Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/j2zX560--dp_5lZftjTRswYsIFQ.roa
File: j2zX560--dp_5lZftjTRswYsIFQ.roa (raw, json)
Hash identifier: ZXcfny55BhY6KQVtZ5kiBOPKi0kHWgtTu9L2xorb1UQ=
Subject key identifier: 8F:6C:D7:E7:AD:3E:F9:DA:7F:E6:56:5F:B6:34:D1:B3:06:2C:20:54
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 349E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j2zX560--dp_5lZftjTRswYsIFQ.roa
Signing time: Fri 29 Mar 2024 17:52:05 +0000
ROA not before: Fri 29 Mar 2024 17:52:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13470 (0x349e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 17:52:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8F6CD7E7AD3EF9DA7FE6565FB634D1B3062C2054
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:09:b8:ae:ef:e5:6f:da:05:d1:a0:2f:3d:ad:
a8:fc:1e:0b:38:62:ec:07:d4:04:c0:6c:02:40:93:
ec:74:f5:43:5f:d2:a2:5a:d8:61:98:98:06:93:f3:
93:d6:e1:fd:ee:64:dd:75:cb:07:09:c3:e7:0f:bb:
5e:bd:4c:87:b7:13:14:f6:17:af:92:ee:0f:aa:57:
ef:54:30:3b:a3:6a:56:18:41:4b:46:cb:02:a6:70:
4d:70:90:4d:94:42:32:9f:63:7c:96:a7:2d:cd:12:
7d:3b:94:5e:df:62:fc:c5:f4:14:b2:93:8d:04:0f:
25:0e:58:0e:19:63:82:b6:6f:43:c4:f7:e2:9d:0e:
71:17:5b:05:0a:55:ed:99:15:5e:06:2c:b2:59:74:
28:c6:97:e3:4d:fb:94:8c:79:2a:9d:53:25:70:b8:
7b:dc:8d:84:2a:f8:1c:7c:57:4e:be:1e:2e:28:1d:
cf:b3:52:6d:36:b8:01:6a:7e:e9:b1:a5:2c:83:5d:
fa:fc:b8:09:1a:2f:61:e1:a9:fe:06:23:b4:77:7c:
16:67:b9:75:de:27:58:f9:05:8b:f5:f6:dc:3f:75:
c1:5d:d0:a0:2c:c5:3d:79:8c:45:30:b6:2d:7c:2a:
06:63:f8:f0:97:8f:81:5f:0b:dc:e1:71:57:e1:6c:
bb:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:6C:D7:E7:AD:3E:F9:DA:7F:E6:56:5F:B6:34:D1:B3:06:2C:20:54
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j2zX560--dp_5lZftjTRswYsIFQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
38:9e:a7:ff:f8:4a:08:b9:36:c5:91:1f:fc:56:d0:ee:79:79:
63:6f:12:02:72:1b:e4:52:c5:36:fd:0b:87:02:96:35:95:87:
49:e6:e3:c9:ff:e8:4c:71:28:4c:8b:f8:34:56:a7:93:39:e7:
97:9d:62:bd:07:97:56:f3:c0:5a:a1:df:b7:a0:8e:f9:91:95:
ea:04:6b:aa:26:c0:72:79:74:90:1f:1d:a4:08:32:6f:bc:79:
0c:02:46:30:60:48:a5:48:04:3f:52:75:4f:ef:54:5c:ed:54:
88:b8:69:8c:82:f2:74:46:fe:bb:d6:cc:db:85:d1:a3:e8:c4:
72:7f:35:87:f2:e0:aa:00:e6:c8:01:21:4e:37:3e:df:2f:d0:
55:38:96:5d:59:49:a6:09:b7:ab:cc:7b:33:43:cd:5a:7b:0a:
70:d0:6d:b1:3f:5f:74:09:bd:0f:88:55:07:67:51:e6:be:99:
71:d2:7c:e7:16:a6:d1:fb:9e:29:01:99:44:75:a2:16:c9:5e:
b4:b0:9d:d6:23:29:8d:b6:81:ad:1f:e2:82:81:27:da:df:62:
ee:00:0b:fa:56:4b:90:89:23:c6:ac:72:8c:5f:70:0f:31:b1:
fe:c4:a4:9f:76:5b:f9:42:a9:58:42:04:a3:46:ad:2a:0c:14:
69:cb:96:8d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNJ4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkx
NzUyMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhGNkNEN0U3QUQzRUY5
REE3RkU2NTY1RkI2MzREMUIzMDYyQzIwNTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1Cbiu7+Vv2gXRoC89raj8Hgs4YuwH1ATAbAJAk+x09UNf0qJa
2GGYmAaT85PW4f3uZN11ywcJw+cPu169TIe3ExT2F6+S7g+qV+9UMDujalYYQUtG
ywKmcE1wkE2UQjKfY3yWpy3NEn07lF7fYvzF9BSyk40EDyUOWA4ZY4K2b0PE9+Kd
DnEXWwUKVe2ZFV4GLLJZdCjGl+NN+5SMeSqdUyVwuHvcjYQq+Bx8V06+Hi4oHc+z
Um02uAFqfumxpSyDXfr8uAkaL2Hhqf4GI7R3fBZnuXXeJ1j5BYv19tw/dcFd0KAs
xT15jEUwti18KgZj+PCXj4FfC9zhcVfhbLtHAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUj2zX560++dp/5lZftjTRswYsIFQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2oyelg1NjAtLWRwXzVs
WmZ0alRSc3dZc0lGUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAOJ6n//hKCLk2xZEf/FbQ7nl5Y28SAnIb
5FLFNv0LhwKWNZWHSebjyf/oTHEoTIv4NFankznnl51ivQeXVvPAWqHft6CO+ZGV
6gRrqibAcnl0kB8dpAgyb7x5DAJGMGBIpUgEP1J1T+9UXO1UiLhpjILydEb+u9bM
24XRo+jEcn81h/LgqgDmyAEhTjc+3y/QVTiWXVlJpgm3q8x7M0PNWnsKcNBtsT9f
dAm9D4hVB2dR5r6ZcdJ85xam0fueKQGZRHWiFsletLCd1iMpjbaBrR/igoEn2t9i
7gAL+lZLkIkjxqxyjF9wDzGx/sSkn3Zb+UKpWEIEo0atKgwUacuWjQ==
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:00:41 2025 by rpki-client