Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/VfxJeQqT8u6pqIr3OAMH25jvG8I.roa
File: VfxJeQqT8u6pqIr3OAMH25jvG8I.roa (raw, json)
Hash identifier: RmJnQIKbYmUwWlJ7Ke+XS/oXYidMcQRwUik0wWOB3ng=
Subject key identifier: 55:FC:49:79:0A:93:F2:EE:A9:A8:8A:F7:38:03:07:DB:98:EF:1B:C2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 43AA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VfxJeQqT8u6pqIr3OAMH25jvG8I.roa
Signing time: Thu 18 Apr 2024 19:23:00 +0000
ROA not before: Thu 18 Apr 2024 19:23:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17322 (0x43aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 19:23:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=55FC49790A93F2EEA9A88AF7380307DB98EF1BC2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:f1:6a:35:58:08:c0:8e:ea:84:16:44:1c:16:
5f:52:c5:b5:40:07:55:0d:6c:79:77:a7:ff:c9:f4:
27:ec:58:d9:da:fe:8b:9f:b9:2c:45:ff:30:f3:b4:
6a:ec:f6:6b:80:6d:36:7f:e3:8a:88:45:88:68:78:
40:19:f1:5c:ab:de:5b:f9:f5:c5:ee:b0:99:5b:31:
35:e2:55:cb:51:38:76:bf:5d:6d:ba:82:7b:a2:2e:
5c:55:9e:30:50:c0:e2:5c:57:1f:bb:fa:b8:87:4a:
f1:d8:5e:d1:4f:8a:f1:c5:bf:75:55:d6:1b:81:2b:
2c:60:80:a9:b2:23:f6:91:f0:93:26:e6:5b:d1:f2:
fb:b4:93:27:a1:0a:91:63:27:de:66:30:e1:0e:e1:
d8:8d:7b:cd:d8:16:65:7a:8a:95:a8:ab:1c:d4:bf:
b0:65:ed:42:42:ed:2b:c4:22:35:b2:70:c9:df:b0:
52:e3:25:64:8e:b8:fe:34:cb:8e:45:b5:90:13:6b:
48:35:7b:db:dd:1d:77:10:4b:9c:b0:a2:da:15:91:
ff:94:4f:da:ca:30:74:f6:23:f5:0e:56:c3:63:b9:
36:4c:bb:d5:68:eb:25:f3:54:c3:2f:af:e1:b1:44:
62:37:26:15:4d:8c:f3:84:76:20:09:0a:43:3a:f7:
71:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:FC:49:79:0A:93:F2:EE:A9:A8:8A:F7:38:03:07:DB:98:EF:1B:C2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VfxJeQqT8u6pqIr3OAMH25jvG8I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5a:14:a1:c7:14:a4:b0:19:22:58:c1:93:b5:a3:5b:b5:d9:ac:
a9:52:80:ea:f8:f0:e9:b8:35:0c:3e:f4:65:fb:9f:10:97:ab:
44:7b:f7:9e:d9:40:bd:e9:fa:37:a6:82:93:4d:84:c7:1c:2f:
88:d6:61:7b:24:29:97:5e:c5:6f:2a:3c:37:90:b4:d7:46:84:
a1:c9:4b:be:6b:62:d2:31:c4:0f:23:09:d7:77:f3:25:5c:b2:
36:e0:fa:46:ec:bf:86:8f:80:b2:9c:60:51:d0:3b:19:f9:81:
cf:b8:08:b8:3e:25:b9:94:27:40:f7:54:e1:08:ad:cc:c1:91:
d2:46:1c:0c:bb:66:01:ee:89:41:d7:89:15:db:1d:51:66:0e:
08:ff:aa:46:96:05:58:f2:97:19:53:24:f7:d4:7a:11:97:f2:
43:79:d8:64:71:54:e6:b4:9b:34:14:32:e1:73:ec:4c:1c:e8:
3e:c2:93:62:fe:63:a3:54:7b:44:dc:f3:16:2f:45:d9:7a:28:
ae:b4:5e:90:6b:71:ce:55:6a:2a:af:57:bb:98:7d:15:d8:77:
44:1c:ec:46:f2:63:a5:74:84:ae:a2:b7:b0:f2:ce:0d:95:3b:
3c:b8:d6:26:96:d7:22:5d:48:4e:c6:cc:61:42:07:6d:7e:10:
2c:5d:45:3f
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQ6owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgx
OTIzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU1RkM0OTc5MEE5M0Yy
RUVBOUE4OEFGNzM4MDMwN0RCOThFRjFCQzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDS8Wo1WAjAjuqEFkQcFl9SxbVAB1UNbHl3p//J9CfsWNna/ouf
uSxF/zDztGrs9muAbTZ/44qIRYhoeEAZ8Vyr3lv59cXusJlbMTXiVctROHa/XW26
gnuiLlxVnjBQwOJcVx+7+riHSvHYXtFPivHFv3VV1huBKyxggKmyI/aR8JMm5lvR
8vu0kyehCpFjJ95mMOEO4diNe83YFmV6ipWoqxzUv7Bl7UJC7SvEIjWycMnfsFLj
JWSOuP40y45FtZATa0g1e9vdHXcQS5ywotoVkf+UT9rKMHT2I/UOVsNjuTZMu9Vo
6yXzVMMvr+GxRGI3JhVNjPOEdiAJCkM693GJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUVfxJeQqT8u6pqIr3OAMH25jvG8IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1ZmeEplUXFUOHU2cHFJ
cjNPQU1IMjVqdkc4SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAWhShxxSksBkiWMGTtaNbtdmsqVKA6vjw
6bg1DD70ZfufEJerRHv3ntlAven6N6aCk02ExxwviNZheyQpl17Fbyo8N5C010aE
oclLvmti0jHEDyMJ13fzJVyyNuD6Ruy/ho+AspxgUdA7GfmBz7gIuD4luZQnQPdU
4QitzMGR0kYcDLtmAe6JQdeJFdsdUWYOCP+qRpYFWPKXGVMk99R6EZfyQ3nYZHFU
5rSbNBQy4XPsTBzoPsKTYv5jo1R7RNzzFi9F2XoorrRekGtxzlVqKq9Xu5h9Fdh3
RBzsRvJjpXSErqK3sPLODZU7PLjWJpbXIl1ITsbMYUIHbX4QLF1FPw==
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:55:27 2025 by rpki-client