Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kn7J1lIMjNoJ6ntNJhTaKYZ5Szc.roa
File: kn7J1lIMjNoJ6ntNJhTaKYZ5Szc.roa (raw, json)
Hash identifier: Nhf//9+K60G66GU5OOZdeYMl63V8rlfiGeBIDoSSVvc=
Subject key identifier: 92:7E:C9:D6:52:0C:8C:DA:09:EA:7B:4D:26:14:DA:29:86:79:4B:37
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42EE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kn7J1lIMjNoJ6ntNJhTaKYZ5Szc.roa
Signing time: Wed 17 Apr 2024 19:53:00 +0000
ROA not before: Wed 17 Apr 2024 19:53:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17134 (0x42ee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 19:53:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=927EC9D6520C8CDA09EA7B4D2614DA2986794B37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:67:c1:17:9f:38:31:c8:b3:51:48:55:34:4a:
8d:23:b5:ec:41:4c:03:76:dd:3a:0f:5d:e7:20:36:
64:c7:a4:20:94:46:27:17:0a:12:bb:39:7e:24:6d:
08:e2:a8:92:5a:6a:cd:dd:a7:8a:d7:86:d7:e3:a2:
4c:d8:58:3e:0a:b7:61:26:42:6c:8d:20:e2:d1:3b:
5b:2c:04:59:89:94:ac:4d:85:1b:da:78:df:7f:67:
7d:d3:f0:29:b5:2e:6e:ce:58:bc:9b:d2:f1:22:8e:
95:07:55:cc:dd:04:a4:63:45:74:d9:6c:be:00:5b:
a4:0c:4a:8c:7e:cd:ca:fc:f2:84:bc:3f:ef:40:80:
74:d3:73:6e:96:41:dc:02:77:ef:23:59:02:3d:2f:
c5:91:77:38:46:41:92:9a:c8:74:db:3b:e6:a4:8c:
e4:55:ad:d7:ae:0e:6e:de:45:68:97:5f:8d:b0:5d:
43:84:e8:77:68:cd:6c:1f:d5:b1:c3:c5:3a:fe:bf:
1a:c0:bf:aa:26:7a:62:ee:42:2e:7a:ca:ba:c1:a2:
9b:eb:81:f4:c8:e7:47:7a:16:a1:54:aa:b3:21:50:
83:af:28:68:22:6b:dd:84:14:02:fd:1c:97:04:c3:
4f:9e:7b:00:be:df:21:ca:2d:c4:da:e8:db:8d:e2:
bc:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:7E:C9:D6:52:0C:8C:DA:09:EA:7B:4D:26:14:DA:29:86:79:4B:37
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kn7J1lIMjNoJ6ntNJhTaKYZ5Szc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
71:3e:ec:71:3f:44:30:18:aa:cc:46:a0:d8:54:ac:b8:7a:95:
bb:1b:4e:9a:39:ba:57:e5:21:7c:21:ff:9d:13:9d:c4:e5:93:
95:67:06:9a:6b:c8:d1:5d:52:08:47:8c:72:ea:8b:af:a0:86:
b7:9d:11:6f:85:c6:0c:52:e2:1d:24:3f:08:af:96:26:d3:d8:
67:d6:04:a2:94:b8:46:39:e6:1c:d0:d5:cf:5e:e1:0c:3d:63:
ec:d3:19:7a:cc:e6:1d:43:1f:25:42:4b:98:d0:62:68:25:4b:
40:20:58:c8:69:85:ee:58:fb:89:89:3e:f0:01:6f:73:af:c5:
51:79:a4:5e:20:8c:58:28:17:24:76:2c:01:e1:97:d3:ba:4c:
7d:01:b0:ff:a7:53:98:26:71:f4:84:eb:d1:86:3b:07:60:7b:
5b:09:a7:17:1f:d2:0b:68:6f:5d:96:d1:70:8c:d3:b6:11:45:
20:df:49:fd:e5:78:49:11:fa:0a:49:df:e5:e9:c2:c2:71:b6:
ec:2d:3d:bc:07:84:da:94:c7:95:3e:d2:b4:5b:51:cd:88:df:
29:c3:73:27:72:7a:34:51:3b:e8:f7:1d:5d:b4:b9:28:66:96:
ab:16:c2:56:fa:7c:f7:2a:d7:7c:dd:ee:51:30:d3:7b:58:17:
5d:c2:76:f9
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQu4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcx
OTUzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDkyN0VDOUQ2NTIwQzhD
REEwOUVBN0I0RDI2MTREQTI5ODY3OTRCMzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDvZ8EXnzgxyLNRSFU0So0jtexBTAN23ToPXecgNmTHpCCURicX
ChK7OX4kbQjiqJJaas3dp4rXhtfjokzYWD4Kt2EmQmyNIOLRO1ssBFmJlKxNhRva
eN9/Z33T8Cm1Lm7OWLyb0vEijpUHVczdBKRjRXTZbL4AW6QMSox+zcr88oS8P+9A
gHTTc26WQdwCd+8jWQI9L8WRdzhGQZKayHTbO+akjORVrdeuDm7eRWiXX42wXUOE
6HdozWwf1bHDxTr+vxrAv6omemLuQi56yrrBopvrgfTI50d6FqFUqrMhUIOvKGgi
a92EFAL9HJcEw0+eewC+3yHKLcTa6NuN4rzVAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUkn7J1lIMjNoJ6ntNJhTaKYZ5SzcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2tuN0oxbElNak5vSjZu
dE5KaFRhS1laNVN6Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAcT7scT9EMBiqzEag2FSsuHqVuxtOmjm6
V+UhfCH/nROdxOWTlWcGmmvI0V1SCEeMcuqLr6CGt50Rb4XGDFLiHSQ/CK+WJtPY
Z9YEopS4RjnmHNDVz17hDD1j7NMZeszmHUMfJUJLmNBiaCVLQCBYyGmF7lj7iYk+
8AFvc6/FUXmkXiCMWCgXJHYsAeGX07pMfQGw/6dTmCZx9ITr0YY7B2B7WwmnFx/S
C2hvXZbRcIzTthFFIN9J/eV4SRH6Cknf5enCwnG27C09vAeE2pTHlT7StFtRzYjf
KcNzJ3J6NFE76PcdXbS5KGaWqxbCVvp89yrXfN3uUTDTe1gXXcJ2+Q==
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:07:50 2025 by rpki-client