Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/UaSaQYodK7_ov63_1gf3CT6PV_o.roa
File: UaSaQYodK7_ov63_1gf3CT6PV_o.roa (raw, json)
Hash identifier: ceUbLzp2NkCq9jIMEPMWaCbyeXAGL1mLJXmMN6EvX60=
Subject key identifier: 51:A4:9A:41:8A:1D:2B:BF:E8:BF:AD:FF:D6:07:F7:09:3E:8F:57:FA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4166
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UaSaQYodK7_ov63_1gf3CT6PV_o.roa
Signing time: Mon 15 Apr 2024 18:52:58 +0000
ROA not before: Mon 15 Apr 2024 18:52:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16742 (0x4166)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 18:52:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=51A49A418A1D2BBFE8BFADFFD607F7093E8F57FA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:d9:6a:db:1a:a9:77:67:6e:c3:20:b7:4a:00:
56:3e:f7:e7:8e:61:87:7c:73:08:75:31:b5:8a:4b:
18:2a:2e:60:67:0e:eb:4b:f2:9b:65:7d:d8:4b:02:
15:f8:63:a2:32:95:13:81:69:15:30:5c:51:83:1f:
ad:7e:31:c6:6c:c4:8f:80:ea:f4:3f:27:2e:87:fe:
a8:b7:79:a5:10:35:1e:41:1b:aa:e3:9e:6c:7a:df:
95:77:d0:60:e5:ba:93:d1:ed:9f:37:73:13:1c:08:
f8:c5:14:5c:42:29:28:95:d0:ba:ad:07:13:07:91:
7b:93:f8:58:ae:a9:f9:72:24:7d:0c:39:03:5d:06:
e8:a6:c4:4a:c0:6b:55:69:d2:2b:e6:6d:23:fc:5f:
9d:9a:39:b5:4c:02:80:58:98:ed:a7:ab:f5:a7:31:
6f:37:58:0c:b7:27:7a:55:16:ee:56:cd:69:7c:ab:
ee:88:9b:8c:0e:f8:b7:17:22:aa:02:db:96:27:7e:
a4:e7:38:c8:12:cc:92:14:75:88:5e:20:de:ae:87:
28:e7:14:06:e6:12:9a:f9:7c:9e:f5:7e:fb:68:66:
a1:8c:10:08:9b:d0:0b:54:2d:90:f8:bd:fb:d4:f4:
4e:ab:66:c6:21:6c:68:d1:85:68:d4:5b:e3:04:4f:
8f:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:A4:9A:41:8A:1D:2B:BF:E8:BF:AD:FF:D6:07:F7:09:3E:8F:57:FA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UaSaQYodK7_ov63_1gf3CT6PV_o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6e:43:0f:a6:4b:8d:4d:ce:4b:d9:8d:81:ca:80:9e:9b:43:bf:
16:0e:3b:eb:22:e8:61:6e:eb:69:58:06:a5:d7:51:00:3e:92:
cf:fe:4a:c5:85:28:ee:87:2d:da:01:2a:cf:d9:d9:33:7c:c7:
35:64:9e:d4:4b:3e:39:f7:99:4e:6a:be:3d:1d:15:ef:dc:99:
f6:e1:b1:24:4a:22:ac:d5:b7:6d:94:59:d6:84:96:36:9c:a4:
97:74:98:c6:74:fa:c8:e1:ce:10:8c:7c:01:29:c1:8a:d2:9f:
0a:81:dd:7c:cf:b2:e0:9f:ee:d5:f0:31:68:8b:58:90:c0:60:
c8:6c:2e:79:a4:76:45:a8:6c:42:ab:10:c6:22:f7:d3:8b:b0:
6b:cd:33:a2:a5:93:16:e6:51:33:ac:ac:58:f8:5e:94:fc:5d:
3e:8d:02:34:08:08:69:4e:86:8b:32:37:74:54:c9:cf:b4:09:
28:ca:cf:eb:f4:e8:71:eb:dc:fd:22:bd:8d:f7:65:f2:97:ce:
02:21:f7:86:40:18:e6:33:6d:02:c8:f0:4d:1f:10:60:79:67:
3f:07:5f:3e:da:28:93:66:7b:5b:61:9a:9d:01:8a:4f:62:5d:
57:c3:72:39:9e:51:06:e0:78:ba:6a:85:59:33:c8:2e:b8:8a:
0b:3c:fe:8c
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQWYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
ODUyNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDUxQTQ5QTQxOEExRDJC
QkZFOEJGQURGRkQ2MDdGNzA5M0U4RjU3RkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDI2WrbGql3Z27DILdKAFY+9+eOYYd8cwh1MbWKSxgqLmBnDutL
8ptlfdhLAhX4Y6IylROBaRUwXFGDH61+McZsxI+A6vQ/Jy6H/qi3eaUQNR5BG6rj
nmx635V30GDlupPR7Z83cxMcCPjFFFxCKSiV0LqtBxMHkXuT+FiuqflyJH0MOQNd
BuimxErAa1Vp0ivmbSP8X52aObVMAoBYmO2nq/WnMW83WAy3J3pVFu5WzWl8q+6I
m4wO+LcXIqoC25YnfqTnOMgSzJIUdYheIN6uhyjnFAbmEpr5fJ71fvtoZqGMEAib
0AtULZD4vfvU9E6rZsYhbGjRhWjUW+MET4/9AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUUaSaQYodK7/ov63/1gf3CT6PV/owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1VhU2FRWW9kSzdfb3Y2
M18xZ2YzQ1Q2UFZfby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAbkMPpkuNTc5L2Y2ByoCem0O/Fg476yLo
YW7raVgGpddRAD6Sz/5KxYUo7oct2gEqz9nZM3zHNWSe1Es+OfeZTmq+PR0V79yZ
9uGxJEoirNW3bZRZ1oSWNpykl3SYxnT6yOHOEIx8ASnBitKfCoHdfM+y4J/u1fAx
aItYkMBgyGwueaR2RahsQqsQxiL304uwa80zoqWTFuZRM6ysWPhelPxdPo0CNAgI
aU6GizI3dFTJz7QJKMrP6/Tocevc/SK9jfdl8pfOAiH3hkAY5jNtAsjwTR8QYHln
PwdfPtook2Z7W2GanQGKT2JdV8NyOZ5RBuB4umqFWTPILriKCzz+jA==
-----END CERTIFICATE-----
Generated at Fri Jun 20 17:37:12 2025 by rpki-client