Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wdbrGCqsCtz6srrm9FFq6r9ElKg.roa
File: wdbrGCqsCtz6srrm9FFq6r9ElKg.roa (raw, json)
Hash identifier: v5Yt9/xpnOYL2iPdGhy4sUMRCHfQIWSPkuG1p4buTGI=
Subject key identifier: C1:D6:EB:18:2A:AC:0A:DC:FA:B2:BA:E6:F4:51:6A:EA:BF:44:94:A8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 44BA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wdbrGCqsCtz6srrm9FFq6r9ElKg.roa
Signing time: Sat 20 Apr 2024 05:23:04 +0000
ROA not before: Sat 20 Apr 2024 05:23:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17594 (0x44ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 05:23:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=C1D6EB182AAC0ADCFAB2BAE6F4516AEABF4494A8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:26:a8:07:d1:7a:f3:47:ed:39:c0:ce:9b:9b:
3b:e4:04:9b:29:b8:87:79:d0:55:d3:7b:27:cd:1b:
78:65:d6:b9:b4:65:22:c0:8d:0c:a1:6b:d8:4c:c6:
1c:23:65:cc:23:f6:d0:ef:7b:3c:6a:e0:1f:08:6f:
b1:76:7d:8f:83:59:5f:97:39:c9:fe:ec:2a:22:05:
de:c8:cd:8e:12:36:2b:fe:89:b7:78:32:d1:16:97:
00:2e:6a:4b:50:e3:28:1d:49:2e:9e:cd:8b:f9:c6:
f8:bd:fa:58:86:74:a2:1b:6e:37:da:94:11:bc:56:
97:bb:a8:80:f5:35:c5:1d:c3:8e:97:04:27:8e:ea:
c6:af:2f:5a:bd:a5:c9:fa:9c:50:80:4c:62:42:85:
d4:1c:bf:8e:db:ca:77:43:14:6b:63:4f:bf:77:28:
b1:65:a6:ee:77:13:9e:7c:c6:f0:55:0a:52:84:66:
b5:68:93:a3:d5:e6:4f:19:15:54:2a:ab:1b:d7:70:
89:04:d2:18:a5:92:15:93:18:ee:6f:67:2d:97:13:
e5:4f:ea:d0:ab:54:40:6f:8f:a4:6c:f0:bb:5d:2b:
0d:59:91:9f:27:3b:1c:bc:e6:1c:22:f6:3d:0e:db:
b4:32:7c:05:79:8c:09:cb:7a:a3:d3:89:36:1d:bb:
43:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:D6:EB:18:2A:AC:0A:DC:FA:B2:BA:E6:F4:51:6A:EA:BF:44:94:A8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wdbrGCqsCtz6srrm9FFq6r9ElKg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
61:90:40:3c:4e:75:c5:6b:43:c1:ff:fe:7b:65:9c:23:cf:e9:
a6:0c:b0:93:4c:93:1f:70:82:02:6e:22:3f:fc:b4:9e:eb:32:
7f:4f:fe:41:bc:54:9e:4a:ea:6e:a8:9f:a2:af:35:35:18:36:
da:4e:ed:ae:e7:d6:54:05:ae:f7:27:8c:3f:3f:e0:60:6d:95:
af:2d:08:3c:c7:8e:ed:ac:ee:d7:c6:65:70:0a:12:5a:47:93:
d0:60:13:62:9e:20:32:33:49:ee:bd:6a:72:22:c7:b6:64:d8:
73:81:08:9c:df:65:97:fb:89:30:be:58:10:8c:1e:5c:00:dc:
7b:6e:dd:97:ea:45:52:e1:97:ce:93:89:e6:7f:f7:29:e8:eb:
56:e6:36:7d:66:8e:8b:bd:38:d2:cb:cb:3d:b7:95:67:45:68:
28:f8:5e:ea:08:a5:74:59:78:20:d3:91:1f:a8:b4:99:f8:8c:
c9:bd:56:46:a8:32:df:c2:71:de:9a:63:69:f6:4b:68:38:aa:
d6:08:78:4f:9e:38:f4:76:c2:ea:10:47:0b:06:f1:53:7b:a2:
a4:18:65:c3:98:a4:dd:3b:4f:43:6b:66:01:7c:60:fe:0a:89:
a9:c3:ec:4d:a7:97:47:15:be:ca:7f:1d:8f:a8:d8:1e:81:34:
f1:fe:ab:94
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRLowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAw
NTIzMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEMxRDZFQjE4MkFBQzBB
RENGQUIyQkFFNkY0NTE2QUVBQkY0NDk0QTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWJqgH0XrzR+05wM6bmzvkBJspuId50FXTeyfNG3hl1rm0ZSLA
jQyha9hMxhwjZcwj9tDvezxq4B8Ib7F2fY+DWV+XOcn+7CoiBd7IzY4SNiv+ibd4
MtEWlwAuaktQ4ygdSS6ezYv5xvi9+liGdKIbbjfalBG8Vpe7qID1NcUdw46XBCeO
6savL1q9pcn6nFCATGJChdQcv47byndDFGtjT793KLFlpu53E558xvBVClKEZrVo
k6PV5k8ZFVQqqxvXcIkE0hilkhWTGO5vZy2XE+VP6tCrVEBvj6Rs8LtdKw1ZkZ8n
Oxy85hwi9j0O27QyfAV5jAnLeqPTiTYdu0NlAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUwdbrGCqsCtz6srrm9FFq6r9ElKgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dkYnJHQ3FzQ3R6NnNy
cm05RkZxNnI5RWxLZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAYZBAPE51xWtDwf/+e2WcI8/ppgywk0yT
H3CCAm4iP/y0nusyf0/+QbxUnkrqbqifoq81NRg22k7trufWVAWu9yeMPz/gYG2V
ry0IPMeO7azu18ZlcAoSWkeT0GATYp4gMjNJ7r1qciLHtmTYc4EInN9ll/uJML5Y
EIweXADce27dl+pFUuGXzpOJ5n/3KejrVuY2fWaOi7040svLPbeVZ0VoKPhe6gil
dFl4INORH6i0mfiMyb1WRqgy38Jx3ppjafZLaDiq1gh4T5449HbC6hBHCwbxU3ui
pBhlw5ik3TtPQ2tmAXxg/gqJqcPsTaeXRxW+yn8dj6jYHoE08f6rlA==
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:22:59 2025 by rpki-client