Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/VgcpYfY0uEfnLItGTzTleZJOH0Q.roa
File: VgcpYfY0uEfnLItGTzTleZJOH0Q.roa (raw, json)
Hash identifier: 9l/SmbdXoIE7uPLKRKKW9QS+h9YZbJOaThM0b58y82g=
Subject key identifier: 56:07:29:61:F6:34:B8:47:E7:2C:8B:46:4F:34:E5:79:92:4E:1F:44
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4536
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VgcpYfY0uEfnLItGTzTleZJOH0Q.roa
Signing time: Sat 20 Apr 2024 20:53:05 +0000
ROA not before: Sat 20 Apr 2024 20:53:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17718 (0x4536)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 20:53:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=56072961F634B847E72C8B464F34E579924E1F44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:f4:73:52:8b:41:76:1d:b2:c6:41:77:3d:fa:
49:4e:8c:49:b6:45:f9:ad:f4:cd:8b:8f:55:62:e6:
16:fc:28:1d:f7:cf:ee:38:bb:f3:40:d6:b5:4a:4c:
70:cb:e1:88:15:76:74:a8:43:c4:0b:28:c4:8a:f3:
34:ad:6f:fc:4e:de:46:e6:b9:7e:84:bc:5a:2d:02:
f8:80:d7:d1:88:02:08:eb:9c:e0:da:7a:82:98:48:
45:5d:9f:b9:38:91:27:1d:22:2e:77:6a:63:4a:e7:
8b:f7:6d:49:d9:94:14:ee:a4:4e:10:52:67:dd:1a:
cb:ce:15:a8:77:72:75:64:01:ec:10:f5:df:7e:a5:
13:e7:0e:dd:c6:8e:72:9e:34:8a:f2:8c:9d:d3:96:
10:b9:a1:57:f1:68:3e:c4:fb:8e:26:7f:d7:ed:28:
30:d3:f7:24:d5:12:53:06:7b:5a:ab:d6:bd:14:6f:
8c:58:70:17:20:e5:b6:e9:1f:61:b0:db:1c:87:f7:
f8:bc:c8:dc:a7:f8:de:3e:44:d6:0a:3d:7d:19:f9:
ee:d7:7a:99:55:6b:b9:b1:5e:55:1a:f6:47:a3:6b:
bf:74:bc:51:e4:3a:d3:b8:77:b6:0e:74:0b:aa:d7:
d2:71:6c:5f:59:88:5e:af:70:ad:5d:ec:48:b1:56:
98:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:07:29:61:F6:34:B8:47:E7:2C:8B:46:4F:34:E5:79:92:4E:1F:44
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VgcpYfY0uEfnLItGTzTleZJOH0Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
64:91:61:90:17:96:c8:16:3d:65:9b:33:6d:af:f6:4e:71:15:
40:d9:f7:5a:df:ff:a0:46:49:60:72:49:19:e4:06:b1:c9:62:
f3:c2:1e:c4:e4:c7:81:3d:69:ed:df:79:14:bc:be:03:62:7c:
91:7b:ea:eb:9b:92:4a:e4:68:25:c2:bc:63:33:49:d9:50:13:
ec:a6:bd:92:cb:2c:5e:61:d4:a8:8c:e1:56:32:62:3c:01:78:
15:94:4b:43:e2:90:1f:38:b8:a2:3c:cf:73:c8:e6:98:8e:f5:
66:29:43:c0:a8:27:da:95:a7:c0:c1:af:ef:31:f6:dc:dc:50:
3b:63:dc:48:41:16:c8:25:a1:ae:11:17:9f:42:b9:cd:9e:75:
71:f6:59:9f:dd:29:62:9c:55:1c:ee:6f:66:20:91:38:25:52:
57:c5:e3:ba:a8:be:ee:50:17:83:6a:a4:2c:8b:cb:53:7c:e4:
f4:e2:41:d9:98:9e:2f:6d:8d:09:3c:7c:bc:9c:d6:57:d1:56:
b8:a3:67:ad:0e:a1:3f:ee:22:a5:58:64:6e:76:26:0b:7d:c8:
fc:34:17:fe:ca:6c:95:78:13:30:5e:64:8b:ac:99:2e:45:cb:
b8:2e:4d:44:29:f4:1f:91:bf:6b:1d:d5:2c:ef:2d:87:5a:3c:
0f:a9:9a:44
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRTYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAy
MDUzMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU2MDcyOTYxRjYzNEI4
NDdFNzJDOEI0NjRGMzRFNTc5OTI0RTFGNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCq9HNSi0F2HbLGQXc9+klOjEm2Rfmt9M2Lj1Vi5hb8KB33z+44
u/NA1rVKTHDL4YgVdnSoQ8QLKMSK8zStb/xO3kbmuX6EvFotAviA19GIAgjrnODa
eoKYSEVdn7k4kScdIi53amNK54v3bUnZlBTupE4QUmfdGsvOFah3cnVkAewQ9d9+
pRPnDt3GjnKeNIryjJ3TlhC5oVfxaD7E+44mf9ftKDDT9yTVElMGe1qr1r0Ub4xY
cBcg5bbpH2Gw2xyH9/i8yNyn+N4+RNYKPX0Z+e7XeplVa7mxXlUa9keja790vFHk
OtO4d7YOdAuq19JxbF9ZiF6vcK1d7EixVpjFAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUVgcpYfY0uEfnLItGTzTleZJOH0QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1ZnY3BZZlkwdUVmbkxJ
dEdUelRsZVpKT0gwUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAZJFhkBeWyBY9ZZszba/2TnEVQNn3Wt//
oEZJYHJJGeQGscli88IexOTHgT1p7d95FLy+A2J8kXvq65uSSuRoJcK8YzNJ2VAT
7Ka9ksssXmHUqIzhVjJiPAF4FZRLQ+KQHzi4ojzPc8jmmI71ZilDwKgn2pWnwMGv
7zH23NxQO2PcSEEWyCWhrhEXn0K5zZ51cfZZn90pYpxVHO5vZiCROCVSV8Xjuqi+
7lAXg2qkLIvLU3zk9OJB2ZieL22NCTx8vJzWV9FWuKNnrQ6hP+4ipVhkbnYmC33I
/DQX/spslXgTMF5ki6yZLkXLuC5NRCn0H5G/ax3VLO8th1o8D6maRA==
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:58:06 2025 by rpki-client