Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qpExDFpn-9ncTXoPalpi9uHNoVQ.roa
File: qpExDFpn-9ncTXoPalpi9uHNoVQ.roa (raw, json)
Hash identifier: +X1QVG/PutFHaR6LXQVI1nzmeVjavz3Uf1ODBqh9XUQ=
Subject key identifier: AA:91:31:0C:5A:67:FB:D9:DC:4D:7A:0F:6A:5A:62:F6:E1:CD:A1:54
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4526
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qpExDFpn-9ncTXoPalpi9uHNoVQ.roa
Signing time: Sat 20 Apr 2024 18:53:29 +0000
ROA not before: Sat 20 Apr 2024 18:53:29 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17702 (0x4526)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 18:53:29 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=AA91310C5A67FBD9DC4D7A0F6A5A62F6E1CDA154
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:7c:50:e9:96:b9:c3:d3:af:20:2e:96:d3:b4:
d8:83:bc:62:95:87:7d:dd:c9:eb:4a:54:8a:d8:3a:
63:6c:1d:64:86:ac:ea:83:9a:9a:2c:99:3f:bc:c3:
f8:c6:65:43:9e:8b:37:7a:30:6c:86:a8:83:10:11:
ea:c0:da:5c:28:3f:6d:55:96:ea:ed:b4:e5:96:e9:
58:5c:fb:88:82:bd:74:6b:be:f7:74:8c:68:11:32:
97:dc:69:48:87:2d:81:8c:54:52:e9:33:91:31:71:
4a:7f:bb:16:ea:8d:92:08:26:9b:69:44:79:92:03:
5e:90:2d:cb:6a:d4:be:94:89:81:a5:4a:0b:f8:3c:
41:eb:04:ee:dc:48:68:3c:1c:e8:2c:b3:b4:8f:52:
44:1f:a6:2d:c5:57:7b:e1:a1:95:45:07:6e:ac:0f:
2c:49:0b:e4:eb:c6:a0:11:c0:ae:f0:bf:bd:cb:41:
db:fd:f4:e5:3b:c7:42:cb:2d:62:3c:74:e3:a8:b6:
ac:fd:16:2b:d8:9d:02:b9:29:88:39:b0:61:2c:33:
86:17:b7:99:47:24:ae:8d:4c:c0:2f:cd:18:d3:eb:
c1:60:76:cb:56:c6:b2:56:be:50:60:71:ae:0f:22:
85:d9:05:c7:a3:48:da:09:08:b4:bc:72:28:83:b9:
a5:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:91:31:0C:5A:67:FB:D9:DC:4D:7A:0F:6A:5A:62:F6:E1:CD:A1:54
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qpExDFpn-9ncTXoPalpi9uHNoVQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b7:ec:55:af:46:24:94:15:3c:47:2c:6b:2b:cc:ea:7e:c9:c8:
25:fa:41:10:67:b8:52:76:ee:c3:d2:4b:b8:3f:aa:f8:02:c0:
a4:d1:da:93:35:ce:83:b3:82:f2:8d:9b:f9:98:37:e1:b1:c7:
66:94:ce:45:46:25:66:15:99:f4:ba:65:8e:a3:8b:db:6f:5e:
10:b1:42:bc:fb:69:b9:8b:3e:8f:bc:62:a9:f7:0d:1e:ec:f7:
02:bb:e9:ea:7d:c9:8b:ab:e9:98:63:cb:6a:ea:cc:2c:41:45:
9c:02:a5:9c:74:6a:83:3d:3b:1c:d0:46:dc:ba:66:46:30:f5:
30:5e:9c:b2:64:13:20:f9:5e:fb:1f:a3:65:c0:b1:16:45:8d:
5b:05:5a:b2:65:57:2f:48:62:6e:e4:06:e1:c3:9c:1b:74:66:
a1:91:ae:54:cc:a1:ca:fd:28:fb:b7:2f:f8:3d:df:2c:b4:76:
81:cc:a4:44:79:d1:60:3b:3c:6c:bf:93:68:4a:e8:85:33:87:
1c:51:bd:2d:b8:81:d4:24:78:99:9a:c8:da:4a:31:f6:28:ff:
1f:f6:2d:1a:0c:51:a3:4d:1c:77:ce:0f:5f:dc:1c:fb:fc:3c:
7f:e1:33:e7:30:0d:24:9b:72:0b:c1:fa:b2:d3:de:f4:ad:7d:
69:7f:59:66
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRSYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAx
ODUzMjlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFBOTEzMTBDNUE2N0ZC
RDlEQzREN0EwRjZBNUE2MkY2RTFDREExNTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwfFDplrnD068gLpbTtNiDvGKVh33dyetKVIrYOmNsHWSGrOqD
mposmT+8w/jGZUOeizd6MGyGqIMQEerA2lwoP21VlurttOWW6Vhc+4iCvXRrvvd0
jGgRMpfcaUiHLYGMVFLpM5ExcUp/uxbqjZIIJptpRHmSA16QLctq1L6UiYGlSgv4
PEHrBO7cSGg8HOgss7SPUkQfpi3FV3vhoZVFB26sDyxJC+TrxqARwK7wv73LQdv9
9OU7x0LLLWI8dOOotqz9FivYnQK5KYg5sGEsM4YXt5lHJK6NTMAvzRjT68FgdstW
xrJWvlBgca4PIoXZBcejSNoJCLS8ciiDuaUlAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUqpExDFpn+9ncTXoPalpi9uHNoVQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FwRXhERnBuLTluY1RY
b1BhbHBpOXVITm9WUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAt+xVr0YklBU8RyxrK8zqfsnIJfpBEGe4
Unbuw9JLuD+q+ALApNHakzXOg7OC8o2b+Zg34bHHZpTORUYlZhWZ9LpljqOL229e
ELFCvPtpuYs+j7xiqfcNHuz3Arvp6n3Ji6vpmGPLaurMLEFFnAKlnHRqgz07HNBG
3LpmRjD1MF6csmQTIPle+x+jZcCxFkWNWwVasmVXL0hibuQG4cOcG3RmoZGuVMyh
yv0o+7cv+D3fLLR2gcykRHnRYDs8bL+TaErohTOHHFG9LbiB1CR4mZrI2kox9ij/
H/YtGgxRo00cd84PX9wc+/w8f+Ez5zANJJtyC8H6stPe9K19aX9ZZg==
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:34:36 2025 by rpki-client