Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XwaSvQZRIMCabJv53dfaU3fGcSs.roa
File: XwaSvQZRIMCabJv53dfaU3fGcSs.roa (raw, json)
Hash identifier: AbpLCspjihyLpUrVyHPLXtoTccOit98/spTibJJLSa8=
Subject key identifier: 5F:06:92:BD:06:51:20:C0:9A:6C:9B:F9:DD:D7:DA:53:77:C6:71:2B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 37FE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XwaSvQZRIMCabJv53dfaU3fGcSs.roa
Signing time: Wed 03 Apr 2024 05:52:18 +0000
ROA not before: Wed 03 Apr 2024 05:52:18 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14334 (0x37fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 3 05:52:18 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5F0692BD065120C09A6C9BF9DDD7DA5377C6712B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:ad:74:e6:0d:75:2a:84:27:99:1c:87:56:57:
8b:f7:66:a7:7a:a4:04:0f:f0:e4:46:70:44:5a:38:
9c:b4:c4:48:09:3c:68:c9:2b:b6:18:b3:d9:3e:31:
17:77:bd:88:30:c8:ed:4c:9f:64:3c:08:9f:86:13:
95:8a:d3:4b:f0:71:b7:50:69:39:d7:50:ce:fe:04:
bb:f4:32:50:ab:7d:76:53:17:c8:d4:0d:41:9e:55:
37:13:d6:4f:1a:05:fb:52:2f:b0:68:ce:6e:c3:83:
f6:81:82:bb:73:96:09:5b:40:a7:d4:ad:b2:c3:db:
34:0b:07:7a:18:79:b3:ab:5b:6b:58:ac:e4:f3:4c:
dc:fc:8c:aa:b4:bb:e7:6e:fc:51:ab:1a:bb:7c:bb:
0f:d1:8a:fe:18:e4:96:ee:6c:6e:b9:e1:0c:c9:41:
81:41:51:58:49:65:ce:5e:17:81:e5:63:74:fd:17:
77:fe:f6:25:a5:ab:ae:d9:5f:38:2d:2c:b0:1a:ac:
4a:f3:0a:25:2d:74:22:a1:b1:0c:91:69:c7:4c:02:
ce:68:43:ab:44:45:b8:d8:47:f7:24:59:e2:7b:88:
dd:5d:32:57:a7:56:1a:8e:5c:71:00:9c:50:e2:4d:
dc:40:69:64:de:b9:fc:d4:13:cc:0d:0c:a8:22:20:
66:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:06:92:BD:06:51:20:C0:9A:6C:9B:F9:DD:D7:DA:53:77:C6:71:2B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XwaSvQZRIMCabJv53dfaU3fGcSs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
93:1a:8d:47:42:49:53:53:3f:71:8a:d6:ae:e3:af:b4:c9:cf:
c2:87:7f:81:f3:2a:d6:be:67:13:e9:be:b2:61:6c:23:d1:a0:
45:9e:6b:87:66:31:05:13:d3:68:8b:de:5c:9d:c1:8e:2e:88:
05:ac:fa:e5:c0:5c:20:75:6d:8f:39:78:6e:5d:b5:09:01:5f:
3e:5f:bb:1d:19:be:f9:37:3c:43:6c:13:be:f0:dc:8e:e5:ec:
b8:4b:21:51:91:a2:8c:69:98:c5:f6:84:a9:bb:09:6e:2b:01:
7b:da:77:79:70:72:bd:7c:bb:36:1f:c0:f3:bc:4c:99:ff:43:
95:a2:7e:66:04:83:5b:b2:54:78:4c:5b:9e:e7:cd:f9:fa:64:
5e:dc:89:3a:40:ae:3d:58:e1:00:9c:8d:87:84:33:3f:e0:46:
99:61:9e:bf:77:90:4a:91:0e:52:46:6e:ca:2d:13:7a:45:7d:
ec:84:8e:d5:91:fa:09:48:60:c5:11:a3:d9:0d:93:8c:b1:ec:
a3:10:80:bc:5e:5e:e2:e6:bb:5f:d2:24:4a:48:e5:6c:42:86:
83:3f:14:6e:73:22:87:e8:d9:a0:df:b5:64:2c:9d:13:1e:b5:
f9:6d:61:95:a1:76:98:a9:f5:38:8d:47:b0:22:cd:3d:3a:20:
6e:08:90:a4
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICN/4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDMw
NTUyMThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVGMDY5MkJEMDY1MTIw
QzA5QTZDOUJGOURERDdEQTUzNzdDNjcxMkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClrXTmDXUqhCeZHIdWV4v3Zqd6pAQP8ORGcERaOJy0xEgJPGjJ
K7YYs9k+MRd3vYgwyO1Mn2Q8CJ+GE5WK00vwcbdQaTnXUM7+BLv0MlCrfXZTF8jU
DUGeVTcT1k8aBftSL7Bozm7Dg/aBgrtzlglbQKfUrbLD2zQLB3oYebOrW2tYrOTz
TNz8jKq0u+du/FGrGrt8uw/Riv4Y5JbubG654QzJQYFBUVhJZc5eF4HlY3T9F3f+
9iWlq67ZXzgtLLAarErzCiUtdCKhsQyRacdMAs5oQ6tERbjYR/ckWeJ7iN1dMlen
VhqOXHEAnFDiTdxAaWTeufzUE8wNDKgiIGb/AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUXwaSvQZRIMCabJv53dfaU3fGcSswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1h3YVN2UVpSSU1DYWJK
djUzZGZhVTNmR2NTcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAkxqNR0JJU1M/cYrWruOvtMnPwod/gfMq
1r5nE+m+smFsI9GgRZ5rh2YxBRPTaIveXJ3Bji6IBaz65cBcIHVtjzl4bl21CQFf
Pl+7HRm++Tc8Q2wTvvDcjuXsuEshUZGijGmYxfaEqbsJbisBe9p3eXByvXy7Nh/A
87xMmf9DlaJ+ZgSDW7JUeExbnufN+fpkXtyJOkCuPVjhAJyNh4QzP+BGmWGev3eQ
SpEOUkZuyi0TekV97ISO1ZH6CUhgxRGj2Q2TjLHsoxCAvF5e4ua7X9IkSkjlbEKG
gz8UbnMih+jZoN+1ZCydEx61+W1hlaF2mKn1OI1HsCLNPTogbgiQpA==
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:19:41 2025 by rpki-client