Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oqLV5hfW0Y2_s8q-FLNFJRBhgr8.roa
File: oqLV5hfW0Y2_s8q-FLNFJRBhgr8.roa (raw, json)
Hash identifier: UBNN5qhrnU8ErlTxEMvTSncURHbm3RNipLI3hbwBrs4=
Subject key identifier: A2:A2:D5:E6:17:D6:D1:8D:BF:B3:CA:BE:14:B3:45:25:10:61:82:BF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5412
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oqLV5hfW0Y2_s8q-FLNFJRBhgr8.roa
Signing time: Fri 10 May 2024 16:24:03 +0000
ROA not before: Fri 10 May 2024 16:24:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21522 (0x5412)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 16:24:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A2A2D5E617D6D18DBFB3CABE14B34525106182BF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:0b:d7:c8:99:69:e9:15:60:4a:25:90:76:cc:
aa:cc:47:37:cc:c6:6e:a0:99:74:d3:cc:c5:7c:05:
95:94:69:7e:1d:10:e5:49:02:f1:ab:c6:35:cd:ec:
78:f1:88:22:be:32:44:e9:cf:64:c6:9c:51:b8:5c:
d0:67:3a:36:1d:f8:dc:9d:ca:cd:db:7f:0d:14:c2:
90:a2:f2:57:43:91:89:7d:bb:a3:b9:8b:fb:7e:5c:
15:c3:7c:ee:22:1d:e1:c4:d1:ca:31:47:52:79:9d:
1e:8a:4f:b3:98:3f:88:88:a6:cb:29:18:ef:c8:08:
05:3a:f1:f1:ad:f1:05:12:5f:37:6d:71:69:dd:b8:
a1:e6:b2:c4:df:d1:2b:f0:f9:83:bb:63:df:9a:4c:
c4:d6:51:e7:8b:d3:14:9b:2b:05:01:0d:15:15:9d:
c0:90:c1:1d:6b:ec:5d:e8:67:3b:7e:f7:62:f2:25:
66:56:2a:b2:61:60:71:cc:7d:5b:12:ec:85:f5:b3:
f7:ce:fb:66:b4:77:5c:4f:03:67:84:94:6b:ba:00:
35:fb:85:63:cb:33:a7:3f:c9:5f:9c:2f:7c:ec:fe:
d7:5d:23:07:18:06:d7:fb:a3:9f:66:ec:91:6c:bd:
6c:1b:bd:bd:ab:e3:6e:ef:79:c4:f5:c9:f6:b2:ec:
0c:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:A2:D5:E6:17:D6:D1:8D:BF:B3:CA:BE:14:B3:45:25:10:61:82:BF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oqLV5hfW0Y2_s8q-FLNFJRBhgr8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
01:43:09:28:57:46:dc:34:a1:9d:bb:06:07:7d:d2:d7:1a:68:
0a:ae:db:37:b9:74:15:1a:b8:b4:65:d7:01:52:b9:bd:0d:a5:
6d:83:2f:fe:a2:5d:40:19:bf:df:b1:c1:12:e9:c5:63:09:65:
0e:ff:fa:54:e8:83:de:bd:7b:0d:82:82:81:cf:9c:40:55:06:
4a:e1:32:a7:f2:79:27:a4:20:6d:8e:a1:67:57:75:d7:50:54:
85:a5:74:ac:04:bd:d7:25:e4:89:60:d7:5e:37:2c:81:6e:02:
94:96:e3:cf:b5:28:fd:70:64:d4:7b:b7:78:51:20:65:77:ee:
46:07:c9:75:12:b8:5e:46:e5:d3:64:99:66:55:08:13:45:4e:
4b:4d:67:8f:92:ab:64:7a:9f:44:12:f5:42:5e:f9:69:3d:e0:
bd:0d:6d:97:84:15:24:4c:26:87:c1:15:dd:97:bd:6a:ba:aa:
a9:ea:ac:db:51:76:8f:1a:ef:b6:6f:92:77:1f:de:f7:f3:eb:
90:2b:bb:9f:d1:c3:07:4b:51:b4:c3:36:80:c3:70:3b:cf:aa:
9f:2d:6c:9f:84:36:9c:5c:49:2d:b7:9b:89:cc:fb:67:d4:5d:
b4:16:d6:37:02:b8:dd:a0:d4:a8:a8:77:be:e5:8a:08:54:d8:
d0:42:c5:b4
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVBIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAx
NjI0MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEyQTJENUU2MTdENkQx
OERCRkIzQ0FCRTE0QjM0NTI1MTA2MTgyQkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/C9fImWnpFWBKJZB2zKrMRzfMxm6gmXTTzMV8BZWUaX4dEOVJ
AvGrxjXN7HjxiCK+MkTpz2TGnFG4XNBnOjYd+Nydys3bfw0UwpCi8ldDkYl9u6O5
i/t+XBXDfO4iHeHE0coxR1J5nR6KT7OYP4iIpsspGO/ICAU68fGt8QUSXzdtcWnd
uKHmssTf0Svw+YO7Y9+aTMTWUeeL0xSbKwUBDRUVncCQwR1r7F3oZzt+92LyJWZW
KrJhYHHMfVsS7IX1s/fO+2a0d1xPA2eElGu6ADX7hWPLM6c/yV+cL3zs/tddIwcY
Btf7o59m7JFsvWwbvb2r427vecT1yfay7AwZAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUoqLV5hfW0Y2/s8q+FLNFJRBhgr8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29xTFY1aGZXMFkyX3M4
cS1GTE5GSlJCaGdyOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAAUMJKFdG3DShnbsGB33S1xpoCq7bN7l0
FRq4tGXXAVK5vQ2lbYMv/qJdQBm/37HBEunFYwllDv/6VOiD3r17DYKCgc+cQFUG
SuEyp/J5J6QgbY6hZ1d111BUhaV0rAS91yXkiWDXXjcsgW4ClJbjz7Uo/XBk1Hu3
eFEgZXfuRgfJdRK4Xkbl02SZZlUIE0VOS01nj5KrZHqfRBL1Ql75aT3gvQ1tl4QV
JEwmh8EV3Ze9arqqqeqs21F2jxrvtm+Sdx/e9/PrkCu7n9HDB0tRtMM2gMNwO8+q
ny1sn4Q2nFxJLbebicz7Z9RdtBbWNwK43aDUqKh3vuWKCFTY0ELFtA==
-----END CERTIFICATE-----
Generated at Sat Jun 21 02:08:01 2025 by rpki-client