Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wL1qpZuqnGXx1lPg92ZwKYXQonY.roa
File: wL1qpZuqnGXx1lPg92ZwKYXQonY.roa (raw, json)
Hash identifier: 1lS8yeUqcOIPhb7JOuxmsjVLwTj3ifD86FPQLBhzuMA=
Subject key identifier: C0:BD:6A:A5:9B:AA:9C:65:F1:D6:53:E0:F7:66:70:29:85:D0:A2:76
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 47A2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wL1qpZuqnGXx1lPg92ZwKYXQonY.roa
Signing time: Wed 24 Apr 2024 02:23:16 +0000
ROA not before: Wed 24 Apr 2024 02:23:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18338 (0x47a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 02:23:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C0BD6AA59BAA9C65F1D653E0F766702985D0A276
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:f0:5f:b8:78:f8:dc:82:c8:5d:74:e8:a0:9a:
a3:2a:65:0c:9b:e5:8a:29:1b:9c:eb:b7:4d:05:7d:
4b:07:8e:a8:d1:36:dc:e3:3d:8f:e9:7c:e1:82:63:
31:11:0b:f9:c7:70:c9:4d:68:44:ef:8e:cc:da:8e:
ac:6d:39:d7:8c:24:03:94:1e:84:e3:91:c6:49:38:
fc:7d:e3:7f:78:f8:21:1d:51:91:ed:de:48:13:1b:
65:7a:b8:3a:92:51:f9:c4:11:68:36:71:04:c8:77:
0e:45:9a:33:dd:f0:c0:cd:ea:94:ea:91:76:45:c0:
d3:c2:9c:a6:12:50:23:28:f6:4a:7e:16:53:b0:a1:
75:be:56:97:7e:f4:ab:e8:b3:5f:52:38:69:a6:fc:
30:75:eb:7d:a7:f3:a2:05:53:d5:08:e9:72:5d:db:
64:06:4c:9c:04:11:33:45:9f:5f:86:e9:8a:2c:f3:
32:f2:b8:42:29:37:07:bf:4c:69:4b:ea:2c:c1:85:
e7:24:c5:93:0a:95:66:fb:cd:63:08:f1:cd:9a:bb:
0f:3f:25:6b:45:10:e4:18:22:55:f5:27:bf:d2:9a:
e5:f9:96:0a:e7:f3:19:80:ae:ad:21:cb:41:8f:09:
4f:93:12:d5:d9:3a:38:d6:23:68:61:1b:ec:93:cf:
a1:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:BD:6A:A5:9B:AA:9C:65:F1:D6:53:E0:F7:66:70:29:85:D0:A2:76
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wL1qpZuqnGXx1lPg92ZwKYXQonY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
37:72:50:d4:a5:0d:ae:e6:7a:99:06:fa:b8:6b:18:07:04:1c:
dd:90:02:60:e3:6a:e2:8f:dc:d3:70:03:62:d0:77:38:5e:80:
c1:31:60:70:27:36:91:d6:19:a1:4b:03:c1:61:d0:24:e5:7a:
5f:b6:d7:fb:3f:b7:a8:c1:b8:12:b8:a9:bd:b4:b9:f5:37:e8:
bc:1e:67:ee:ea:d2:2f:a7:06:f5:d8:f7:a9:52:70:13:62:47:
f1:77:59:cf:c9:70:35:db:02:98:dc:68:a3:0a:7d:b1:2f:5b:
06:e5:d1:47:eb:ac:5d:d6:ed:7f:15:93:3f:d5:29:25:a6:4c:
1d:22:ed:c7:84:a4:26:b8:ac:ef:e1:da:1e:9f:64:67:df:e5:
de:25:9a:a1:5f:c4:52:93:26:53:c3:67:91:80:9a:6e:a6:57:
2f:3d:cc:d9:7c:5c:8e:92:b5:66:c1:f8:0f:68:f8:c9:95:c4:
12:0a:7e:c7:fc:2b:3e:02:81:64:5b:a7:7f:ce:7b:9a:9b:bf:
9b:e7:aa:d2:86:e3:4d:f5:9f:48:b2:9c:d2:a6:d1:c4:59:ff:
a3:a0:a8:5a:2a:6c:87:b3:6b:03:ea:3a:4a:3f:26:bc:10:7d:
c7:0f:55:50:f2:e2:ee:70:ba:7c:d4:2c:d1:12:3b:75:68:08:
74:d5:a8:98
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICR6IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQw
MjIzMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEMwQkQ2QUE1OUJBQTlD
NjVGMUQ2NTNFMEY3NjY3MDI5ODVEMEEyNzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDa8F+4ePjcgshddOigmqMqZQyb5YopG5zrt00FfUsHjqjRNtzj
PY/pfOGCYzERC/nHcMlNaETvjszajqxtOdeMJAOUHoTjkcZJOPx94394+CEdUZHt
3kgTG2V6uDqSUfnEEWg2cQTIdw5FmjPd8MDN6pTqkXZFwNPCnKYSUCMo9kp+FlOw
oXW+Vpd+9Kvos19SOGmm/DB1632n86IFU9UI6XJd22QGTJwEETNFn1+G6Yos8zLy
uEIpNwe/TGlL6izBheckxZMKlWb7zWMI8c2auw8/JWtFEOQYIlX1J7/SmuX5lgrn
8xmArq0hy0GPCU+TEtXZOjjWI2hhG+yTz6EDAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUwL1qpZuqnGXx1lPg92ZwKYXQonYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dMMXFwWnVxbkdYeDFs
UGc5Mlp3S1lYUW9uWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAN3JQ1KUNruZ6mQb6uGsYBwQc3ZACYONq
4o/c03ADYtB3OF6AwTFgcCc2kdYZoUsDwWHQJOV6X7bX+z+3qMG4EripvbS59Tfo
vB5n7urSL6cG9dj3qVJwE2JH8XdZz8lwNdsCmNxoowp9sS9bBuXRR+usXdbtfxWT
P9UpJaZMHSLtx4SkJris7+HaHp9kZ9/l3iWaoV/EUpMmU8NnkYCabqZXLz3M2Xxc
jpK1ZsH4D2j4yZXEEgp+x/wrPgKBZFunf857mpu/m+eq0objTfWfSLKc0qbRxFn/
o6CoWipsh7NrA+o6Sj8mvBB9xw9VUPLi7nC6fNQs0RI7dWgIdNWomA==
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:15:28 2025 by rpki-client