Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Yp5bJeiG5I9-Fmb9slaWdoZahDs.roa
File: Yp5bJeiG5I9-Fmb9slaWdoZahDs.roa (raw, json)
Hash identifier: 7mzGEGIQ5rB0m9tCkLPhVpIKwbBt2p1ei6o8Afj/ikw=
Subject key identifier: 62:9E:5B:25:E8:86:E4:8F:7E:16:66:FD:B2:56:96:76:86:5A:84:3B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 555A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Yp5bJeiG5I9-Fmb9slaWdoZahDs.roa
Signing time: Sun 12 May 2024 09:24:03 +0000
ROA not before: Sun 12 May 2024 09:24:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21850 (0x555a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 09:24:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=629E5B25E886E48F7E1666FDB2569676865A843B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:f6:88:2d:b6:28:04:1b:58:2d:11:d1:d2:91:
23:f3:09:79:66:64:90:14:6a:09:05:c3:fb:8a:5b:
b5:4a:3d:59:e2:ea:09:6c:8e:dd:ba:e5:ef:4b:c5:
de:53:38:24:22:07:a1:48:2c:b7:ba:8c:6c:0d:1d:
06:26:d8:14:bb:06:e6:54:d2:15:d7:46:a8:9a:90:
bf:13:d7:0e:a0:b9:72:f6:2b:10:7d:65:bf:b5:60:
48:ec:77:8a:54:e6:6c:bb:97:bd:c8:9c:9c:f5:7b:
4c:81:a4:55:6a:88:1d:87:98:0f:67:8a:0b:56:b2:
77:9f:db:c8:48:44:81:51:d1:c1:cb:31:84:bc:33:
18:d6:1e:1d:dc:65:ba:01:0b:ec:10:c5:ec:93:23:
96:68:28:c4:d1:79:87:d9:78:13:75:4d:ae:ed:bc:
5f:95:27:2c:2e:75:35:07:35:ca:ea:e9:f9:6e:6c:
87:79:9f:60:05:58:64:43:37:5e:49:76:f3:40:3b:
8e:67:8a:a4:1a:9e:3b:62:6e:9c:e2:3d:b0:aa:3b:
1d:0d:21:6d:07:93:07:ec:6f:aa:df:64:44:ab:8b:
b8:d8:95:af:b0:8c:b6:0d:0b:2d:c4:0c:7b:33:83:
49:ca:51:c5:d6:ad:80:0c:03:06:bf:db:bb:f3:54:
8b:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:9E:5B:25:E8:86:E4:8F:7E:16:66:FD:B2:56:96:76:86:5A:84:3B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Yp5bJeiG5I9-Fmb9slaWdoZahDs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6b:59:bb:32:a8:8e:ff:bf:25:1a:dd:1e:07:29:e6:d8:2f:3b:
37:53:79:d9:b6:91:f8:00:d3:38:d4:b4:9f:0f:80:c3:3c:f3:
b4:d5:02:ae:43:1c:5f:0e:ed:ff:90:50:42:de:c4:72:7f:ce:
8e:74:9e:e6:e9:a5:91:6f:c0:07:19:28:2b:47:e0:aa:96:8d:
10:ce:70:29:91:ea:69:d9:ce:e2:32:f9:63:ca:29:da:5c:4d:
44:93:1e:f8:bd:1c:0f:48:8b:02:0b:65:d9:9b:94:44:49:40:
a9:4e:0a:77:9b:0c:20:9c:c1:00:d0:84:2d:04:1a:c0:6d:16:
be:3e:59:fe:5c:43:0f:7e:6c:0f:31:8f:f4:fb:47:fd:3d:01:
4f:c1:5f:85:60:e4:6b:1c:f6:ea:81:35:8f:6b:6e:0a:b0:ff:
60:3a:d6:4b:84:9b:e0:44:bb:89:60:8b:73:64:80:05:2a:8a:
17:a9:ab:5f:f0:19:4e:0d:d5:d7:26:ff:16:9b:88:c7:86:a6:
20:c2:99:cd:89:bf:f5:39:de:1d:7a:60:71:22:35:8b:7f:c2:
ab:35:e9:50:6f:37:ba:61:ed:eb:e9:be:15:a2:9e:1d:9f:4b:
05:e7:5c:1c:c4:59:00:59:b3:a8:78:18:c6:77:88:c8:b2:70:
3f:04:16:61
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVVowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIw
OTI0MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYyOUU1QjI1RTg4NkU0
OEY3RTE2NjZGREIyNTY5Njc2ODY1QTg0M0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDM9ogttigEG1gtEdHSkSPzCXlmZJAUagkFw/uKW7VKPVni6gls
jt265e9Lxd5TOCQiB6FILLe6jGwNHQYm2BS7BuZU0hXXRqiakL8T1w6guXL2KxB9
Zb+1YEjsd4pU5my7l73InJz1e0yBpFVqiB2HmA9nigtWsnef28hIRIFR0cHLMYS8
MxjWHh3cZboBC+wQxeyTI5ZoKMTReYfZeBN1Ta7tvF+VJywudTUHNcrq6flubId5
n2AFWGRDN15JdvNAO45niqQanjtibpziPbCqOx0NIW0Hkwfsb6rfZESri7jYla+w
jLYNCy3EDHszg0nKUcXWrYAMAwa/27vzVIt/AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUYp5bJeiG5I9+Fmb9slaWdoZahDswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lwNWJKZWlHNUk5LUZt
YjlzbGFXZG9aYWhEcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAa1m7MqiO/78lGt0eBynm2C87N1N52baR
+ADTONS0nw+AwzzztNUCrkMcXw7t/5BQQt7Ecn/OjnSe5umlkW/ABxkoK0fgqpaN
EM5wKZHqadnO4jL5Y8op2lxNRJMe+L0cD0iLAgtl2ZuURElAqU4Kd5sMIJzBANCE
LQQawG0Wvj5Z/lxDD35sDzGP9PtH/T0BT8FfhWDkaxz26oE1j2tuCrD/YDrWS4Sb
4ES7iWCLc2SABSqKF6mrX/AZTg3V1yb/FpuIx4amIMKZzYm/9TneHXpgcSI1i3/C
qzXpUG83umHt6+m+FaKeHZ9LBedcHMRZAFmzqHgYxneIyLJwPwQWYQ==
-----END CERTIFICATE-----
Generated at Sat Jun 21 20:05:02 2025 by rpki-client