Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZnUTvmvmkSSo0lxC0Sl14V_qMmM.roa
File: ZnUTvmvmkSSo0lxC0Sl14V_qMmM.roa (raw, json)
Hash identifier: gVTw5Y33ynac41RgFmwK8Mdv2/mm0VkHgisSWDYtydI=
Subject key identifier: 66:75:13:BE:6B:E6:91:24:A8:D2:5C:42:D1:29:75:E1:5F:EA:32:63
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4F1E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZnUTvmvmkSSo0lxC0Sl14V_qMmM.roa
Signing time: Sat 04 May 2024 01:53:47 +0000
ROA not before: Sat 04 May 2024 01:53:47 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20254 (0x4f1e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 4 01:53:47 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=667513BE6BE69124A8D25C42D12975E15FEA3263
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:93:fd:e1:ae:e5:cc:d2:12:e2:8e:d2:a1:83:
8d:b1:e8:49:c6:93:ad:96:99:42:34:42:40:7c:a7:
79:5c:e7:7c:2f:12:2a:da:6d:d7:7c:fd:8c:ea:fd:
e2:87:6d:a2:f7:8d:e7:bb:a7:10:ad:35:6e:b1:ed:
38:ee:90:50:f7:88:74:6d:34:ed:ee:07:e1:a2:09:
6f:8b:ab:66:2f:00:84:e4:c3:f5:a4:bc:bc:0f:09:
83:c6:52:d6:6e:e6:12:31:ce:74:50:2e:e9:59:a3:
11:43:16:11:73:d8:94:05:bb:5e:45:e7:15:dd:1c:
a9:17:68:86:52:f6:76:e5:c8:12:56:95:a0:75:c8:
62:54:cb:c7:5d:80:16:37:d9:b2:95:0e:19:45:a0:
f4:29:b0:b1:08:9e:75:52:75:7e:fc:0c:30:a9:32:
f2:2d:9d:24:16:e8:2b:c4:7e:bf:73:24:01:5d:e7:
5d:50:a1:c9:e4:e9:63:e9:3a:f4:02:20:a8:2c:be:
53:24:0c:ae:68:6e:0d:5e:20:f8:f4:f6:74:34:9d:
10:af:73:5d:17:ff:6c:40:3a:1e:d9:cc:62:de:96:
78:8c:fb:57:31:7e:b6:7a:84:5b:02:0a:04:70:31:
80:a5:81:48:c4:ad:2d:20:0b:b3:f7:0c:c2:7b:7b:
77:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:75:13:BE:6B:E6:91:24:A8:D2:5C:42:D1:29:75:E1:5F:EA:32:63
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZnUTvmvmkSSo0lxC0Sl14V_qMmM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
52:6b:08:30:2d:47:27:c1:60:13:4e:e8:47:27:e6:22:5e:62:
1b:12:5d:fd:b9:69:6e:2f:e9:9e:dc:e1:9d:e0:6c:19:69:74:
d3:aa:3c:6f:19:53:76:bd:99:cd:fb:67:cd:06:fc:66:81:7f:
55:f1:6c:e3:d9:19:12:69:82:d0:3d:35:67:e2:67:9c:8e:6a:
69:b2:af:8b:83:ed:0b:9d:b5:22:e0:1a:87:a3:e4:57:3b:7e:
c3:9c:58:30:db:e1:83:8e:17:11:7f:b0:aa:6a:9e:33:3d:1b:
69:b9:0f:d9:16:e8:88:69:e9:bf:7d:e8:37:d3:25:03:3a:a4:
02:a9:d2:83:a3:2c:c2:51:c6:84:ce:8f:01:7c:73:24:d3:53:
ce:09:92:eb:8e:b5:fa:64:05:64:d5:83:ed:dd:dd:78:3e:86:
e1:7d:c1:64:99:4b:de:d7:9a:84:3e:d6:ff:02:47:a5:73:e7:
d9:9d:43:b0:df:b2:e7:e9:33:b4:d6:e7:88:30:4f:f0:52:b4:
31:70:a0:c2:47:9e:ee:9b:b4:88:c0:0b:7e:1b:08:d2:f0:29:
5f:f1:fc:0e:a0:32:96:f2:7c:36:de:ed:c2:b2:38:bb:b0:5c:
26:6e:f1:b9:53:3b:e2:76:31:bc:07:3d:f7:45:8f:1d:28:f8:
7d:b4:a3:18
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTx4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDQw
MTUzNDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY2NzUxM0JFNkJFNjkx
MjRBOEQyNUM0MkQxMjk3NUUxNUZFQTMyNjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCck/3hruXM0hLijtKhg42x6EnGk62WmUI0QkB8p3lc53wvEira
bdd8/Yzq/eKHbaL3jee7pxCtNW6x7TjukFD3iHRtNO3uB+GiCW+Lq2YvAITkw/Wk
vLwPCYPGUtZu5hIxznRQLulZoxFDFhFz2JQFu15F5xXdHKkXaIZS9nblyBJWlaB1
yGJUy8ddgBY32bKVDhlFoPQpsLEInnVSdX78DDCpMvItnSQW6CvEfr9zJAFd511Q
ocnk6WPpOvQCIKgsvlMkDK5obg1eIPj09nQ0nRCvc10X/2xAOh7ZzGLelniM+1cx
frZ6hFsCCgRwMYClgUjErS0gC7P3DMJ7e3ehAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUZnUTvmvmkSSo0lxC0Sl14V/qMmMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1puVVR2bXZta1NTbzBs
eEMwU2wxNFZfcU1tTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAUmsIMC1HJ8FgE07oRyfmIl5iGxJd/blp
bi/pntzhneBsGWl006o8bxlTdr2ZzftnzQb8ZoF/VfFs49kZEmmC0D01Z+JnnI5q
abKvi4PtC521IuAah6PkVzt+w5xYMNvhg44XEX+wqmqeMz0babkP2RboiGnpv33o
N9MlAzqkAqnSg6MswlHGhM6PAXxzJNNTzgmS6461+mQFZNWD7d3deD6G4X3BZJlL
3teahD7W/wJHpXPn2Z1DsN+y5+kztNbniDBP8FK0MXCgwkee7pu0iMALfhsI0vAp
X/H8DqAylvJ8Nt7twrI4u7BcJm7xuVM74nYxvAc990WPHSj4fbSjGA==
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:26:00 2025 by rpki-client