Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0SPTtOugUwSK0wvdu22SJ2RktcA.roa
File: 0SPTtOugUwSK0wvdu22SJ2RktcA.roa (raw, json)
Hash identifier: 9b/Ba7pfJvXVkAP4M+9ZrlQbdUcD1zKNUGLSXudkzX4=
Subject key identifier: D1:23:D3:B4:EB:A0:53:04:8A:D3:0B:DD:BB:6D:92:27:64:64:B5:C0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 44DA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0SPTtOugUwSK0wvdu22SJ2RktcA.roa
Signing time: Sat 20 Apr 2024 09:23:06 +0000
ROA not before: Sat 20 Apr 2024 09:23:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17626 (0x44da)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 09:23:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D123D3B4EBA053048AD30BDDBB6D92276464B5C0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:ab:d3:26:6e:35:a5:36:16:1c:51:55:25:e0:
7e:52:7d:d6:c5:2a:49:d2:1d:fe:6d:09:77:47:09:
f1:d0:a3:8c:e7:b0:7f:4b:d0:38:1e:e8:6b:31:e6:
8d:71:28:8e:79:93:97:f5:65:d0:0a:04:72:9a:61:
78:d4:ad:a1:5b:70:40:72:fa:51:42:7e:dd:a4:e3:
c0:11:26:60:af:77:a0:2c:bd:e0:e2:21:e8:af:bb:
ca:94:4a:4f:ad:56:e6:6a:fb:f3:c1:e3:61:b3:20:
df:67:21:df:3f:82:f7:ed:66:5a:b2:ba:cf:44:d0:
0c:03:b2:c2:ad:52:18:ea:61:f5:70:dd:22:e2:4c:
be:46:c4:c9:8a:64:81:13:7c:b3:49:c9:a2:64:0d:
21:21:9b:12:c0:71:e1:ed:0c:3a:af:10:29:be:45:
d5:1a:61:5b:de:20:0c:3f:7d:ef:90:b9:c8:8e:7c:
a1:0c:a9:55:e8:90:1d:d3:c5:e5:5f:bb:a1:54:d8:
70:6b:5d:c8:cf:a3:6e:b0:40:15:fe:ea:90:b4:bd:
5d:4d:31:f1:af:16:7a:3e:5d:df:12:2a:38:28:78:
71:74:c1:41:a2:8f:35:4f:7d:81:00:bb:51:ae:b8:
ff:aa:44:86:86:e6:b9:f3:99:d9:18:92:5f:5d:60:
c4:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:23:D3:B4:EB:A0:53:04:8A:D3:0B:DD:BB:6D:92:27:64:64:B5:C0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0SPTtOugUwSK0wvdu22SJ2RktcA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
80:4b:a7:82:f1:d0:80:d7:91:5d:3c:c0:8b:a9:5f:07:96:65:
a4:c7:19:dc:75:02:cb:77:f4:45:9c:99:4d:66:86:ac:84:fb:
93:ee:b8:82:cb:bc:d1:83:37:ce:e0:66:d6:ad:5d:dd:c6:f0:
4d:d7:9c:6c:ee:5c:33:a5:65:cc:9d:a7:5e:a0:4e:e4:9d:6f:
08:79:f5:43:92:83:3d:fd:3e:ea:fa:e4:59:c4:a9:90:1a:a6:
e3:e3:07:7a:23:b8:bd:04:0c:c7:e9:4f:af:70:24:fc:f9:ad:
8e:f1:a8:d8:48:d4:5e:7c:21:0f:95:e7:56:fd:5e:86:b3:0a:
09:08:c4:3d:19:f4:fd:7e:57:69:66:5d:3b:02:b5:95:61:84:
75:6c:34:8c:eb:f1:28:60:43:7a:d3:80:df:a5:1a:df:40:1a:
ae:81:1c:c2:19:8e:ec:c4:a3:f5:ef:13:9d:17:c6:9a:4b:1f:
95:42:a7:b7:8b:fc:f7:c4:43:6a:14:ca:bd:1e:b6:37:15:fb:
9e:26:59:18:eb:88:ca:f2:6b:47:70:3f:15:3d:5e:27:6e:82:
72:fd:00:78:3f:25:2e:21:b1:d9:90:21:57:1c:0d:bf:27:ad:
b1:67:8a:81:30:45:9f:29:c1:b8:6f:47:f5:63:23:f3:90:29:
05:fc:a2:ba
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRNowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAw
OTIzMDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQxMjNEM0I0RUJBMDUz
MDQ4QUQzMEJEREJCNkQ5MjI3NjQ2NEI1QzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqq9MmbjWlNhYcUVUl4H5SfdbFKknSHf5tCXdHCfHQo4znsH9L
0Dge6Gsx5o1xKI55k5f1ZdAKBHKaYXjUraFbcEBy+lFCft2k48ARJmCvd6AsveDi
Ieivu8qUSk+tVuZq+/PB42GzIN9nId8/gvftZlqyus9E0AwDssKtUhjqYfVw3SLi
TL5GxMmKZIETfLNJyaJkDSEhmxLAceHtDDqvECm+RdUaYVveIAw/fe+QuciOfKEM
qVXokB3TxeVfu6FU2HBrXcjPo26wQBX+6pC0vV1NMfGvFno+Xd8SKjgoeHF0wUGi
jzVPfYEAu1GuuP+qRIaG5rnzmdkYkl9dYMTxAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU0SPTtOugUwSK0wvdu22SJ2RktcAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBTUFR0T3VnVXdTSzB3
dmR1MjJTSjJSa3RjQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAgEungvHQgNeRXTzAi6lfB5ZlpMcZ3HUC
y3f0RZyZTWaGrIT7k+64gsu80YM3zuBm1q1d3cbwTdecbO5cM6VlzJ2nXqBO5J1v
CHn1Q5KDPf0+6vrkWcSpkBqm4+MHeiO4vQQMx+lPr3Ak/PmtjvGo2EjUXnwhD5Xn
Vv1ehrMKCQjEPRn0/X5XaWZdOwK1lWGEdWw0jOvxKGBDetOA36Ua30AaroEcwhmO
7MSj9e8TnRfGmksflUKnt4v898RDahTKvR62NxX7niZZGOuIyvJrR3A/FT1eJ26C
cv0AeD8lLiGx2ZAhVxwNvyetsWeKgTBFnynBuG9H9WMj85ApBfyiug==
-----END CERTIFICATE-----
Generated at Mon Apr 14 23:47:46 2025 by rpki-client