Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tN8h5TKhsqxL5O844OWhF5_6op4.roa
File: tN8h5TKhsqxL5O844OWhF5_6op4.roa (raw, json)
Hash identifier: vWfFGXbxoW+HnIrHSbZyey5wLMTAc7XFTLdeINViJqQ=
Subject key identifier: B4:DF:21:E5:32:A1:B2:AC:4B:E4:EF:38:E0:E5:A1:17:9F:FA:A2:9E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 56FA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tN8h5TKhsqxL5O844OWhF5_6op4.roa
Signing time: Tue 14 May 2024 13:24:09 +0000
ROA not before: Tue 14 May 2024 13:24:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22266 (0x56fa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 13:24:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B4DF21E532A1B2AC4BE4EF38E0E5A1179FFAA29E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:95:50:46:27:d5:83:68:40:db:0b:3e:f9:64:
77:94:8f:d6:ce:f7:02:69:0c:e2:b3:be:f9:1e:c0:
40:d3:61:a2:25:c7:6f:8c:9e:87:0e:5e:f0:44:38:
6e:e7:0b:d5:cd:4e:13:c4:15:9b:42:d5:f6:54:8c:
77:c1:74:5c:70:cb:84:4c:58:85:82:e0:31:fd:ff:
3c:02:65:1d:08:af:76:c7:6b:a0:5a:30:63:f4:70:
67:79:ea:ac:5b:ad:d3:50:0d:6c:bc:06:86:66:6c:
d5:df:fd:93:4c:e2:0c:2e:52:d6:10:09:03:44:e6:
92:a7:23:0a:f6:cc:50:b6:df:04:9e:08:ef:de:5d:
cf:38:a9:90:f7:93:48:61:4b:f1:98:75:75:de:69:
70:b7:ca:00:de:a3:e0:f9:4d:f4:52:42:27:3d:23:
01:d8:12:1c:61:34:c3:12:2e:a4:b2:2e:ab:24:9a:
2a:f8:be:7e:0c:ae:60:49:b5:44:d9:c9:3f:64:84:
8d:6a:d6:36:4f:91:83:ba:18:dc:5d:f8:ca:90:f4:
87:23:48:7d:c0:eb:ff:ae:3a:4b:d9:8d:79:c6:75:
29:7d:c1:66:5b:bb:44:be:33:ea:67:6c:f4:cd:0e:
b8:c4:53:bd:9c:d2:b6:0a:52:f7:de:6d:e1:8e:ac:
20:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:DF:21:E5:32:A1:B2:AC:4B:E4:EF:38:E0:E5:A1:17:9F:FA:A2:9E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tN8h5TKhsqxL5O844OWhF5_6op4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
07:f3:c3:70:51:38:ba:20:ad:1e:d1:ff:22:df:65:96:6a:c3:
ad:ec:73:72:a7:ac:7c:17:c8:c8:78:c3:2b:8b:32:d9:df:e5:
94:ff:6e:3c:16:04:3c:e6:81:02:eb:05:50:e9:46:52:28:08:
c9:e0:ac:5e:1c:8f:d2:20:31:18:72:31:e0:06:df:62:e0:74:
48:ab:bb:3d:59:5c:97:44:48:0c:66:de:97:4a:62:af:38:4c:
35:d0:43:b4:77:4c:23:b1:38:53:59:8b:73:e2:3b:0a:c3:ca:
ff:47:50:f3:c3:92:4b:4c:78:92:17:d7:4c:a8:81:34:3f:83:
7c:aa:41:b5:2e:2d:3a:a5:bf:24:40:2a:6c:f4:7d:f6:ef:f3:
4c:b7:7e:89:d2:b6:81:56:80:de:1b:ea:e1:59:e8:42:46:65:
76:35:3e:74:8e:7f:0b:16:a0:c8:48:a1:da:73:3c:23:cc:5c:
7d:11:1a:32:2f:72:37:00:c7:12:58:de:c6:a0:48:4a:a1:8b:
e3:97:cf:18:bc:8c:f3:56:a9:85:b5:1c:83:47:05:d2:eb:4a:
43:05:68:bd:1e:60:ac:11:0f:53:47:85:c8:76:42:58:79:40:
ec:38:89:c9:ee:a1:f2:dc:95:dc:5e:09:46:36:6c:69:61:bb:
ca:97:2f:3d
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVvowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQx
MzI0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI0REYyMUU1MzJBMUIy
QUM0QkU0RUYzOEUwRTVBMTE3OUZGQUEyOUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJlVBGJ9WDaEDbCz75ZHeUj9bO9wJpDOKzvvkewEDTYaIlx2+M
nocOXvBEOG7nC9XNThPEFZtC1fZUjHfBdFxwy4RMWIWC4DH9/zwCZR0Ir3bHa6Ba
MGP0cGd56qxbrdNQDWy8BoZmbNXf/ZNM4gwuUtYQCQNE5pKnIwr2zFC23wSeCO/e
Xc84qZD3k0hhS/GYdXXeaXC3ygDeo+D5TfRSQic9IwHYEhxhNMMSLqSyLqskmir4
vn4MrmBJtUTZyT9khI1q1jZPkYO6GNxd+MqQ9IcjSH3A6/+uOkvZjXnGdSl9wWZb
u0S+M+pnbPTNDrjEU72c0rYKUvfebeGOrCCBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUtN8h5TKhsqxL5O844OWhF5/6op4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ROOGg1VEtoc3F4TDVP
ODQ0T1doRjVfNm9wNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAB/PDcFE4uiCtHtH/It9llmrDrexzcqes
fBfIyHjDK4sy2d/llP9uPBYEPOaBAusFUOlGUigIyeCsXhyP0iAxGHIx4AbfYuB0
SKu7PVlcl0RIDGbel0pirzhMNdBDtHdMI7E4U1mLc+I7CsPK/0dQ88OSS0x4khfX
TKiBND+DfKpBtS4tOqW/JEAqbPR99u/zTLd+idK2gVaA3hvq4VnoQkZldjU+dI5/
CxagyEih2nM8I8xcfREaMi9yNwDHEljexqBISqGL45fPGLyM81aphbUcg0cF0utK
QwVovR5grBEPU0eFyHZCWHlA7DiJye6h8tyV3F4JRjZsaWG7ypcvPQ==
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:01:01 2025 by rpki-client