Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fOlKqLrwK5aFQWRxKV3c4PaRxZc.roa
File: fOlKqLrwK5aFQWRxKV3c4PaRxZc.roa (raw, json)
Hash identifier: ua4OczFuY8h4jPBJOQQ0LFpTnELfSf6I0nhgZ5LZPSQ=
Subject key identifier: 7C:E9:4A:A8:BA:F0:2B:96:85:41:64:71:29:5D:DC:E0:F6:91:C5:97
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 553A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fOlKqLrwK5aFQWRxKV3c4PaRxZc.roa
Signing time: Sun 12 May 2024 05:24:04 +0000
ROA not before: Sun 12 May 2024 05:24:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21818 (0x553a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 05:24:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7CE94AA8BAF02B9685416471295DDCE0F691C597
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:6a:81:9e:77:68:92:e7:c7:9c:09:c4:1b:63:
d2:e0:26:80:3e:27:b9:e7:80:a3:7b:73:40:74:46:
29:1d:2a:11:b6:58:27:5c:f5:66:4e:ce:ac:29:0f:
60:d2:51:35:d9:22:9e:a4:65:51:ed:6b:d9:a0:48:
7b:0a:26:bc:32:24:12:de:fa:6a:b5:c2:59:d7:da:
5c:e5:0c:66:52:3c:e0:c0:e0:f1:96:be:73:fa:6e:
ad:b6:18:a1:32:42:1b:a8:62:3b:9b:f1:13:15:87:
5e:9a:cd:8b:c6:9a:7c:68:62:fa:4c:40:80:a0:1f:
c9:b9:8d:c0:5d:e1:c2:e0:39:11:67:f9:43:70:30:
5e:f5:eb:11:15:56:b5:82:11:11:98:71:f8:5c:8f:
13:98:42:72:52:3a:dd:15:c1:2f:f7:19:f0:b1:9d:
55:17:78:19:bc:4d:91:2c:9a:0a:35:e6:64:fe:3a:
4b:93:15:b0:ba:62:74:dc:88:c0:6f:f3:30:6c:10:
6e:3b:b2:53:ae:53:2a:15:6b:56:59:aa:b5:8b:74:
cd:75:77:77:b6:6a:f3:75:f5:45:16:56:35:fc:a9:
3c:ca:ad:94:f1:31:9d:e2:07:d9:ee:ea:1a:4f:68:
ff:c0:7b:2f:66:fa:50:3c:d0:0c:99:0c:be:83:8c:
0d:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:E9:4A:A8:BA:F0:2B:96:85:41:64:71:29:5D:DC:E0:F6:91:C5:97
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fOlKqLrwK5aFQWRxKV3c4PaRxZc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
92:d8:0c:6b:21:59:c1:51:c4:cf:7f:63:8f:01:97:8a:68:b8:
f7:d9:c7:e2:20:cb:e5:71:7e:52:1f:02:9f:72:bf:b0:45:c5:
65:a0:67:23:1c:5c:1e:99:1a:26:fa:f0:23:29:36:b6:f7:28:
60:71:7e:61:92:f5:5e:d2:ba:b3:fa:5e:99:28:10:0c:0d:ce:
33:6a:f5:df:4e:fd:99:16:28:a8:6c:db:ce:29:72:8c:ca:0f:
eb:57:89:35:73:33:29:1b:84:f2:e9:aa:9f:7b:45:4e:51:22:
df:ea:e5:82:e5:4c:c1:8d:67:94:20:f9:8e:60:2c:7b:0d:6d:
07:b0:a1:87:6a:ad:69:b3:21:28:1b:dc:b3:30:d0:d8:61:a7:
0b:da:a1:5d:62:fc:5e:07:17:a2:24:ce:38:51:b5:b8:75:ef:
8c:06:ec:a9:bd:a3:53:91:3d:ce:a5:66:bd:12:c7:34:c4:6c:
40:53:da:9f:20:be:33:be:c2:1d:f5:44:5c:98:25:3e:ca:20:
58:28:c4:43:10:2a:5d:be:9a:e0:73:89:54:ac:62:12:ee:b8:
79:a8:18:f9:14:e8:e7:e9:2f:b8:1f:32:cf:18:0a:ab:f2:b4:
6e:a2:ff:9f:85:d5:b4:72:50:1f:42:46:fb:c0:a8:34:92:e8:
0b:17:7e:7f
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVTowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIw
NTI0MDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdDRTk0QUE4QkFGMDJC
OTY4NTQxNjQ3MTI5NUREQ0UwRjY5MUM1OTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCaoGed2iS58ecCcQbY9LgJoA+J7nngKN7c0B0RikdKhG2WCdc
9WZOzqwpD2DSUTXZIp6kZVHta9mgSHsKJrwyJBLe+mq1wlnX2lzlDGZSPODA4PGW
vnP6bq22GKEyQhuoYjub8RMVh16azYvGmnxoYvpMQICgH8m5jcBd4cLgORFn+UNw
MF716xEVVrWCERGYcfhcjxOYQnJSOt0VwS/3GfCxnVUXeBm8TZEsmgo15mT+OkuT
FbC6YnTciMBv8zBsEG47slOuUyoVa1ZZqrWLdM11d3e2avN19UUWVjX8qTzKrZTx
MZ3iB9nu6hpPaP/Aey9m+lA80AyZDL6DjA1vAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUfOlKqLrwK5aFQWRxKV3c4PaRxZcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZPbEtxTHJ3SzVhRlFX
UnhLVjNjNFBhUnhaYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAktgMayFZwVHEz39jjwGXimi499nH4iDL
5XF+Uh8Cn3K/sEXFZaBnIxxcHpkaJvrwIyk2tvcoYHF+YZL1XtK6s/pemSgQDA3O
M2r13079mRYoqGzbzilyjMoP61eJNXMzKRuE8umqn3tFTlEi3+rlguVMwY1nlCD5
jmAsew1tB7Chh2qtabMhKBvcszDQ2GGnC9qhXWL8XgcXoiTOOFG1uHXvjAbsqb2j
U5E9zqVmvRLHNMRsQFPanyC+M77CHfVEXJglPsogWCjEQxAqXb6a4HOJVKxiEu64
eagY+RTo5+kvuB8yzxgKq/K0bqL/n4XVtHJQH0JG+8CoNJLoCxd+fw==
-----END CERTIFICATE-----
Generated at Fri Jun 20 08:11:14 2025 by rpki-client