Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-4vg08-ULhK2N_VM6gxyGGU0YZM.roa
File: -4vg08-ULhK2N_VM6gxyGGU0YZM.roa (raw, json)
Hash identifier: 1xjUBJvt/1vUAOL1E0r4JZnQgbZYQr9vqrhh7spwSVQ=
Subject key identifier: FB:8B:E0:D3:CF:94:2E:12:B6:37:F5:4C:EA:0C:72:18:65:34:61:93
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54FA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-4vg08-ULhK2N_VM6gxyGGU0YZM.roa
Signing time: Sat 11 May 2024 21:24:03 +0000
ROA not before: Sat 11 May 2024 21:24:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21754 (0x54fa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 21:24:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FB8BE0D3CF942E12B637F54CEA0C721865346193
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:c7:1e:45:81:13:81:35:dd:54:ef:27:2d:18:
b6:c5:8c:ad:a2:56:a6:54:d9:ff:ee:2b:3d:ab:36:
51:22:fa:aa:ff:c2:6f:52:d8:7e:f8:86:00:6e:d5:
56:c5:a6:7d:b5:33:35:0a:b4:a0:69:c3:16:82:98:
e2:27:c5:a8:46:80:df:65:c2:d7:d9:8a:e8:06:82:
ce:d8:5f:6c:a5:f4:44:ed:4b:0e:f3:aa:2f:74:86:
a1:79:42:e6:59:78:49:09:53:1e:7c:e1:5b:fa:b3:
ce:59:7a:5c:91:13:60:49:00:d8:c3:6c:9c:99:a8:
94:13:16:d7:28:63:a7:bd:4d:9e:53:0f:68:06:4d:
3a:ff:50:40:4a:a5:ec:13:0b:f9:cb:3d:ac:cd:25:
51:d7:cc:54:55:af:ff:2a:9a:cd:1a:28:7a:ee:6c:
74:d4:4f:d2:27:40:f8:dc:71:d8:85:fd:e0:97:f6:
38:47:1f:4a:b9:c0:d8:c0:28:dd:82:c5:e3:1c:e8:
71:95:81:ea:27:01:8d:a9:89:fa:04:31:65:51:28:
ff:5f:93:88:da:54:32:79:eb:90:d8:58:e6:61:9f:
4a:14:53:cd:0d:1a:d0:72:7e:5f:50:b1:30:90:e1:
2e:1c:42:d0:3b:4d:3c:c2:20:dd:90:6d:8b:b4:e5:
90:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:8B:E0:D3:CF:94:2E:12:B6:37:F5:4C:EA:0C:72:18:65:34:61:93
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-4vg08-ULhK2N_VM6gxyGGU0YZM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
34:70:53:67:a2:17:64:1d:2b:a0:1c:23:fb:3f:00:51:f3:1a:
94:db:f8:7f:fc:92:4e:ae:b4:e4:60:b8:92:b0:bc:5b:15:b9:
da:47:e9:4a:9d:18:5a:aa:f6:53:0d:4e:de:cb:f0:50:ab:6a:
99:fc:7c:82:dc:45:18:7d:10:eb:ac:2a:cc:fe:24:3d:38:a9:
70:14:bf:eb:08:cd:ed:bd:41:ed:1e:21:02:90:31:49:4e:a1:
5c:d6:cb:7a:d9:14:90:61:fc:77:2a:97:80:72:20:c5:22:8f:
96:64:f8:9a:02:c1:73:68:bf:19:20:16:fb:3c:68:6e:33:02:
d6:b1:1e:b9:d3:c5:7d:50:35:e6:6e:f8:a1:b7:98:45:c4:a1:
0d:fc:d2:d9:2c:0d:3e:05:ad:49:72:33:18:0c:76:b9:18:46:
75:bb:06:08:24:78:90:92:f1:9c:d7:4a:69:1b:10:84:4d:71:
4b:7b:8f:43:e8:87:99:db:eb:38:21:c5:8e:35:e1:92:e2:53:
32:8c:0e:f5:6a:78:d3:56:87:b2:4c:35:ff:2f:06:e3:8d:20:
a2:ca:b2:b3:3f:21:0d:05:bf:cb:13:95:9b:89:de:bf:83:6a:
b1:5e:25:d1:7b:91:67:2d:f6:98:41:91:82:c8:7a:2a:c6:74:
80:24:ec:ce
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVPowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEy
MTI0MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZCOEJFMEQzQ0Y5NDJF
MTJCNjM3RjU0Q0VBMEM3MjE4NjUzNDYxOTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDwxx5FgROBNd1U7yctGLbFjK2iVqZU2f/uKz2rNlEi+qr/wm9S
2H74hgBu1VbFpn21MzUKtKBpwxaCmOInxahGgN9lwtfZiugGgs7YX2yl9ETtSw7z
qi90hqF5QuZZeEkJUx584Vv6s85ZelyRE2BJANjDbJyZqJQTFtcoY6e9TZ5TD2gG
TTr/UEBKpewTC/nLPazNJVHXzFRVr/8qms0aKHrubHTUT9InQPjccdiF/eCX9jhH
H0q5wNjAKN2CxeMc6HGVgeonAY2pifoEMWVRKP9fk4jaVDJ565DYWOZhn0oUU80N
GtByfl9QsTCQ4S4cQtA7TTzCIN2QbYu05ZBlAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU+4vg08+ULhK2N/VM6gxyGGU0YZMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly00dmcwOC1VTGhLMk5f
Vk02Z3h5R0dVMFlaTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEANHBTZ6IXZB0roBwj+z8AUfMalNv4f/yS
Tq605GC4krC8WxW52kfpSp0YWqr2Uw1O3svwUKtqmfx8gtxFGH0Q66wqzP4kPTip
cBS/6wjN7b1B7R4hApAxSU6hXNbLetkUkGH8dyqXgHIgxSKPlmT4mgLBc2i/GSAW
+zxobjMC1rEeudPFfVA15m74obeYRcShDfzS2SwNPgWtSXIzGAx2uRhGdbsGCCR4
kJLxnNdKaRsQhE1xS3uPQ+iHmdvrOCHFjjXhkuJTMowO9Wp401aHskw1/y8G440g
osqysz8hDQW/yxOVm4nev4NqsV4l0XuRZy32mEGRgsh6KsZ0gCTszg==
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:31 2025 by rpki-client