Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jELBBci35O8y-fhgqSR39M7WMyg.roa
File: jELBBci35O8y-fhgqSR39M7WMyg.roa (raw, json)
Hash identifier: LEPB6nfjCkEY3qr5uZN5ovsaDBMvkotqSpvTbkFI8Ic=
Subject key identifier: 8C:42:C1:05:C8:B7:E4:EF:32:F9:F8:60:A9:24:77:F4:CE:D6:33:28
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 381A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jELBBci35O8y-fhgqSR39M7WMyg.roa
Signing time: Wed 03 Apr 2024 09:22:19 +0000
ROA not before: Wed 03 Apr 2024 09:22:19 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14362 (0x381a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 3 09:22:19 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8C42C105C8B7E4EF32F9F860A92477F4CED63328
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:14:36:00:f5:8b:a5:d1:2b:60:1b:2d:b2:6a:
96:25:a8:a3:91:41:bf:57:84:ec:e4:8f:ab:1c:2e:
07:47:34:d4:3b:5a:5c:9c:5c:56:ba:5d:3f:d3:f5:
ae:ca:f2:87:c0:4a:83:b0:25:bd:77:68:10:02:11:
55:78:90:54:61:9b:e5:6d:b8:2a:83:b0:1a:33:76:
48:ac:54:d1:19:43:3a:ba:e2:46:bc:c6:6c:33:e4:
d7:7e:2b:8e:92:38:90:60:7d:62:f4:b8:fe:c9:3d:
ca:9e:8d:8e:d8:34:e1:63:27:2c:61:4c:fe:33:fb:
3f:63:b5:29:95:cc:7b:6c:36:52:23:7d:2a:82:6e:
06:12:04:c0:7a:28:6a:ab:a6:ce:75:e3:82:91:0d:
2d:2d:4f:36:05:84:ce:0b:5d:17:e4:c3:62:1b:ed:
56:b3:86:7a:5a:80:10:49:b1:be:cf:fa:e7:47:4e:
15:15:b9:86:f6:12:78:2d:47:19:19:27:0b:46:82:
ed:ca:da:1e:a7:2a:21:3f:d0:de:ec:c1:a8:c9:a7:
d2:13:c7:f1:53:25:dc:1f:d0:08:ee:3c:fe:12:eb:
a2:c2:d1:39:30:e9:9d:b4:07:84:0d:c4:46:90:13:
83:9d:52:63:e9:84:23:79:73:db:0e:84:be:5f:45:
09:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:42:C1:05:C8:B7:E4:EF:32:F9:F8:60:A9:24:77:F4:CE:D6:33:28
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jELBBci35O8y-fhgqSR39M7WMyg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4a:6c:63:76:3a:fa:b1:4d:22:dc:20:d1:ca:ea:3c:33:6f:5f:
fe:d0:c2:52:59:67:a5:a5:3e:3c:e3:4c:72:70:b2:0f:a5:0c:
85:1f:e8:3a:7c:2c:37:e6:7d:25:d7:90:80:7b:7b:dc:29:1a:
ac:84:7a:0b:3b:7b:74:87:fe:75:f2:d6:42:00:91:35:00:ab:
e0:74:cc:e7:37:14:63:ee:00:4e:2a:e2:53:ad:10:58:48:58:
41:39:fd:43:78:d2:c1:64:ef:eb:35:d8:fb:85:c6:e9:bf:b3:
a4:1d:1e:7f:3e:c3:ef:d3:a0:9e:89:05:d8:82:1e:dd:47:36:
3f:4c:86:4f:98:25:80:8a:8f:31:cb:8a:08:e0:01:95:25:8d:
d9:67:96:6c:c3:e4:d0:a8:b2:d9:9c:01:6d:e7:30:88:4e:0a:
f4:85:b5:62:4d:8d:ad:d5:db:f1:93:58:2a:53:5d:22:2a:49:
96:fe:25:b4:5e:75:58:06:8e:2a:c6:c4:63:67:06:1e:c4:c9:
37:82:c3:79:91:f8:0c:76:dc:3e:d5:fd:83:19:e7:c7:bc:ab:
c1:a0:3d:5a:22:b1:21:65:4d:2a:d7:2d:59:d6:96:a2:7f:36:
79:52:b4:02:c7:c9:e4:b9:20:c5:ef:d9:76:ff:44:cb:50:4e:
ba:76:7b:b4
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOBowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDMw
OTIyMTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhDNDJDMTA1QzhCN0U0
RUYzMkY5Rjg2MEE5MjQ3N0Y0Q0VENjMzMjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdFDYA9Yul0StgGy2yapYlqKORQb9XhOzkj6scLgdHNNQ7Wlyc
XFa6XT/T9a7K8ofASoOwJb13aBACEVV4kFRhm+VtuCqDsBozdkisVNEZQzq64ka8
xmwz5Nd+K46SOJBgfWL0uP7JPcqejY7YNOFjJyxhTP4z+z9jtSmVzHtsNlIjfSqC
bgYSBMB6KGqrps5144KRDS0tTzYFhM4LXRfkw2Ib7VazhnpagBBJsb7P+udHThUV
uYb2EngtRxkZJwtGgu3K2h6nKiE/0N7swajJp9ITx/FTJdwf0AjuPP4S66LC0Tkw
6Z20B4QNxEaQE4OdUmPphCN5c9sOhL5fRQkvAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUjELBBci35O8y+fhgqSR39M7WMygwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pFTEJCY2kzNU84eS1m
aGdxU1IzOU03V015Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEASmxjdjr6sU0i3CDRyuo8M29f/tDCUlln
paU+PONMcnCyD6UMhR/oOnwsN+Z9JdeQgHt73CkarIR6Czt7dIf+dfLWQgCRNQCr
4HTM5zcUY+4ATiriU60QWEhYQTn9Q3jSwWTv6zXY+4XG6b+zpB0efz7D79OgnokF
2IIe3Uc2P0yGT5glgIqPMcuKCOABlSWN2WeWbMPk0Kiy2ZwBbecwiE4K9IW1Yk2N
rdXb8ZNYKlNdIipJlv4ltF51WAaOKsbEY2cGHsTJN4LDeZH4DHbcPtX9gxnnx7yr
waA9WiKxIWVNKtctWdaWon82eVK0AsfJ5Lkgxe/Zdv9Ey1BOunZ7tA==
-----END CERTIFICATE-----
Generated at Sat Jun 21 15:02:29 2025 by rpki-client