Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zfMRVnUHNMrMGuOQAqkISnWA0pE.roa
File: zfMRVnUHNMrMGuOQAqkISnWA0pE.roa (raw, json)
Hash identifier: TFCu+ruk5XC8fmdfTKSi2IUkQdMS88nEDn+1ywTFxRs=
Subject key identifier: CD:F3:11:56:75:07:34:CA:CC:1A:E3:90:02:A9:08:4A:75:80:D2:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4856
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zfMRVnUHNMrMGuOQAqkISnWA0pE.roa
Signing time: Thu 25 Apr 2024 00:53:16 +0000
ROA not before: Thu 25 Apr 2024 00:53:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18518 (0x4856)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 25 00:53:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CDF31156750734CACC1AE39002A9084A7580D291
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:d6:50:3c:11:b0:27:79:de:47:e5:47:77:4e:
7a:1c:05:ca:53:1d:24:49:2d:1a:28:c7:09:42:fc:
95:bf:95:e4:ed:88:dd:a0:90:3a:ab:9b:1f:49:6b:
e7:e6:2b:7e:5f:24:63:e4:eb:b5:53:cc:af:1b:3c:
94:ab:60:2a:98:68:aa:f7:a6:7a:9b:be:35:36:8a:
a0:6b:55:8d:d0:dd:01:18:c6:84:cd:f4:d6:e5:8f:
4e:e5:67:79:6f:db:9b:fc:4e:7d:b8:30:3c:8a:82:
b4:9c:05:a5:b7:33:65:75:d9:1c:b1:e8:f8:a6:01:
d6:80:78:6d:19:73:18:b7:ac:66:e2:67:1c:19:bc:
b6:8b:05:e8:95:41:73:4b:42:eb:4f:6d:6f:a2:c2:
3f:79:f1:b4:02:58:ea:49:f2:67:87:07:e5:bb:6f:
21:a4:3c:91:cb:23:dc:24:70:ae:28:9b:e2:c7:cf:
0e:be:29:1b:48:d6:fe:a3:ac:ed:c8:4a:81:a0:11:
7b:eb:d7:ba:1d:8d:3d:7c:03:75:20:aa:c9:53:47:
6d:2d:1e:8b:b4:73:5a:28:9f:12:be:6a:af:11:29:
4d:19:53:1b:82:b7:b7:6b:ce:35:a5:cf:6b:1f:2c:
e2:11:09:a6:0c:6c:ce:3d:8b:2e:61:08:af:26:54:
58:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:F3:11:56:75:07:34:CA:CC:1A:E3:90:02:A9:08:4A:75:80:D2:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zfMRVnUHNMrMGuOQAqkISnWA0pE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3f:de:fc:dc:a1:dd:69:6e:2f:e3:d7:3a:ef:b1:cb:cf:72:81:
e1:2c:23:39:15:79:f0:63:90:58:ee:5c:79:78:1d:47:71:d9:
73:18:f8:3a:1c:5d:e0:c9:ba:30:c7:03:b9:f1:e0:e3:19:8d:
d5:ca:06:00:61:af:fb:d9:c0:07:80:29:11:61:a3:0a:0b:92:
e7:de:13:b4:1c:2b:ec:d5:37:28:e9:07:04:72:1a:ff:2f:c8:
8d:ba:96:4b:bf:52:f6:45:df:88:9c:e4:1f:45:39:c0:78:74:
c4:12:73:ad:a5:e0:ea:22:08:de:b3:6a:49:93:27:7d:c0:bb:
2c:0e:cd:07:f5:f6:58:b0:ab:45:69:c0:6c:08:44:6a:1b:e4:
dc:57:36:9e:9a:26:99:fd:b4:eb:4e:6a:13:9f:4b:02:1e:1a:
3f:f1:4f:b4:75:e1:67:c0:7f:52:f4:41:9b:af:bc:ea:36:78:
1c:b2:db:71:f7:93:d8:c3:41:4d:5e:82:57:77:c7:ba:b7:94:
ff:29:b9:7f:05:26:25:37:b8:60:23:ab:3b:a2:43:1a:6f:c7:
af:1f:fd:be:f3:81:e7:cb:86:f3:f9:a3:d9:17:81:c3:2d:ed:
91:d8:6d:0e:cc:c8:55:5c:1e:82:ef:39:2d:44:0d:d9:3c:4d:
60:52:74:69
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSFYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjUw
MDUzMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENERjMxMTU2NzUwNzM0
Q0FDQzFBRTM5MDAyQTkwODRBNzU4MEQyOTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/1lA8EbAned5H5Ud3TnocBcpTHSRJLRooxwlC/JW/leTtiN2g
kDqrmx9Ja+fmK35fJGPk67VTzK8bPJSrYCqYaKr3pnqbvjU2iqBrVY3Q3QEYxoTN
9Nblj07lZ3lv25v8Tn24MDyKgrScBaW3M2V12Ryx6PimAdaAeG0Zcxi3rGbiZxwZ
vLaLBeiVQXNLQutPbW+iwj958bQCWOpJ8meHB+W7byGkPJHLI9wkcK4om+LHzw6+
KRtI1v6jrO3ISoGgEXvr17odjT18A3UgqslTR20tHou0c1oonxK+aq8RKU0ZUxuC
t7drzjWlz2sfLOIRCaYMbM49iy5hCK8mVFjfAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUzfMRVnUHNMrMGuOQAqkISnWA0pEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pmTVJWblVITk1yTUd1
T1FBcWtJU25XQTBwRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAP9783KHdaW4v49c677HLz3KB4SwjORV5
8GOQWO5ceXgdR3HZcxj4Ohxd4Mm6MMcDufHg4xmN1coGAGGv+9nAB4ApEWGjCguS
594TtBwr7NU3KOkHBHIa/y/IjbqWS79S9kXfiJzkH0U5wHh0xBJzraXg6iII3rNq
SZMnfcC7LA7NB/X2WLCrRWnAbAhEahvk3Fc2npommf20605qE59LAh4aP/FPtHXh
Z8B/UvRBm6+86jZ4HLLbcfeT2MNBTV6CV3fHureU/ym5fwUmJTe4YCOrO6JDGm/H
rx/9vvOB58uG8/mj2ReBwy3tkdhtDszIVVwegu85LUQN2TxNYFJ0aQ==
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:43:31 2025 by rpki-client