Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/mLouM1J1A1ZwFW0KRozJeoSw8Pw.roa
File: mLouM1J1A1ZwFW0KRozJeoSw8Pw.roa (raw, json)
Hash identifier: INoctdmudw/8tOmIZ8GkHhpzyIyf0ulgvctYI00c3xM=
Subject key identifier: 98:BA:2E:33:52:75:03:56:70:15:6D:0A:46:8C:C9:7A:84:B0:F0:FC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3DCE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mLouM1J1A1ZwFW0KRozJeoSw8Pw.roa
Signing time: Wed 10 Apr 2024 23:53:12 +0000
ROA not before: Wed 10 Apr 2024 23:53:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15822 (0x3dce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 23:53:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=98BA2E335275035670156D0A468CC97A84B0F0FC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:a9:d6:92:e6:40:93:46:d3:48:8e:07:4e:88:
ed:6f:12:4f:67:d5:9d:33:dc:78:8d:40:2d:fd:68:
68:2e:a3:96:01:d9:30:dc:9d:d8:a0:1d:24:7d:10:
9b:f4:69:d0:62:e3:80:a2:c2:94:eb:24:d8:ce:fa:
20:03:23:54:64:4e:b9:df:b5:ad:86:00:f9:c1:04:
eb:15:6e:c5:bd:86:87:9c:79:d1:9d:6d:e6:b2:f0:
c0:ed:9a:4a:35:cc:fd:8e:91:05:d4:53:d7:bf:bd:
0e:2c:7e:24:bb:7a:d8:28:ec:60:3a:a8:49:b8:f2:
66:ec:14:41:2d:6e:30:86:99:1d:8b:21:3f:37:d4:
ba:5d:61:f1:1b:41:ec:8d:24:b9:7c:83:2f:d1:29:
3c:29:69:c9:91:d0:c9:dc:82:1c:34:fd:17:ca:77:
f2:22:9a:5a:91:ff:31:d3:91:ed:01:77:7f:03:67:
fb:d1:b7:79:ce:63:67:73:ea:90:56:88:68:e6:a7:
b8:92:52:75:ea:5b:7c:2a:0a:05:44:42:db:ca:d5:
5e:45:6f:89:b3:94:6f:27:e5:6c:3e:83:2b:c7:a0:
7b:17:f5:3f:69:d3:46:93:ce:03:37:e8:e9:d8:b5:
78:5a:fd:1e:67:74:3b:7b:f7:c3:cd:29:ca:cf:d5:
ac:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:BA:2E:33:52:75:03:56:70:15:6D:0A:46:8C:C9:7A:84:B0:F0:FC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mLouM1J1A1ZwFW0KRozJeoSw8Pw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3e:8e:68:d5:b2:a4:3b:d4:c6:35:75:06:93:48:f5:bc:22:9f:
2a:47:78:6f:07:97:f6:fa:d7:46:3d:3b:58:eb:86:ac:60:f8:
52:b7:01:9c:8e:23:ad:e3:9f:67:01:19:2e:27:d2:e7:f0:33:
9d:57:a3:07:2e:85:ce:e5:42:7a:13:64:94:31:4a:aa:f5:b5:
75:c6:e7:cd:0d:f0:18:63:3f:1c:ad:a3:f4:14:01:41:36:8c:
4e:d9:ef:d4:08:87:46:f5:00:e5:d2:1d:5a:36:a3:68:b5:a1:
ee:4c:a3:05:da:34:af:81:e3:85:5b:5d:bc:ad:5f:f0:a5:79:
a0:13:67:e7:a5:d8:a6:72:6e:0b:24:4e:37:48:e7:16:77:39:
99:0c:5e:c3:5e:f1:ac:13:58:ba:6c:a3:42:0a:cf:05:fb:b6:
8c:a8:2e:c4:d2:f9:6c:53:00:92:8d:9d:e0:0a:9d:3a:76:84:
a9:82:c4:7e:a2:64:af:70:16:a6:84:73:0f:7f:ae:18:71:a8:
73:ce:04:0e:87:42:37:32:63:e3:8f:19:58:61:49:9d:c4:c1:
71:4f:0f:d6:5c:68:bd:57:f4:4b:b7:92:03:e7:85:ba:69:41:
45:33:a5:36:f4:2c:27:7b:3c:6b:c8:07:4d:a1:7e:33:53:5f:
b6:38:7c:25
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPc4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAy
MzUzMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk4QkEyRTMzNTI3NTAz
NTY3MDE1NkQwQTQ2OENDOTdBODRCMEYwRkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTqdaS5kCTRtNIjgdOiO1vEk9n1Z0z3HiNQC39aGguo5YB2TDc
ndigHSR9EJv0adBi44CiwpTrJNjO+iADI1RkTrnfta2GAPnBBOsVbsW9hoecedGd
beay8MDtmko1zP2OkQXUU9e/vQ4sfiS7etgo7GA6qEm48mbsFEEtbjCGmR2LIT83
1LpdYfEbQeyNJLl8gy/RKTwpacmR0Mncghw0/RfKd/IimlqR/zHTke0Bd38DZ/vR
t3nOY2dz6pBWiGjmp7iSUnXqW3wqCgVEQtvK1V5Fb4mzlG8n5Ww+gyvHoHsX9T9p
00aTzgM36OnYtXha/R5ndDt798PNKcrP1awhAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUmLouM1J1A1ZwFW0KRozJeoSw8PwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L21Mb3VNMUoxQTFad0ZX
MEtSb3pKZW9TdzhQdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAPo5o1bKkO9TGNXUGk0j1vCKfKkd4bweX
9vrXRj07WOuGrGD4UrcBnI4jreOfZwEZLifS5/AznVejBy6FzuVCehNklDFKqvW1
dcbnzQ3wGGM/HK2j9BQBQTaMTtnv1AiHRvUA5dIdWjajaLWh7kyjBdo0r4HjhVtd
vK1f8KV5oBNn56XYpnJuCyRON0jnFnc5mQxew17xrBNYumyjQgrPBfu2jKguxNL5
bFMAko2d4AqdOnaEqYLEfqJkr3AWpoRzD3+uGHGoc84EDodCNzJj448ZWGFJncTB
cU8P1lxovVf0S7eSA+eFumlBRTOlNvQsJ3s8a8gHTaF+M1Nftjh8JQ==
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:45:19 2025 by rpki-client