Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qMoHmyG8w2D5sZZi-kGsjFQeBw8.roa
File: qMoHmyG8w2D5sZZi-kGsjFQeBw8.roa (raw, json)
Hash identifier: 1IyTPsn5CeCTTFeXu0qlVCbDTVFMQkWBSGei9Cofs+M=
Subject key identifier: A8:CA:07:9B:21:BC:C3:60:F9:B1:96:62:FA:41:AC:8C:54:1E:07:0F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 33CE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qMoHmyG8w2D5sZZi-kGsjFQeBw8.roa
Signing time: Thu 28 Mar 2024 15:52:02 +0000
ROA not before: Thu 28 Mar 2024 15:52:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13262 (0x33ce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 15:52:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A8CA079B21BCC360F9B19662FA41AC8C541E070F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:3b:18:bd:bc:49:c8:0d:02:b1:d2:07:bd:41:
19:3c:b7:2c:91:f7:8f:2a:d0:1a:94:86:72:40:c2:
fa:74:c9:de:d4:39:d9:af:11:8c:17:bc:85:cf:e1:
ee:71:7a:de:32:89:76:d2:ad:4d:e5:9f:16:c2:7e:
8f:e9:5f:32:f6:96:46:15:77:77:de:59:4f:c6:56:
41:97:29:e5:f4:46:70:0a:a2:8f:f0:4d:b8:86:a0:
ab:f0:4d:92:a0:c6:82:10:79:ea:44:c9:4a:f7:cf:
ba:2d:72:4d:bd:8e:9b:e7:98:68:48:9f:37:12:29:
26:0e:87:c4:4f:fd:24:90:75:4a:23:b8:66:f2:46:
c3:ed:25:cf:65:b8:e9:8a:e4:77:dd:fa:3f:5f:6d:
f2:77:30:0a:2f:a9:d9:5b:68:93:65:0e:69:4c:71:
bc:1b:3f:cb:73:c8:d0:d4:a4:4f:22:ef:db:ed:cf:
c0:bc:ad:66:ba:7c:29:84:f6:48:8a:3c:44:07:dd:
50:18:50:14:44:56:ae:8b:21:d9:04:3b:cb:93:4d:
f1:c6:6d:8a:9a:a2:2f:94:f5:5b:ba:f8:9c:19:6f:
92:09:27:ed:3a:91:45:d6:30:8b:44:3a:56:b8:72:
b5:93:73:d0:53:c1:b2:a7:b9:c1:53:98:98:ee:69:
3f:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:CA:07:9B:21:BC:C3:60:F9:B1:96:62:FA:41:AC:8C:54:1E:07:0F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qMoHmyG8w2D5sZZi-kGsjFQeBw8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
44:c4:d8:fb:06:ea:54:2b:80:87:6c:dd:75:f4:2a:85:19:2c:
f2:67:da:58:0d:af:67:f8:52:7b:bf:e9:6d:47:1a:c2:bc:b3:
7a:85:ed:a5:7a:74:df:59:06:04:6f:bb:85:de:6a:03:5b:c6:
bd:bd:3e:05:dd:83:4a:0e:60:02:b3:6b:27:c1:6c:bd:bd:df:
c6:52:63:08:ed:49:1e:58:f4:ca:c7:57:6b:b9:a1:79:2c:24:
82:94:18:c9:d4:c2:88:95:a3:ee:12:81:c4:47:d7:88:7d:4e:
ad:a4:dd:38:ab:f0:56:08:17:3d:da:72:98:96:48:eb:5f:71:
29:62:9f:7c:eb:cb:1d:56:65:76:04:94:47:ff:6d:18:90:5b:
cb:99:50:c8:bc:71:5e:8a:68:0e:42:af:39:0a:35:ff:cd:b6:
93:82:44:9f:b7:c3:71:21:c2:5d:0d:90:5c:50:c5:b5:8b:5f:
d7:3d:70:2e:11:6d:ce:ec:5c:91:00:fa:d8:a8:94:58:e9:c3:
42:62:11:3d:0d:01:e5:f2:e3:f1:2b:cc:d3:a8:6b:18:3e:42:
f2:ad:9e:14:0d:d5:12:95:09:a1:e2:a3:b6:39:81:33:31:2a:
ec:0e:37:09:0e:45:18:67:82:63:31:e6:7d:68:46:47:bd:be:
65:77:26:ab
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICM84wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgx
NTUyMDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE4Q0EwNzlCMjFCQ0Mz
NjBGOUIxOTY2MkZBNDFBQzhDNTQxRTA3MEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDyOxi9vEnIDQKx0ge9QRk8tyyR948q0BqUhnJAwvp0yd7UOdmv
EYwXvIXP4e5xet4yiXbSrU3lnxbCfo/pXzL2lkYVd3feWU/GVkGXKeX0RnAKoo/w
TbiGoKvwTZKgxoIQeepEyUr3z7otck29jpvnmGhInzcSKSYOh8RP/SSQdUojuGby
RsPtJc9luOmK5Hfd+j9fbfJ3MAovqdlbaJNlDmlMcbwbP8tzyNDUpE8i79vtz8C8
rWa6fCmE9kiKPEQH3VAYUBREVq6LIdkEO8uTTfHGbYqaoi+U9Vu6+JwZb5IJJ+06
kUXWMItEOla4crWTc9BTwbKnucFTmJjuaT8BAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUqMoHmyG8w2D5sZZi+kGsjFQeBw8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FNb0hteUc4dzJENXNa
Wmkta0dzakZRZUJ3OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEARMTY+wbqVCuAh2zddfQqhRks8mfaWA2v
Z/hSe7/pbUcawryzeoXtpXp031kGBG+7hd5qA1vGvb0+Bd2DSg5gArNrJ8Fsvb3f
xlJjCO1JHlj0ysdXa7mheSwkgpQYydTCiJWj7hKBxEfXiH1OraTdOKvwVggXPdpy
mJZI619xKWKffOvLHVZldgSUR/9tGJBby5lQyLxxXopoDkKvOQo1/822k4JEn7fD
cSHCXQ2QXFDFtYtf1z1wLhFtzuxckQD62KiUWOnDQmIRPQ0B5fLj8SvM06hrGD5C
8q2eFA3VEpUJoeKjtjmBMzEq7A43CQ5FGGeCYzHmfWhGR72+ZXcmqw==
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:18:47 2025 by rpki-client