Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/TF25PbaokU7YXbt-cQ7HTiJyt-E.roa
File: TF25PbaokU7YXbt-cQ7HTiJyt-E.roa (raw, json)
Hash identifier: MBtJS2HOAcjfihPn6xk134ktiAA3PB8AMILz1X2R+fs=
Subject key identifier: 4C:5D:B9:3D:B6:A8:91:4E:D8:5D:BB:7E:71:0E:C7:4E:22:72:B7:E1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F52
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TF25PbaokU7YXbt-cQ7HTiJyt-E.roa
Signing time: Sat 13 Apr 2024 00:22:49 +0000
ROA not before: Sat 13 Apr 2024 00:22:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16210 (0x3f52)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 00:22:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4C5DB93DB6A8914ED85DBB7E710EC74E2272B7E1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:19:c6:ee:c1:4a:f7:29:af:7b:97:f9:85:b4:
21:7e:48:6a:ea:23:00:b5:da:7c:5f:35:50:72:2f:
5a:1b:61:b1:58:3e:f8:db:5b:22:13:c6:4f:c2:01:
72:67:8d:9c:5d:4f:66:8d:fa:3d:09:77:93:f1:c6:
1a:d1:bc:a3:f3:ea:17:61:5b:13:05:4f:23:27:bc:
26:45:3d:3a:ab:cd:4c:89:43:7e:9c:d2:46:3d:47:
1b:5a:73:d9:fe:ae:31:0f:15:34:21:74:fe:00:53:
9e:eb:88:22:eb:01:6c:a5:89:ef:82:9f:93:af:cc:
48:66:38:46:fd:c2:64:2f:71:be:9a:c3:86:db:2a:
bb:23:7c:88:e6:04:16:0d:80:90:c2:ac:0d:a8:b1:
76:1e:5d:e1:cd:37:9c:3e:1b:a6:ee:10:52:2c:d1:
43:5f:03:74:cb:ea:f8:02:19:6a:7c:72:29:bd:ec:
e8:a3:79:e3:ee:a4:10:86:56:f9:9f:61:d1:e8:47:
fc:24:51:73:96:7a:30:f3:e5:70:91:6c:b6:a0:31:
58:ec:53:3c:6f:b1:0e:df:38:20:a5:61:ce:c0:1d:
fc:26:d4:fb:61:7a:58:2f:ca:2a:1b:5c:0d:cc:5f:
98:9b:ff:77:bd:1d:a0:05:d6:6f:59:70:95:22:95:
23:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:5D:B9:3D:B6:A8:91:4E:D8:5D:BB:7E:71:0E:C7:4E:22:72:B7:E1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TF25PbaokU7YXbt-cQ7HTiJyt-E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b9:ce:ff:ff:b0:3c:23:fb:63:c9:60:ff:a6:bf:02:a5:c7:6e:
96:7a:30:ca:a6:bd:49:8f:2c:58:44:09:09:07:ec:59:8f:b2:
e9:ed:be:f3:1e:02:4b:c3:33:02:bd:6f:b4:fc:e2:f5:13:7b:
5a:d8:32:64:93:47:5f:a4:65:72:c2:b8:70:ae:fa:4a:4e:af:
1e:61:88:b1:d8:fc:dc:05:f2:bd:3c:d1:f5:c0:42:b5:70:d8:
cd:66:7f:e2:66:2e:ed:17:7b:90:6e:ed:7a:62:bf:04:eb:ea:
64:e9:5b:ff:eb:d4:ae:cc:60:9c:f1:86:98:01:31:f9:a6:32:
77:6a:37:12:78:d3:97:64:b7:12:5a:3c:01:e2:33:88:0a:f9:
6b:57:a8:7c:f1:70:46:aa:a5:b3:c6:5d:79:db:0d:5e:53:aa:
94:93:9a:7e:07:69:6f:8d:c6:4e:c0:65:da:c3:0f:64:7c:52:
7c:fe:d8:59:6e:4b:34:c3:0c:a3:03:0e:26:26:99:8d:ca:67:
32:fe:67:f6:03:1a:49:6a:15:48:28:cd:e3:30:e8:d9:24:6d:
83:16:ab:e4:ff:58:35:f8:5c:95:97:6e:e4:9c:6f:b8:62:63:
f8:81:35:2e:b6:a4:0a:23:90:74:3d:d0:d0:58:fa:48:da:fe:
93:55:01:2a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICP1IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMw
MDIyNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRDNURCOTNEQjZBODkx
NEVEODVEQkI3RTcxMEVDNzRFMjI3MkI3RTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDGcbuwUr3Ka97l/mFtCF+SGrqIwC12nxfNVByL1obYbFYPvjb
WyITxk/CAXJnjZxdT2aN+j0Jd5PxxhrRvKPz6hdhWxMFTyMnvCZFPTqrzUyJQ36c
0kY9Rxtac9n+rjEPFTQhdP4AU57riCLrAWylie+Cn5OvzEhmOEb9wmQvcb6aw4bb
KrsjfIjmBBYNgJDCrA2osXYeXeHNN5w+G6buEFIs0UNfA3TL6vgCGWp8cim97Oij
eePupBCGVvmfYdHoR/wkUXOWejDz5XCRbLagMVjsUzxvsQ7fOCClYc7AHfwm1Pth
elgvyiobXA3MX5ib/3e9HaAF1m9ZcJUilSNBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUTF25PbaokU7YXbt+cQ7HTiJyt+EwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1RGMjVQYmFva1U3WVhi
dC1jUTdIVGlKeXQtRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAuc7//7A8I/tjyWD/pr8Cpcdulnowyqa9
SY8sWEQJCQfsWY+y6e2+8x4CS8MzAr1vtPzi9RN7WtgyZJNHX6RlcsK4cK76Sk6v
HmGIsdj83AXyvTzR9cBCtXDYzWZ/4mYu7Rd7kG7temK/BOvqZOlb/+vUrsxgnPGG
mAEx+aYyd2o3EnjTl2S3Elo8AeIziAr5a1eofPFwRqqls8ZdedsNXlOqlJOafgdp
b43GTsBl2sMPZHxSfP7YWW5LNMMMowMOJiaZjcpnMv5n9gMaSWoVSCjN4zDo2SRt
gxar5P9YNfhclZdu5JxvuGJj+IE1LrakCiOQdD3Q0Fj6SNr+k1UBKg==
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:05:57 2025 by rpki-client