Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dUASvV0DxbQDWu_J6sTcHglWj7M.roa
File: dUASvV0DxbQDWu_J6sTcHglWj7M.roa (raw, json)
Hash identifier: 7gh19sMcbPqs/a7fHxnX9yeCvTQV8/cplHbH/72idPo=
Subject key identifier: 75:40:12:BD:5D:03:C5:B4:03:5A:EF:C9:EA:C4:DC:1E:09:56:8F:B3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 418A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dUASvV0DxbQDWu_J6sTcHglWj7M.roa
Signing time: Mon 15 Apr 2024 23:22:54 +0000
ROA not before: Mon 15 Apr 2024 23:22:54 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16778 (0x418a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 23:22:54 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=754012BD5D03C5B4035AEFC9EAC4DC1E09568FB3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:86:c3:d3:d2:78:84:e7:6f:fc:1f:cc:0b:28:
d6:29:0e:22:d0:31:e0:97:33:d6:d0:a8:7d:04:37:
2b:e5:86:01:56:44:4e:0c:21:6f:af:da:a7:bd:18:
f3:b2:60:f0:63:12:f3:fb:03:8c:da:f7:10:2c:01:
80:cd:4d:ec:58:bb:37:1d:cd:02:41:d8:ca:87:1d:
30:e3:74:fb:40:99:0d:75:c9:a3:f0:42:84:28:67:
2a:c7:2f:3c:72:a9:2a:6f:b0:b6:39:69:7f:eb:d4:
85:cb:a6:f8:7f:f6:d3:c5:0e:d7:50:ce:29:e3:0d:
f1:c5:79:28:eb:30:1e:b8:b4:77:cf:da:b7:7b:14:
d9:3d:c0:e2:8c:ab:40:42:bf:93:ae:8a:77:32:87:
96:ac:5c:09:59:c4:93:a2:79:6d:1f:3f:df:8b:e7:
ea:83:6a:b3:6c:19:bc:22:23:86:c4:8c:a5:75:a2:
82:f2:b5:f8:63:05:f9:d2:57:af:07:05:6e:e0:f8:
a7:c8:2c:47:80:f8:aa:ee:0d:51:1e:59:53:84:dc:
1a:0b:d7:99:30:e8:2c:03:88:55:d8:a0:0d:d8:2c:
3d:9c:08:38:b4:c9:98:66:82:91:ae:d8:a3:33:a8:
ef:2f:4b:2d:ca:be:43:13:1e:9f:be:d5:e7:67:22:
aa:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:40:12:BD:5D:03:C5:B4:03:5A:EF:C9:EA:C4:DC:1E:09:56:8F:B3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dUASvV0DxbQDWu_J6sTcHglWj7M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
02:82:a4:ef:f7:c9:32:7c:56:4a:2c:bd:a3:95:2f:b0:09:01:
8d:d1:3b:d7:c9:cd:a7:b1:f0:d3:3e:a3:33:59:ce:c9:2c:de:
d0:97:49:09:b2:34:bd:e6:9c:9c:b4:51:fd:dd:a4:ed:00:ce:
f9:56:7d:da:1a:a8:d0:bf:8b:7f:39:24:50:80:50:2d:46:00:
c4:12:cc:ab:1c:3c:9f:0a:3e:8e:af:c4:c4:5a:b6:df:fa:6a:
bc:0d:60:18:99:4c:bc:ca:95:b1:89:f9:1b:5f:be:67:63:76:
92:62:54:34:c8:8b:09:82:af:bc:18:5d:65:8b:41:28:39:54:
b1:13:c5:46:2f:17:e5:cf:1e:d1:c9:cb:6d:66:3f:c9:a2:cb:
79:97:b6:a7:6d:ed:4f:a4:e7:65:c6:ac:16:bd:5a:f9:bc:5d:
d4:98:74:a6:35:a5:78:88:04:bf:a4:ad:52:65:d3:65:44:bd:
87:7e:3e:82:11:6c:6a:c2:56:72:17:b2:0f:9d:8c:ec:b0:e1:
09:bb:0c:78:01:6b:d4:26:21:39:4a:9c:f2:d2:ce:02:c6:5d:
6d:0a:bf:a5:4e:33:1e:8b:bc:d6:a2:53:7e:eb:ed:02:79:7b:
eb:23:fd:0b:73:1d:0e:02:3d:16:5f:4a:16:31:12:95:bc:93:
d4:e2:c2:2b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQYowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUy
MzIyNTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc1NDAxMkJENUQwM0M1
QjQwMzVBRUZDOUVBQzREQzFFMDk1NjhGQjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWhsPT0niE52/8H8wLKNYpDiLQMeCXM9bQqH0ENyvlhgFWRE4M
IW+v2qe9GPOyYPBjEvP7A4za9xAsAYDNTexYuzcdzQJB2MqHHTDjdPtAmQ11yaPw
QoQoZyrHLzxyqSpvsLY5aX/r1IXLpvh/9tPFDtdQzinjDfHFeSjrMB64tHfP2rd7
FNk9wOKMq0BCv5Ouincyh5asXAlZxJOieW0fP9+L5+qDarNsGbwiI4bEjKV1ooLy
tfhjBfnSV68HBW7g+KfILEeA+KruDVEeWVOE3BoL15kw6CwDiFXYoA3YLD2cCDi0
yZhmgpGu2KMzqO8vSy3KvkMTHp++1ednIqphAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUdUASvV0DxbQDWu/J6sTcHglWj7MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RVQVN2VjBEeGJRRFd1
X0o2c1RjSGdsV2o3TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAAoKk7/fJMnxWSiy9o5UvsAkBjdE718nN
p7Hw0z6jM1nOySze0JdJCbI0veacnLRR/d2k7QDO+VZ92hqo0L+LfzkkUIBQLUYA
xBLMqxw8nwo+jq/ExFq23/pqvA1gGJlMvMqVsYn5G1++Z2N2kmJUNMiLCYKvvBhd
ZYtBKDlUsRPFRi8X5c8e0cnLbWY/yaLLeZe2p23tT6TnZcasFr1a+bxd1Jh0pjWl
eIgEv6StUmXTZUS9h34+ghFsasJWcheyD52M7LDhCbsMeAFr1CYhOUqc8tLOAsZd
bQq/pU4zHou81qJTfuvtAnl76yP9C3MdDgI9Fl9KFjESlbyT1OLCKw==
-----END CERTIFICATE-----
Generated at Sat Jun 21 20:03:32 2025 by rpki-client