Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dE54LFgvfFAlV_47lUMr6ZqZfuY.roa
File: dE54LFgvfFAlV_47lUMr6ZqZfuY.roa (raw, json)
Hash identifier: 2PwnJkE6HvX0XuG7LCOOMITNw/I2JCmVYJnqoxo2BP8=
Subject key identifier: 74:4E:78:2C:58:2F:7C:50:25:57:FE:3B:95:43:2B:E9:9A:99:7E:E6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 409E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dE54LFgvfFAlV_47lUMr6ZqZfuY.roa
Signing time: Sun 14 Apr 2024 17:52:54 +0000
ROA not before: Sun 14 Apr 2024 17:52:54 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16542 (0x409e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 17:52:54 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=744E782C582F7C502557FE3B95432BE99A997EE6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:d3:00:92:d7:ba:33:a5:76:1f:14:33:43:2a:
27:8e:17:f5:4d:ff:10:8e:43:eb:af:fa:70:27:42:
f8:ed:9e:29:ab:f1:c6:29:4b:3e:b7:9a:64:55:70:
6c:93:7e:87:d5:89:13:91:35:fc:39:85:db:28:22:
bb:8a:40:ab:6c:83:15:e3:0f:6c:f6:e8:93:76:0f:
a2:80:22:32:4b:f4:67:fd:f9:0c:e4:75:71:10:38:
23:85:66:2d:14:dc:e2:a1:97:7f:b8:ba:aa:0a:8f:
0d:9b:24:2f:ae:cf:26:a5:d4:5c:67:ba:b0:36:b1:
cb:3c:dc:e7:e1:53:84:22:cf:c7:46:3b:09:0a:c6:
ce:7f:66:99:20:f1:3b:b1:2a:55:5a:34:00:31:45:
65:8d:34:1a:e2:42:08:11:5d:6a:5a:52:13:94:fc:
9b:c3:11:96:c4:6e:fe:0f:f5:d9:11:31:17:b4:2f:
89:29:86:26:44:92:56:97:60:a7:a5:9e:e9:38:8c:
8f:35:61:2a:d3:22:91:d8:17:eb:dd:13:f5:e5:5d:
f5:62:ee:4f:b3:ea:84:43:7e:74:0d:23:6a:c5:e2:
c1:73:35:23:3c:f5:73:95:b6:0c:c4:68:85:cb:91:
82:a8:fe:4a:d6:34:f5:07:17:e5:27:9e:95:d1:47:
e7:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:4E:78:2C:58:2F:7C:50:25:57:FE:3B:95:43:2B:E9:9A:99:7E:E6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dE54LFgvfFAlV_47lUMr6ZqZfuY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4f:d4:c3:85:29:c9:db:bf:a0:00:21:cb:b3:d2:6a:2f:48:6a:
a6:9f:c8:c9:0e:ab:dc:ab:1e:f9:3e:a6:f2:14:f2:db:7a:7f:
b5:90:dd:21:13:62:a4:33:b4:ba:0c:e8:95:8a:61:a8:cb:39:
45:09:81:70:4d:51:33:f1:27:87:f8:a4:e7:11:fd:4f:63:e8:
d2:e3:97:17:5c:31:bc:c3:94:4f:b2:eb:1f:0f:b0:30:8f:48:
b0:40:0d:ae:3d:5c:15:05:b6:29:13:dd:7a:38:56:76:bc:cf:
bf:81:ae:11:31:35:8e:9d:bb:a8:60:53:5a:a1:26:7f:55:b8:
69:d4:7c:b7:2e:ff:63:45:ca:25:85:8a:61:21:10:17:81:1e:
72:30:8a:0d:06:3c:8e:d3:f8:2f:e3:c0:01:52:f6:89:cf:bc:
93:e6:f0:c1:ae:c3:69:0f:8e:9f:eb:3a:a1:c2:90:12:c3:e3:
3e:ff:ee:2f:9c:1a:1e:b2:be:d0:11:9b:b9:96:bc:bb:51:5f:
bd:34:7e:db:ec:ab:8b:e3:7a:8f:57:8a:b4:eb:2e:c9:38:56:
49:34:e7:a0:b2:6d:f3:78:f1:fd:73:92:2c:a4:6b:72:b7:7c:
71:34:32:e8:7b:9d:cb:62:f2:2f:03:07:82:34:ff:d5:1b:7a:
07:f4:3c:df
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQJ4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQx
NzUyNTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc0NEU3ODJDNTgyRjdD
NTAyNTU3RkUzQjk1NDMyQkU5OUE5OTdFRTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCt0wCS17ozpXYfFDNDKieOF/VN/xCOQ+uv+nAnQvjtnimr8cYp
Sz63mmRVcGyTfofViRORNfw5hdsoIruKQKtsgxXjD2z26JN2D6KAIjJL9Gf9+Qzk
dXEQOCOFZi0U3OKhl3+4uqoKjw2bJC+uzyal1FxnurA2scs83OfhU4Qiz8dGOwkK
xs5/Zpkg8TuxKlVaNAAxRWWNNBriQggRXWpaUhOU/JvDEZbEbv4P9dkRMRe0L4kp
hiZEklaXYKelnuk4jI81YSrTIpHYF+vdE/XlXfVi7k+z6oRDfnQNI2rF4sFzNSM8
9XOVtgzEaIXLkYKo/krWNPUHF+UnnpXRR+fZAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUdE54LFgvfFAlV/47lUMr6ZqZfuYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RFNTRMRmd2ZkZBbFZf
NDdsVU1yNlpxWmZ1WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAT9TDhSnJ27+gACHLs9JqL0hqpp/IyQ6r
3Kse+T6m8hTy23p/tZDdIRNipDO0ugzolYphqMs5RQmBcE1RM/Enh/ik5xH9T2Po
0uOXF1wxvMOUT7LrHw+wMI9IsEANrj1cFQW2KRPdejhWdrzPv4GuETE1jp27qGBT
WqEmf1W4adR8ty7/Y0XKJYWKYSEQF4EecjCKDQY8jtP4L+PAAVL2ic+8k+bwwa7D
aQ+On+s6ocKQEsPjPv/uL5waHrK+0BGbuZa8u1FfvTR+2+yri+N6j1eKtOsuyThW
STTnoLJt83jx/XOSLKRrcrd8cTQy6Hudy2LyLwMHgjT/1Rt6B/Q83w==
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:54:48 2025 by rpki-client