Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/mYbwewdZCBGhF4nKVpjEVw5p7rI.roa
File: mYbwewdZCBGhF4nKVpjEVw5p7rI.roa (raw, json)
Hash identifier: 076pCcKlXoA7X9ouKEQcX6iec+dfuty6PpWptMbx7+4=
Subject key identifier: 99:86:F0:7B:07:59:08:11:A1:17:89:CA:56:98:C4:57:0E:69:EE:B2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E3A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mYbwewdZCBGhF4nKVpjEVw5p7rI.roa
Signing time: Thu 02 May 2024 21:23:42 +0000
ROA not before: Thu 02 May 2024 21:23:42 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20026 (0x4e3a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 2 21:23:42 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9986F07B07590811A11789CA5698C4570E69EEB2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:df:2b:ff:74:3f:5a:df:d7:14:81:dd:0d:d2:
fe:7d:f0:71:6f:d3:72:b0:46:36:72:b2:e9:0e:c0:
c3:68:1a:70:42:e6:d9:52:bb:5e:60:6e:d5:dd:e0:
c8:6d:b9:e5:41:1a:cf:a0:ca:19:2f:0a:6b:37:98:
5d:78:e2:18:3f:5d:57:8d:96:6d:48:ef:f3:ec:1e:
c8:37:3d:a4:05:e3:e7:46:75:b3:92:f1:2b:f2:73:
b1:20:5c:92:95:76:c2:14:8c:85:de:fc:52:e6:85:
2f:56:fe:fb:6c:ee:ad:dc:70:17:04:f3:0a:28:f1:
67:d8:87:de:e8:2b:0f:6a:28:00:7c:9c:cd:77:f4:
55:9d:5e:d2:c8:f3:6b:cb:52:7c:7e:ff:b3:6f:9f:
ce:a1:cb:75:d6:a2:a3:be:1e:ad:dd:20:20:73:60:
90:a0:95:66:b5:a3:76:56:aa:4a:eb:1a:b4:9e:4f:
31:ca:13:44:61:1f:41:8d:9d:3b:ac:63:3b:9d:9c:
d2:f7:75:eb:49:13:ac:15:d3:5d:45:a6:68:f6:f6:
6e:4e:bb:83:c6:d8:1b:95:0e:9f:6d:bb:0c:d0:93:
57:3d:a3:6d:8e:69:01:8f:3b:78:18:42:43:3b:5b:
4d:0e:53:27:b7:92:ca:80:37:dc:eb:53:6c:82:23:
30:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:86:F0:7B:07:59:08:11:A1:17:89:CA:56:98:C4:57:0E:69:EE:B2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mYbwewdZCBGhF4nKVpjEVw5p7rI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
12:52:02:21:bd:3d:f9:2c:38:77:e8:7b:77:8a:ce:63:fc:c6:
52:46:6e:e4:7f:40:9e:b6:28:c9:11:61:a6:80:05:f2:9a:b7:
3a:46:17:db:d5:7f:b7:b7:37:4e:07:9b:bc:44:80:4a:04:89:
57:72:e2:2a:93:67:65:be:46:32:7b:78:1a:b9:e1:89:a6:fb:
f2:0e:06:29:4b:a1:4a:8a:7e:1d:df:1b:50:94:82:67:4d:d8:
0f:18:7b:32:2e:f7:3b:84:10:c0:d4:ce:c1:63:59:30:77:18:
f2:f4:85:5e:72:2a:6f:b0:61:dd:e8:0b:cc:c0:b4:43:ce:01:
c8:1e:c0:f1:ce:69:03:98:5f:7e:c0:7c:bb:b3:0b:e3:58:ed:
d5:15:fc:8b:e0:3c:33:49:97:4a:76:30:72:c8:39:56:43:ce:
48:9f:1b:16:98:97:9d:8f:49:98:85:07:25:89:0a:97:97:88:
9b:44:35:91:79:88:90:22:da:42:96:bc:80:43:a0:f8:34:32:
df:73:88:85:21:a4:ee:a0:2d:7d:9b:d5:ef:cb:95:82:df:eb:
b2:13:29:af:7b:5c:55:e6:61:d9:9a:66:17:da:17:76:eb:d9:
99:5c:52:b3:bd:d5:1d:9b:34:ef:a1:eb:a0:12:14:5c:f0:c1:
6c:33:27:b8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTjowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDIy
MTIzNDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDk5ODZGMDdCMDc1OTA4
MTFBMTE3ODlDQTU2OThDNDU3MEU2OUVFQjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDm3yv/dD9a39cUgd0N0v598HFv03KwRjZysukOwMNoGnBC5tlS
u15gbtXd4MhtueVBGs+gyhkvCms3mF144hg/XVeNlm1I7/PsHsg3PaQF4+dGdbOS
8Svyc7EgXJKVdsIUjIXe/FLmhS9W/vts7q3ccBcE8woo8WfYh97oKw9qKAB8nM13
9FWdXtLI82vLUnx+/7Nvn86hy3XWoqO+Hq3dICBzYJCglWa1o3ZWqkrrGrSeTzHK
E0RhH0GNnTusYzudnNL3detJE6wV011Fpmj29m5Ou4PG2BuVDp9tuwzQk1c9o22O
aQGPO3gYQkM7W00OUye3ksqAN9zrU2yCIzAFAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUmYbwewdZCBGhF4nKVpjEVw5p7rIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L21ZYndld2RaQ0JHaEY0
bktWcGpFVnc1cDdySS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAElICIb09+Sw4d+h7d4rOY/zGUkZu5H9A
nrYoyRFhpoAF8pq3OkYX29V/t7c3TgebvESASgSJV3LiKpNnZb5GMnt4Grnhiab7
8g4GKUuhSop+Hd8bUJSCZ03YDxh7Mi73O4QQwNTOwWNZMHcY8vSFXnIqb7Bh3egL
zMC0Q84ByB7A8c5pA5hffsB8u7ML41jt1RX8i+A8M0mXSnYwcsg5VkPOSJ8bFpiX
nY9JmIUHJYkKl5eIm0Q1kXmIkCLaQpa8gEOg+DQy33OIhSGk7qAtfZvV78uVgt/r
shMpr3tcVeZh2ZpmF9oXduvZmVxSs73VHZs076HroBIUXPDBbDMnuA==
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:11:40 2025 by rpki-client