Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dO2gJECwYzMHd7LMyE1rcMEBYW8.roa
File: dO2gJECwYzMHd7LMyE1rcMEBYW8.roa (raw, json)
Hash identifier: mFCbdARRjIoYs4GhCmxd/OcthqBx8W3fOS9MxoH7D/s=
Subject key identifier: 74:ED:A0:24:40:B0:63:33:07:77:B2:CC:C8:4D:6B:70:C1:01:61:6F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 413A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dO2gJECwYzMHd7LMyE1rcMEBYW8.roa
Signing time: Mon 15 Apr 2024 13:22:54 +0000
ROA not before: Mon 15 Apr 2024 13:22:54 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16698 (0x413a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 13:22:54 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=74EDA02440B063330777B2CCC84D6B70C101616F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:9d:ed:93:ce:c1:2e:fb:2b:67:7f:5b:4e:c0:
15:cf:58:70:33:7e:b7:79:f6:92:de:ed:0c:8d:b2:
41:51:45:2f:5b:22:43:eb:15:85:de:9d:49:f9:e2:
1c:37:39:cb:e6:44:8b:14:a5:ac:64:f0:8a:34:26:
38:5d:02:c2:b7:59:e6:17:f1:6b:5f:58:40:46:94:
46:75:16:18:0f:fd:37:05:30:2e:ba:da:e8:b6:37:
8d:a2:54:b7:9c:86:ac:bf:df:14:9e:a4:fb:f0:f0:
5d:f3:3b:33:57:43:04:6d:73:d1:c2:70:04:b4:a8:
c4:89:0d:6f:a1:5e:4c:a5:e6:6f:b5:7e:4d:e2:00:
ac:5b:bf:2d:84:09:18:cf:43:72:13:ff:74:bb:e6:
51:95:50:bb:39:b3:ec:d2:88:d2:79:90:82:c1:b8:
bd:c1:33:78:23:a5:10:7e:81:01:e4:72:a4:d3:c7:
5e:a1:1c:d6:0b:00:0e:7c:40:f5:94:35:7d:83:bd:
10:42:e6:26:82:8b:59:42:4c:1a:3f:11:92:f6:cc:
57:b8:89:80:e4:96:70:5a:6d:8a:ed:f7:db:d0:d4:
cc:f1:64:b1:fc:31:32:9f:b0:b9:91:59:d8:aa:3d:
dd:29:4c:85:66:84:3a:d5:e4:b5:ea:b8:7b:a6:4c:
d8:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:ED:A0:24:40:B0:63:33:07:77:B2:CC:C8:4D:6B:70:C1:01:61:6F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dO2gJECwYzMHd7LMyE1rcMEBYW8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
af:02:25:58:23:79:00:cd:82:f5:7f:ac:12:bc:60:ea:73:69:
2a:be:90:ea:d1:cf:ea:24:8f:44:2e:6f:e1:8b:b8:0b:a4:6a:
34:7b:2d:55:67:b4:01:32:c3:d9:09:a7:36:5c:34:e6:50:5a:
cf:5e:8d:9b:29:84:4b:ac:3b:28:ba:0d:79:fc:71:ad:ac:e7:
d2:e5:30:9f:c8:26:fe:37:b0:ca:13:0e:40:49:25:db:2e:05:
a4:1b:f5:20:71:3a:64:f2:db:bc:ba:28:20:96:f4:06:59:56:
51:20:01:b6:b4:1c:d7:f0:5c:d4:0e:0b:55:34:a2:79:dc:d1:
82:82:a3:d0:dc:53:cc:b7:de:45:4b:3e:a6:94:b3:66:93:e6:
08:2f:f1:98:76:75:f8:68:f4:76:ce:6f:d9:30:7c:4a:92:09:
62:b7:3a:c6:b7:a3:a6:f7:5e:d9:41:46:ad:9f:bc:b1:67:07:
c3:1f:96:7b:b8:8c:51:ed:01:13:23:3b:e5:ed:a1:b4:56:7a:
14:41:a7:76:40:3c:67:0b:e3:8e:5f:08:89:8d:c6:26:2b:f9:
45:a1:ed:36:0e:ec:86:8c:8f:a6:b6:db:57:1b:cc:b6:db:50:
c3:44:c0:90:e4:1b:e6:e9:5f:73:98:37:f3:ab:00:26:79:cc:
30:39:71:c9
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQTowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
MzIyNTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc0RURBMDI0NDBCMDYz
MzMwNzc3QjJDQ0M4NEQ2QjcwQzEwMTYxNkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCTne2TzsEu+ytnf1tOwBXPWHAzfrd59pLe7QyNskFRRS9bIkPr
FYXenUn54hw3OcvmRIsUpaxk8Io0JjhdAsK3WeYX8WtfWEBGlEZ1FhgP/TcFMC66
2ui2N42iVLechqy/3xSepPvw8F3zOzNXQwRtc9HCcAS0qMSJDW+hXkyl5m+1fk3i
AKxbvy2ECRjPQ3IT/3S75lGVULs5s+zSiNJ5kILBuL3BM3gjpRB+gQHkcqTTx16h
HNYLAA58QPWUNX2DvRBC5iaCi1lCTBo/EZL2zFe4iYDklnBabYrt99vQ1MzxZLH8
MTKfsLmRWdiqPd0pTIVmhDrV5LXquHumTNgVAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUdO2gJECwYzMHd7LMyE1rcMEBYW8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RPMmdKRUN3WXpNSGQ3
TE15RTFyY01FQllXOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEArwIlWCN5AM2C9X+sErxg6nNpKr6Q6tHP
6iSPRC5v4Yu4C6RqNHstVWe0ATLD2QmnNlw05lBaz16NmymES6w7KLoNefxxrazn
0uUwn8gm/jewyhMOQEkl2y4FpBv1IHE6ZPLbvLooIJb0BllWUSABtrQc1/Bc1A4L
VTSiedzRgoKj0NxTzLfeRUs+ppSzZpPmCC/xmHZ1+Gj0ds5v2TB8SpIJYrc6xrej
pvde2UFGrZ+8sWcHwx+We7iMUe0BEyM75e2htFZ6FEGndkA8Zwvjjl8IiY3GJiv5
RaHtNg7shoyPprbbVxvMtttQw0TAkOQb5ulfc5g386sAJnnMMDlxyQ==
-----END CERTIFICATE-----
Generated at Sat Jun 21 17:56:48 2025 by rpki-client