Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lM9nEjfSOmIpiZotozKUi8a4_ck.roa
File: lM9nEjfSOmIpiZotozKUi8a4_ck.roa (raw, json)
Hash identifier: sLsoToRfrS7djUnUKHMchhDgd7ijlyX4VxmGVCPVWDU=
Subject key identifier: 94:CF:67:12:37:D2:3A:62:29:89:9A:2D:A3:32:94:8B:C6:B8:FD:C9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4EEE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lM9nEjfSOmIpiZotozKUi8a4_ck.roa
Signing time: Fri 03 May 2024 19:53:54 +0000
ROA not before: Fri 03 May 2024 19:53:54 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20206 (0x4eee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 19:53:54 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=94CF671237D23A6229899A2DA332948BC6B8FDC9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:e4:23:0e:97:55:5e:ae:4f:c6:b1:2f:a5:a1:
4e:ff:27:5b:42:7c:35:4f:72:13:4b:ef:8b:a0:28:
09:37:3a:cf:0c:3a:5e:32:c8:cc:6f:1f:41:a2:ee:
50:9c:bc:1f:7f:e3:dd:3c:44:77:ff:ac:7e:e6:54:
1c:ec:a6:cb:48:84:36:34:6e:59:3d:85:03:74:28:
03:38:c1:0f:65:8c:9a:94:85:52:4f:be:c2:80:30:
55:f5:9d:8c:59:e6:4b:7f:bd:02:88:d2:04:bb:b6:
3f:a6:ce:6c:d2:58:70:41:7b:6f:59:6d:6c:cc:5c:
46:56:d4:33:5b:a5:89:51:9a:fc:e7:dd:f6:79:54:
6e:f4:ad:60:1d:08:c8:0e:b8:ec:95:7f:41:31:44:
5f:09:53:47:91:02:bf:bb:b1:49:30:7f:b3:49:17:
79:34:34:17:56:7a:f5:84:5d:e8:8c:f0:9d:79:c8:
94:8b:6d:cc:1a:53:95:f6:d3:b4:1a:31:70:4a:dc:
28:f1:cd:70:7e:71:e7:15:a6:c9:21:ea:89:be:42:
20:91:24:35:2a:f1:9c:15:4a:83:a8:22:9e:dd:c7:
d7:b4:fc:28:37:67:b6:15:9a:05:9d:d8:f3:c6:f7:
ef:d7:5a:35:86:f8:05:13:aa:14:de:3d:77:0e:41:
fb:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:CF:67:12:37:D2:3A:62:29:89:9A:2D:A3:32:94:8B:C6:B8:FD:C9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lM9nEjfSOmIpiZotozKUi8a4_ck.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3e:ff:6d:50:22:2b:76:6c:aa:25:c6:5a:82:9d:76:09:2d:21:
15:39:5b:1d:74:ba:21:79:47:5c:ea:d6:7d:0c:ee:f2:5f:48:
03:ac:10:c4:73:e0:53:ab:b1:ea:39:65:19:92:c8:2c:f2:31:
7b:56:c2:93:7e:76:81:ea:12:6d:2c:eb:f5:f3:9f:a4:69:ca:
59:b2:5d:77:79:d8:8a:8f:e0:39:27:d7:b8:ff:6c:86:df:8f:
33:bb:6e:c2:3c:df:71:44:6f:9d:f3:b0:d9:c4:fe:fa:3f:bf:
e2:3f:75:74:d2:d1:e4:60:f7:d6:7e:01:ed:d5:6f:cd:00:96:
a4:8c:e6:8b:b5:24:0c:72:08:31:d0:1a:17:ae:72:2e:13:1d:
56:6f:12:22:49:c7:2c:17:10:ff:7e:6e:2a:51:a2:d1:de:4a:
5a:0c:8c:f9:3b:0b:a5:e0:90:4d:4c:f5:01:09:2e:dd:34:ac:
42:46:fe:4d:7e:ed:fc:4d:63:58:d1:37:93:4e:f2:63:ae:af:
3f:5a:ef:e3:3a:af:d2:f7:f5:1c:e4:a3:31:6d:c9:97:50:78:
1a:e1:da:0d:05:21:1c:cd:77:06:dc:5d:0c:81:ce:2b:b4:a1:
33:24:e6:98:d4:e2:e4:06:d9:9d:b6:9b:76:32:64:83:c3:02:
d4:1c:8a:35
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTu4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMx
OTUzNTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk0Q0Y2NzEyMzdEMjNB
NjIyOTg5OUEyREEzMzI5NDhCQzZCOEZEQzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDn5CMOl1Verk/GsS+loU7/J1tCfDVPchNL74ugKAk3Os8MOl4y
yMxvH0Gi7lCcvB9/4908RHf/rH7mVBzspstIhDY0blk9hQN0KAM4wQ9ljJqUhVJP
vsKAMFX1nYxZ5kt/vQKI0gS7tj+mzmzSWHBBe29ZbWzMXEZW1DNbpYlRmvzn3fZ5
VG70rWAdCMgOuOyVf0ExRF8JU0eRAr+7sUkwf7NJF3k0NBdWevWEXeiM8J15yJSL
bcwaU5X207QaMXBK3CjxzXB+cecVpskh6om+QiCRJDUq8ZwVSoOoIp7dx9e0/Cg3
Z7YVmgWd2PPG9+/XWjWG+AUTqhTePXcOQfu5AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUlM9nEjfSOmIpiZotozKUi8a4/ckwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xNOW5FamZTT21JcGla
b3RvektVaThhNF9jay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAPv9tUCIrdmyqJcZagp12CS0hFTlbHXS6
IXlHXOrWfQzu8l9IA6wQxHPgU6ux6jllGZLILPIxe1bCk352geoSbSzr9fOfpGnK
WbJdd3nYio/gOSfXuP9sht+PM7tuwjzfcURvnfOw2cT++j+/4j91dNLR5GD31n4B
7dVvzQCWpIzmi7UkDHIIMdAaF65yLhMdVm8SIknHLBcQ/35uKlGi0d5KWgyM+TsL
peCQTUz1AQku3TSsQkb+TX7t/E1jWNE3k07yY66vP1rv4zqv0vf1HOSjMW3Jl1B4
GuHaDQUhHM13BtxdDIHOK7ShMyTmmNTi5AbZnbabdjJkg8MC1ByKNQ==
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:51 2025 by rpki-client