Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_Ev9brcRIspdexCAcSkcSy5dGoo.roa
File: _Ev9brcRIspdexCAcSkcSy5dGoo.roa (raw, json)
Hash identifier: E8DxtRArOKzNG4iaTDUefEkdhU0eCyYdevd+BYvHsc8=
Subject key identifier: FC:4B:FD:6E:B7:11:22:CA:5D:7B:10:80:71:29:1C:4B:2E:5D:1A:8A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 477E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_Ev9brcRIspdexCAcSkcSy5dGoo.roa
Signing time: Tue 23 Apr 2024 21:53:14 +0000
ROA not before: Tue 23 Apr 2024 21:53:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18302 (0x477e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 23 21:53:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FC4BFD6EB71122CA5D7B108071291C4B2E5D1A8A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:00:d2:c1:41:eb:dc:ab:cd:45:ac:03:3f:91:
4d:58:20:fb:0d:0e:af:2b:7d:32:3f:2c:cd:38:0f:
3d:44:bb:80:61:d2:c9:0f:5e:ba:00:55:33:d8:ec:
fd:7e:f3:dc:28:be:00:ca:dc:b3:20:07:2d:8c:35:
b8:dd:c4:ae:d1:c5:9c:01:39:ea:51:06:bb:f4:1b:
8c:1e:76:4e:4a:f1:e2:d2:3c:77:68:ef:f6:50:3f:
86:f8:f8:06:f7:aa:7c:00:69:7e:01:e7:ff:ad:c3:
0e:50:91:c7:70:1d:9d:68:31:58:52:6d:1e:91:e2:
0a:98:af:30:ad:52:b4:6b:5b:84:e7:3f:46:ff:2a:
20:32:2c:23:23:7d:83:f3:b4:bc:22:03:67:7d:2f:
f2:c8:4a:0a:3c:20:ee:27:23:66:ba:3c:6f:d3:54:
33:1f:de:e5:00:d8:17:f8:bc:a0:e5:8e:9e:7a:ca:
e9:9e:2f:31:f5:d9:6d:3c:31:c5:06:d0:5b:18:1f:
8d:61:8d:eb:a2:eb:2f:9a:e0:47:a2:fc:67:aa:9f:
b9:29:0c:a1:b8:82:57:6f:8e:0c:ce:4b:f2:32:c5:
df:e2:10:f4:f3:9c:9b:9d:b7:1a:f1:ae:5e:55:1b:
5c:7f:9e:71:b5:20:b8:80:2d:5f:a4:a4:ba:2c:3a:
fd:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:4B:FD:6E:B7:11:22:CA:5D:7B:10:80:71:29:1C:4B:2E:5D:1A:8A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_Ev9brcRIspdexCAcSkcSy5dGoo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3f:59:ce:6c:02:30:cb:cd:dc:4b:97:b2:3a:87:7e:b1:70:23:
c6:99:09:95:fb:e2:1f:1f:76:09:41:05:d9:e0:c2:e3:4c:a8:
94:77:2c:cc:9c:e6:3e:be:2a:f9:51:5f:1d:37:f6:a6:c4:f5:
60:c1:a2:fb:01:95:52:bd:6c:30:97:f7:3f:e0:6f:99:59:48:
25:af:22:80:b6:73:64:24:99:e7:8b:ec:42:5f:c9:eb:e7:f0:
78:a7:6c:88:8e:d2:0a:d4:ef:f5:86:a9:ba:df:f1:d5:08:fd:
83:ce:47:09:9e:6d:fc:64:80:ad:cd:ca:d9:64:9c:d8:64:e8:
56:b9:11:d2:2d:f6:ef:59:89:75:01:c4:9b:0b:02:6f:b5:5e:
85:66:e4:30:ef:f5:dd:8a:e6:8d:27:35:fe:d5:1f:ff:b9:b6:
77:41:d9:4d:08:a1:a7:bb:cc:59:a1:95:9d:39:2e:3b:81:46:
cd:d4:31:36:a6:98:ce:f7:04:33:09:99:15:87:63:3e:28:de:
c4:45:b9:38:82:0d:77:82:cd:7c:73:d6:44:b3:68:0c:70:cb:
a8:b7:9d:29:23:41:02:06:36:c5:21:18:75:ca:ea:9f:36:f6:
dc:6d:40:6e:29:9e:0d:38:fe:53:c2:6d:87:e8:b5:1a:b0:a8:
a8:58:05:f7
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICR34wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjMy
MTUzMTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZDNEJGRDZFQjcxMTIy
Q0E1RDdCMTA4MDcxMjkxQzRCMkU1RDFBOEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCyANLBQevcq81FrAM/kU1YIPsNDq8rfTI/LM04Dz1Eu4Bh0skP
XroAVTPY7P1+89wovgDK3LMgBy2MNbjdxK7RxZwBOepRBrv0G4wedk5K8eLSPHdo
7/ZQP4b4+Ab3qnwAaX4B5/+tww5QkcdwHZ1oMVhSbR6R4gqYrzCtUrRrW4TnP0b/
KiAyLCMjfYPztLwiA2d9L/LISgo8IO4nI2a6PG/TVDMf3uUA2Bf4vKDljp56yume
LzH12W08McUG0FsYH41hjeui6y+a4Eei/Geqn7kpDKG4gldvjgzOS/Iyxd/iEPTz
nJudtxrxrl5VG1x/nnG1ILiALV+kpLosOv3LAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU/Ev9brcRIspdexCAcSkcSy5dGoowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19FdjlicmNSSXNwZGV4
Q0FjU2tjU3k1ZEdvby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAP1nObAIwy83cS5eyOod+sXAjxpkJlfvi
Hx92CUEF2eDC40yolHcszJzmPr4q+VFfHTf2psT1YMGi+wGVUr1sMJf3P+BvmVlI
Ja8igLZzZCSZ54vsQl/J6+fweKdsiI7SCtTv9Yaput/x1Qj9g85HCZ5t/GSArc3K
2WSc2GToVrkR0i3271mJdQHEmwsCb7VehWbkMO/13YrmjSc1/tUf/7m2d0HZTQih
p7vMWaGVnTkuO4FGzdQxNqaYzvcEMwmZFYdjPijexEW5OIINd4LNfHPWRLNoDHDL
qLedKSNBAgY2xSEYdcrqnzb23G1AbimeDTj+U8Jth+i1GrCoqFgF9w==
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:24:30 2025 by rpki-client