:e9:ac:f6:4c:99:20:04:fb:5a:b9:ac:75:
01:76:21:f0:b5:d2:25:8f:1d:0b:7c:1b:18:c4:ff:ba:c5:18:
a8:ab:55:c8:aa:3a:b0:54:34:66:27:df:57:00:88:10:c7:89:
e5:42:50:d4:6c:25:ff:78:f6:d4:b1:a4:1d:f0:e9:e0:b9:98:
cb:a8:5d:7e:63:f1:c0:8e:7b:90:bc:53:3a:d9:27:83:61:3b:
06:a6:a6:eb:1a:71:68:53:63:e3:8b:d2:0b:6d:4e:5d:1b:29:
e0:e6:9c:17:a9:08:e7:ca:9c:22:a2:03:c8:76:27:54:a8:dd:
5a:11:b9:89:0f:89:c6:9c:7e:71:ee:3c:ee:69:7a:8b:af:bc:
88:05:f0:dc:b8:d0:8f:4b:41:e8:8a:9a:d3:76:f0:64:43:df:
1a:bc:d1:1a:b8:d4:94:da:9a:bd:97:f5:f5:25:de:b5:22:04:
a5:65:b6:88:aa:ff:0d:3f:53:53:c9:6f:de:11:14:dd:5a:94:
92:ca:1d:83:94:6f:b0:23:8a:c3:51:69:1a:f2:4f:7e:9d:22:
5e:80:e1:0e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPIIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkw
NjIyMzlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ5QUYxOEYwMDg1RjUy
RTBFRDU0NkY4Mjc3NzIwQzU0ODJFOURFMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDY2cclG3ft+ltAp8k/uUIGvAfsHefrE/I5zn3bZjNyK+wJFMPX
34WF04SmVgi915vKF7y6IbTjy0hdC7LZjAxWwz0eV/1GfeTWSY1/aZGHJR2dor7V
Y1PspsgOnOgRuQgU8a+qzlINBl44T6ZG3WdUICbsYK8lSyZTDlqr+bY4wgcdG9c/
/xHnvc89rMvnYYxMISX/BNVGLP5BjVVIdz9w9+6J7yYbkEd05rAZ5fcbiMtZXWQN
VWglmXGNVwk63Oe0d+4LsarKVLlOMPNM5EeqRo3Jj94SwQ2s+F7m+bvGfTQurjCY
QlIZvUEXa7WdK7WVIXoj9231DuyTDUHcGW5VAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUSa8Y8AhfUuDtVG+Cd3IMVILp3hMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1NhOFk4QWhmVXVEdFZH
LUNkM0lNVklMcDNoTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAhNYklhDejOyyYrPQl56HV8f6NTliHfgZ
E4e78RgqxkKL4FsQfRFUU3rs6az2TJkgBPtauax1AXYh8LXSJY8dC3wbGMT/usUY
qKtVyKo6sFQ0ZiffVwCIEMeJ5UJQ1Gwl/3j21LGkHfDp4LmYy6hdfmPxwI57kLxT
Otkng2E7Bqam6xpxaFNj44vSC21OXRsp4OacF6kI58qcIqIDyHYnVKjdWhG5iQ+J
xpx+ce487ml6i6+8iAXw3LjQj0tB6Iqa03bwZEPfGrzRGrjUlNqavZf19SXetSIE
pWW2iKr/DT9TU8lv3hEU3VqUksodg5RvsCOKw1FpGvJPfp0iXoDhDg==
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:26:10 2025 by rpki-client