Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4wMxaV2jbhbfrWE_UYISHWi67j4.roa
File: 4wMxaV2jbhbfrWE_UYISHWi67j4.roa (raw, json)
Hash identifier: 3nbA3s4ForkmAxUu7Bei/MaBIwe7sljVIL5ZmOmX9fM=
Subject key identifier: E3:03:31:69:5D:A3:6E:16:DF:AD:61:3F:51:82:12:1D:68:BA:EE:3E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 33F6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4wMxaV2jbhbfrWE_UYISHWi67j4.roa
Signing time: Thu 28 Mar 2024 20:52:04 +0000
ROA not before: Thu 28 Mar 2024 20:52:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13302 (0x33f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 20:52:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E30331695DA36E16DFAD613F5182121D68BAEE3E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:4e:3a:db:b4:85:ba:1f:15:2a:3f:f4:79:19:
c0:16:e5:4a:d3:fe:4c:ef:35:da:c1:47:e0:ae:67:
0b:3c:9f:41:65:62:45:c0:d6:c8:52:4d:53:76:c5:
89:b4:b6:85:eb:e4:48:d6:9f:2c:6d:00:42:48:ab:
28:26:29:9e:c0:d0:72:aa:81:2a:81:f8:5e:61:a6:
e0:b5:a2:ed:92:b6:f2:eb:bc:fc:0d:00:ea:44:3f:
68:cf:53:f2:33:91:ae:69:14:49:94:b3:6d:8f:2e:
6b:57:6a:02:a4:67:d7:18:ef:71:38:f2:60:39:b4:
23:3d:05:4b:c1:d6:d2:a2:99:ec:3f:2c:92:a0:a3:
f6:0f:82:a3:7c:97:d4:a9:4d:ce:da:b9:d5:78:0f:
d5:b8:ec:f7:c0:b0:b7:b3:30:c4:d1:ff:73:31:2f:
e2:f6:5f:d2:20:3d:1e:6c:03:8b:62:44:3d:ab:ad:
a7:99:d4:48:6b:b1:49:78:95:05:a8:65:cc:bb:55:
a0:37:92:fd:61:7e:33:c7:83:bc:22:8b:4a:5b:ef:
79:52:a6:9b:16:35:ef:f3:fe:57:7d:78:00:16:bf:
6a:c8:ee:8b:2f:9a:25:0d:9e:8e:bc:0d:8b:dd:a8:
a7:0b:7d:32:5e:4d:9c:74:b2:a9:fc:5f:10:33:ee:
82:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:03:31:69:5D:A3:6E:16:DF:AD:61:3F:51:82:12:1D:68:BA:EE:3E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4wMxaV2jbhbfrWE_UYISHWi67j4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b8:fb:98:a4:8b:f9:57:b0:73:5a:19:c1:40:28:fa:a5:f4:fc:
9e:bd:e9:fd:e4:9d:03:2e:99:e7:c1:a8:9d:28:8c:58:2a:1b:
d7:0d:18:97:61:99:30:ed:6c:e0:0e:5b:89:a6:fb:9a:27:53:
b4:03:e8:e2:47:85:e8:e9:96:dd:88:6b:aa:af:14:b2:92:75:
f3:02:59:01:e5:86:86:3f:6a:82:97:09:19:f1:08:d6:14:95:
89:3e:af:58:f6:52:73:4d:3e:6f:5f:9a:72:a1:27:70:6c:c6:
90:4b:45:ce:11:b5:44:5d:10:45:83:ff:06:66:9e:76:88:dc:
9f:4a:4f:1c:02:ff:1e:30:9a:bf:7b:71:88:7f:40:c4:fb:e6:
f6:6d:4c:70:53:05:56:27:6e:fb:eb:12:70:59:34:d5:91:9f:
8d:84:1d:52:a0:92:c1:fc:ba:86:57:93:7e:70:61:da:f4:e4:
00:f5:a9:9a:67:5a:8d:01:ae:1a:4b:3a:b1:00:31:c5:fe:90:
03:96:dd:2a:97:0a:c2:42:9b:26:88:86:12:49:84:37:27:a4:
dc:0c:23:1c:12:6f:c6:b3:b7:97:c0:e7:87:af:38:25:04:4e:
c9:02:6c:45:7b:ef:85:69:0b:07:e1:bd:73:ee:81:d5:f5:7c:
99:56:6e:74
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICM/YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgy
MDUyMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUzMDMzMTY5NURBMzZF
MTZERkFENjEzRjUxODIxMjFENjhCQUVFM0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeTjrbtIW6HxUqP/R5GcAW5UrT/kzvNdrBR+CuZws8n0FlYkXA
1shSTVN2xYm0toXr5EjWnyxtAEJIqygmKZ7A0HKqgSqB+F5hpuC1ou2StvLrvPwN
AOpEP2jPU/Izka5pFEmUs22PLmtXagKkZ9cY73E48mA5tCM9BUvB1tKimew/LJKg
o/YPgqN8l9SpTc7audV4D9W47PfAsLezMMTR/3MxL+L2X9IgPR5sA4tiRD2rraeZ
1EhrsUl4lQWoZcy7VaA3kv1hfjPHg7wii0pb73lSppsWNe/z/ld9eAAWv2rI7osv
miUNno68DYvdqKcLfTJeTZx0sqn8XxAz7oLbAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU4wMxaV2jbhbfrWE/UYISHWi67j4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzR3TXhhVjJqYmhiZnJX
RV9VWUlTSFdpNjdqNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAuPuYpIv5V7BzWhnBQCj6pfT8nr3p/eSd
Ay6Z58GonSiMWCob1w0Yl2GZMO1s4A5biab7midTtAPo4keF6OmW3Yhrqq8UspJ1
8wJZAeWGhj9qgpcJGfEI1hSViT6vWPZSc00+b1+acqEncGzGkEtFzhG1RF0QRYP/
Bmaedojcn0pPHAL/HjCav3txiH9AxPvm9m1McFMFVidu++sScFk01ZGfjYQdUqCS
wfy6hleTfnBh2vTkAPWpmmdajQGuGks6sQAxxf6QA5bdKpcKwkKbJoiGEkmENyek
3AwjHBJvxrO3l8Dnh684JQROyQJsRXvvhWkLB+G9c+6B1fV8mVZudA==
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:00:35 2025 by rpki-client