Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YlwYkLCUZiJonGcAwdLOng43v_w.roa
File: YlwYkLCUZiJonGcAwdLOng43v_w.roa (raw, json)
Hash identifier: fwAM0Wq31bDfGSF7V6jbrwnmLXGLB085TxZ0M2ZlZh4=
Subject key identifier: 62:5C:18:90:B0:94:66:22:68:9C:67:00:C1:D2:CE:9E:0E:37:BF:FC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4D4A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YlwYkLCUZiJonGcAwdLOng43v_w.roa
Signing time: Wed 01 May 2024 15:23:42 +0000
ROA not before: Wed 01 May 2024 15:23:42 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19786 (0x4d4a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 15:23:42 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=625C1890B0946622689C6700C1D2CE9E0E37BFFC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:6a:29:75:d5:18:3e:54:2e:9a:00:ae:13:91:
5a:52:78:56:b8:63:28:04:ff:c1:d4:8d:6b:94:54:
6e:8c:2a:13:58:e9:fa:7e:57:99:ef:b8:7b:0b:2b:
ef:c0:50:75:90:b3:69:5a:1d:1d:da:1b:c0:96:70:
57:57:63:82:5f:c1:40:7d:6f:74:34:06:cb:81:da:
2b:3a:92:83:b5:99:ab:2a:95:6e:07:2b:b3:cd:af:
2b:0e:16:9a:8b:ad:5a:55:91:4c:5e:9b:da:43:85:
f0:d0:c0:31:6f:46:07:95:77:51:c3:44:ab:e8:8c:
45:19:f0:2e:b7:01:a5:70:cb:e7:5a:3d:1a:fc:04:
23:0a:37:82:9a:53:58:d8:be:22:c8:4c:3b:50:58:
48:4b:6e:73:40:d4:93:20:36:59:72:61:e8:3d:a3:
28:21:3a:4c:d1:62:7d:78:52:bd:b0:bb:d4:af:5b:
92:7f:2b:36:07:e1:80:ab:42:71:ee:70:f2:c0:82:
7e:42:48:0c:f0:a0:77:3d:7d:09:98:bb:5d:4b:67:
46:7a:b6:1c:7b:b0:e2:a5:63:2c:d3:b1:98:45:66:
d7:44:ec:36:53:74:0c:7b:f6:c7:10:95:da:c7:be:
41:1e:cf:6c:44:cd:41:ad:5c:6d:d6:6f:81:b9:8e:
3a:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:5C:18:90:B0:94:66:22:68:9C:67:00:C1:D2:CE:9E:0E:37:BF:FC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YlwYkLCUZiJonGcAwdLOng43v_w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
09:e7:8e:e5:87:a9:6a:b1:b1:af:86:74:6b:5a:ea:66:b1:b6:
92:22:42:e0:80:58:97:fe:7c:01:da:84:b2:97:a0:f4:62:05:
1e:31:ed:ea:47:61:46:ac:02:4b:b0:5f:47:6b:38:f9:20:d7:
68:cb:37:5d:b6:33:cd:7e:ed:cd:16:3e:ba:fc:70:76:f2:a0:
01:1e:fa:98:13:ac:01:8e:fd:d6:b0:87:21:b0:65:07:d0:db:
48:d7:0a:73:e9:22:b1:9b:96:d6:f3:54:0d:cd:f1:b7:37:1f:
3a:27:9f:46:53:df:95:ea:1d:7c:52:0a:1f:f0:7a:40:29:b6:
0d:e3:a4:be:e1:ab:bb:c6:18:3c:1f:fb:46:47:c4:73:e3:b0:
e4:7d:d1:78:9d:f2:24:03:72:ca:e0:12:d9:14:f7:b1:aa:ca:
64:0b:0f:fc:e1:42:99:6b:e8:51:c1:8b:b5:7b:ce:9f:f1:d1:
a6:b2:bb:ca:f0:0e:1f:4f:0b:9c:ab:14:c0:94:b2:85:64:ce:
60:c5:b3:7b:da:4a:aa:4b:a3:fa:dd:4b:af:ac:81:8a:79:50:
09:1c:29:65:96:bc:15:22:e9:bb:07:c1:90:1c:e7:9d:f8:13:
7b:b4:49:10:ae:06:78:9d:24:f3:af:6b:3d:10:67:0c:2f:a6:
4b:92:13:8c
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTUowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEx
NTIzNDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYyNUMxODkwQjA5NDY2
MjI2ODlDNjcwMEMxRDJDRTlFMEUzN0JGRkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9ail11Rg+VC6aAK4TkVpSeFa4YygE/8HUjWuUVG6MKhNY6fp+
V5nvuHsLK+/AUHWQs2laHR3aG8CWcFdXY4JfwUB9b3Q0BsuB2is6koO1masqlW4H
K7PNrysOFpqLrVpVkUxem9pDhfDQwDFvRgeVd1HDRKvojEUZ8C63AaVwy+daPRr8
BCMKN4KaU1jYviLITDtQWEhLbnNA1JMgNllyYeg9oyghOkzRYn14Ur2wu9SvW5J/
KzYH4YCrQnHucPLAgn5CSAzwoHc9fQmYu11LZ0Z6thx7sOKlYyzTsZhFZtdE7DZT
dAx79scQldrHvkEez2xEzUGtXG3Wb4G5jjr/AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUYlwYkLCUZiJonGcAwdLOng43v/wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lsd1lrTENVWmlKb25H
Y0F3ZExPbmc0M3Zfdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEACeeO5YeparGxr4Z0a1rqZrG2kiJC4IBY
l/58AdqEspeg9GIFHjHt6kdhRqwCS7BfR2s4+SDXaMs3XbYzzX7tzRY+uvxwdvKg
AR76mBOsAY791rCHIbBlB9DbSNcKc+kisZuW1vNUDc3xtzcfOiefRlPfleodfFIK
H/B6QCm2DeOkvuGru8YYPB/7RkfEc+Ow5H3ReJ3yJANyyuAS2RT3sarKZAsP/OFC
mWvoUcGLtXvOn/HRprK7yvAOH08LnKsUwJSyhWTOYMWze9pKqkuj+t1Lr6yBinlQ
CRwpZZa8FSLpuwfBkBznnfgTe7RJEK4GeJ0k869rPRBnDC+mS5ITjA==
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:11:19 2025 by rpki-client