Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/y7Q63n5v2n1dsoMFLyF1ObNaCBk.roa
File: y7Q63n5v2n1dsoMFLyF1ObNaCBk.roa (raw, json)
Hash identifier: gVVTIX6NI6eSaYftNntCieIP6c3UoQyfSQ7M11pn2q4=
Subject key identifier: CB:B4:3A:DE:7E:6F:DA:7D:5D:B2:83:05:2F:21:75:39:B3:5A:08:19
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 512E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/y7Q63n5v2n1dsoMFLyF1ObNaCBk.roa
Signing time: Mon 06 May 2024 19:53:52 +0000
ROA not before: Mon 06 May 2024 19:53:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20782 (0x512e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 19:53:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CBB43ADE7E6FDA7D5DB283052F217539B35A0819
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:64:90:4f:78:5d:98:3f:53:f5:03:0f:09:e8:
e2:16:5e:7b:49:36:c9:20:3f:c0:ba:48:c2:b7:aa:
cc:aa:c8:94:96:60:ac:25:38:1c:19:85:ed:84:56:
62:db:96:b4:8e:d3:ed:05:40:de:46:60:c5:91:1b:
81:a3:9e:56:2c:a1:3e:4c:3e:6e:b8:9b:25:31:9e:
88:91:24:8c:16:87:bb:cf:5f:51:71:d0:b3:1e:5d:
7c:3e:64:2a:ce:fa:53:35:eb:a8:0d:b9:68:4d:d3:
c2:5a:e9:ef:65:b5:0e:38:e5:ab:63:be:af:67:ad:
b5:e3:24:86:03:11:01:9b:ed:41:87:b0:31:2e:42:
38:b6:f6:29:a4:82:f0:d4:e5:f4:be:90:6c:12:f4:
02:5c:7d:9b:96:e5:b6:83:b7:73:f1:e8:24:77:97:
13:cf:a7:2f:4f:40:7e:e0:31:91:df:1e:96:36:c2:
94:0c:31:7c:a2:e8:3e:1b:06:f5:ee:e8:59:c5:a9:
a8:2e:da:89:56:7d:2e:a6:9d:68:a2:3e:3c:9a:06:
87:02:b1:b1:c7:60:54:6e:2f:88:c7:7c:4f:49:71:
05:e9:7a:89:bb:4b:86:aa:13:cc:96:e7:9a:5c:d0:
1a:6e:2f:36:12:ce:aa:50:3c:f2:39:38:07:68:a8:
d5:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:B4:3A:DE:7E:6F:DA:7D:5D:B2:83:05:2F:21:75:39:B3:5A:08:19
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/y7Q63n5v2n1dsoMFLyF1ObNaCBk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1c:25:e3:72:2c:c6:d0:e0:0a:1e:9b:71:e2:91:f0:cd:ca:a8:
be:45:7f:0c:38:13:c4:3e:96:28:bc:a5:5b:b0:bc:a4:58:ed:
3b:5b:d0:2b:07:f1:bf:af:d8:6e:e0:60:0e:da:96:06:09:a2:
8e:e6:82:3d:85:e3:68:38:98:d2:f6:77:16:fc:bd:c6:27:17:
c0:78:86:07:5e:e0:e2:47:70:a5:ff:d9:97:de:75:3e:c1:c9:
a2:63:a9:87:01:fb:ba:ad:8f:8c:29:30:1b:92:df:d4:10:5e:
ad:51:e5:5a:c8:e5:8e:1f:ff:ac:f7:f6:37:b0:63:13:cd:c4:
16:28:69:14:5b:0b:52:a0:8a:3b:ad:c2:8c:90:6e:d6:14:c0:
fa:f8:aa:48:59:83:8f:b8:6b:52:fb:ce:63:ba:b1:88:b4:33:
3a:19:57:f7:f3:94:74:6c:cc:93:79:a7:84:87:7d:61:a0:16:
45:fd:b6:6f:0c:71:d3:dc:67:c4:28:35:ee:5b:07:b6:1a:a1:
5e:de:aa:02:25:fc:fe:0b:9f:6f:df:72:2d:cb:9a:ff:08:90:
2a:28:ea:fa:9f:82:71:25:ac:ce:67:49:37:3d:c0:ab:15:83:
8b:56:c5:ed:ef:37:57:2e:df:24:35:aa:30:e1:d4:4b:62:72:
c4:ce:d7:1f
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICUS4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYx
OTUzNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENCQjQzQURFN0U2RkRB
N0Q1REIyODMwNTJGMjE3NTM5QjM1QTA4MTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3ZJBPeF2YP1P1Aw8J6OIWXntJNskgP8C6SMK3qsyqyJSWYKwl
OBwZhe2EVmLblrSO0+0FQN5GYMWRG4GjnlYsoT5MPm64myUxnoiRJIwWh7vPX1Fx
0LMeXXw+ZCrO+lM166gNuWhN08Ja6e9ltQ445atjvq9nrbXjJIYDEQGb7UGHsDEu
Qji29imkgvDU5fS+kGwS9AJcfZuW5baDt3Px6CR3lxPPpy9PQH7gMZHfHpY2wpQM
MXyi6D4bBvXu6FnFqagu2olWfS6mnWiiPjyaBocCsbHHYFRuL4jHfE9JcQXpeom7
S4aqE8yW55pc0BpuLzYSzqpQPPI5OAdoqNXFAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUy7Q63n5v2n1dsoMFLyF1ObNaCBkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3k3UTYzbjV2Mm4xZHNv
TUZMeUYxT2JOYUNCay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAHCXjcizG0OAKHptx4pHwzcqovkV/DDgT
xD6WKLylW7C8pFjtO1vQKwfxv6/YbuBgDtqWBgmijuaCPYXjaDiY0vZ3Fvy9xicX
wHiGB17g4kdwpf/Zl951PsHJomOphwH7uq2PjCkwG5Lf1BBerVHlWsjljh//rPf2
N7BjE83EFihpFFsLUqCKO63CjJBu1hTA+viqSFmDj7hrUvvOY7qxiLQzOhlX9/OU
dGzMk3mnhId9YaAWRf22bwxx09xnxCg17lsHthqhXt6qAiX8/gufb99yLcua/wiQ
Kijq+p+CcSWszmdJNz3AqxWDi1bF7e83Vy7fJDWqMOHUS2JyxM7XHw==
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:55:14 2025 by rpki-client