Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/h8CS519TLSjzJNLGMPR_T_U0HrM.roa
File: h8CS519TLSjzJNLGMPR_T_U0HrM.roa (raw, json)
Hash identifier: If16AEz1f3xUmq6u2eFqhlIgqGXUmjhY/zxXagAkdIE=
Subject key identifier: 87:C0:92:E7:5F:53:2D:28:F3:24:D2:C6:30:F4:7F:4F:F5:34:1E:B3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 56CE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/h8CS519TLSjzJNLGMPR_T_U0HrM.roa
Signing time: Tue 14 May 2024 07:54:49 +0000
ROA not before: Tue 14 May 2024 07:54:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22222 (0x56ce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 07:54:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=87C092E75F532D28F324D2C630F47F4FF5341EB3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:d7:bc:76:39:01:b5:f1:05:f2:00:09:c7:a3:
b9:57:f2:05:79:4e:7a:bf:29:90:a2:2f:14:49:09:
f9:e2:dd:5b:ce:2e:e2:f4:43:d5:da:77:83:0d:1a:
f7:9c:d9:bb:97:87:24:8c:69:9e:09:1d:8c:15:e4:
f8:37:c9:6a:94:af:8e:f4:2c:51:5b:9b:22:1b:a4:
b8:1d:18:c4:0a:8d:42:7e:7d:ca:ee:64:93:ab:63:
cd:6a:35:09:aa:36:8c:0b:fa:d9:34:6f:48:e7:88:
52:6f:52:f6:4d:35:51:f1:9b:a6:da:61:81:92:c9:
21:37:cf:1d:2b:a4:38:c8:0c:38:79:74:67:23:a3:
ef:38:6f:97:bf:c8:77:48:72:1a:c9:ce:1d:b4:9f:
7f:3b:61:bf:fe:85:ee:51:bd:f4:b0:64:21:4b:70:
65:e6:d5:7a:48:b5:37:28:b9:aa:ec:7e:21:ce:91:
7a:5f:04:a7:fd:f8:d7:95:69:c9:c3:79:bf:47:ec:
63:24:d8:54:72:48:83:52:16:16:e3:70:a5:ac:5b:
dc:4c:4a:da:5c:87:58:33:56:b4:6a:be:2c:60:a0:
1c:4e:f2:f5:09:dd:9b:17:8e:a5:10:7c:4b:09:a4:
c6:97:7d:e5:4f:58:be:6d:45:fc:28:a9:8e:1e:62:
2f:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:C0:92:E7:5F:53:2D:28:F3:24:D2:C6:30:F4:7F:4F:F5:34:1E:B3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/h8CS519TLSjzJNLGMPR_T_U0HrM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9c:b4:51:3d:63:7c:5e:30:42:49:f9:c3:8f:a0:31:e7:9a:b9:
b0:b1:16:76:a2:9c:b4:43:d5:a3:6a:6f:4d:bc:64:e4:64:21:
9b:23:fb:85:3a:02:1d:d0:d3:f3:3e:a5:90:c5:26:0a:99:ad:
f3:fc:55:42:6d:6a:48:d0:24:ef:47:0f:6e:fd:57:5e:de:ac:
d2:6c:d3:79:cc:6d:57:b2:d3:dc:f3:2e:84:65:96:4d:2d:f1:
e5:52:90:f4:b5:91:f0:88:57:85:3e:02:87:5f:2c:9f:dc:ec:
1e:bb:a4:88:1e:53:ba:43:1b:6f:92:2c:93:94:23:df:f3:98:
c1:97:52:51:61:38:6c:bb:85:5e:af:1e:ab:17:ae:73:d7:d6:
a5:6a:00:7a:61:e6:f3:b3:68:d8:2b:dc:f7:36:57:97:a7:f0:
f4:22:40:73:73:dd:a0:c0:7e:38:b0:14:98:34:f0:58:de:00:
e8:9a:fb:98:f7:c0:f9:d3:a4:ed:e8:9a:bc:6d:82:c0:2c:d9:
0e:8e:08:22:44:bf:b1:c1:b1:e6:21:c9:4c:ac:e7:04:3d:8c:
cb:28:62:58:14:a5:8e:a8:b7:53:f8:a4:54:fc:e0:df:c0:50:
87:1a:fc:a6:0a:c1:03:9f:21:3a:d3:ae:64:72:46:a6:95:d2:
bd:2b:14:9f
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVs4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQw
NzU0NDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg3QzA5MkU3NUY1MzJE
MjhGMzI0RDJDNjMwRjQ3RjRGRjUzNDFFQjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDV17x2OQG18QXyAAnHo7lX8gV5Tnq/KZCiLxRJCfni3VvOLuL0
Q9Xad4MNGvec2buXhySMaZ4JHYwV5Pg3yWqUr470LFFbmyIbpLgdGMQKjUJ+fcru
ZJOrY81qNQmqNowL+tk0b0jniFJvUvZNNVHxm6baYYGSySE3zx0rpDjIDDh5dGcj
o+84b5e/yHdIchrJzh20n387Yb/+he5RvfSwZCFLcGXm1XpItTcouarsfiHOkXpf
BKf9+NeVacnDeb9H7GMk2FRySINSFhbjcKWsW9xMStpch1gzVrRqvixgoBxO8vUJ
3ZsXjqUQfEsJpMaXfeVPWL5tRfwoqY4eYi9RAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUh8CS519TLSjzJNLGMPR/T/U0HrMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2g4Q1M1MTlUTFNqekpO
TEdNUFJfVF9VMEhyTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAnLRRPWN8XjBCSfnDj6Ax55q5sLEWdqKc
tEPVo2pvTbxk5GQhmyP7hToCHdDT8z6lkMUmCpmt8/xVQm1qSNAk70cPbv1XXt6s
0mzTecxtV7LT3PMuhGWWTS3x5VKQ9LWR8IhXhT4Ch18sn9zsHrukiB5TukMbb5Is
k5Qj3/OYwZdSUWE4bLuFXq8eqxeuc9fWpWoAemHm87No2Cvc9zZXl6fw9CJAc3Pd
oMB+OLAUmDTwWN4A6Jr7mPfA+dOk7eiavG2CwCzZDo4IIkS/scGx5iHJTKznBD2M
yyhiWBSljqi3U/ikVPzg38BQhxr8pgrBA58hOtOuZHJGppXSvSsUnw==
-----END CERTIFICATE-----
Generated at Sat Jun 21 06:41:40 2025 by rpki-client