Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/JqmkFzCe3p8PHYNqAW43kAlx4A8.roa
File: JqmkFzCe3p8PHYNqAW43kAlx4A8.roa (raw, json)
Hash identifier: FQP07Rlmmr2kRAIcXpeDYIBrne/M86nNPID6VwFC4rg=
Subject key identifier: 26:A9:A4:17:30:9E:DE:9F:0F:1D:83:6A:01:6E:37:90:09:71:E0:0F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 447A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JqmkFzCe3p8PHYNqAW43kAlx4A8.roa
Signing time: Fri 19 Apr 2024 21:23:05 +0000
ROA not before: Fri 19 Apr 2024 21:23:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17530 (0x447a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 21:23:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=26A9A417309EDE9F0F1D836A016E37900971E00F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:bf:5c:15:f9:5c:ff:95:ad:46:c9:2e:a5:09:
2e:75:8a:45:ca:57:bf:8b:c8:35:c9:02:c9:ad:b8:
7a:64:b2:be:80:d3:b5:05:9f:23:fd:14:84:ca:73:
c1:a3:d3:d6:58:3b:8f:5e:20:03:4f:e7:b2:64:a9:
b4:ca:ff:9d:5a:e8:ba:6f:30:57:2a:e4:bb:c1:8f:
83:58:1c:d5:47:5d:1e:6f:35:a1:33:e1:c5:23:41:
9e:58:36:e2:c4:5b:de:78:28:68:c7:12:48:3d:2c:
19:8f:1e:5a:6d:20:53:8e:f0:48:62:05:e2:e2:41:
39:5a:80:09:2a:d1:91:22:ab:05:5f:87:3d:9d:e6:
eb:ef:ab:d5:be:dd:3b:04:07:73:d9:71:1c:76:00:
ec:d7:91:67:7b:f5:51:e0:ce:11:d0:2a:4b:e9:5f:
77:c6:d7:8e:d1:d3:c9:71:95:bd:96:ce:dc:a7:77:
6f:97:30:c9:a3:b7:a9:6a:fd:0e:93:a0:06:13:cf:
b6:db:cb:6d:b9:ce:df:5c:d3:c5:c5:52:51:37:0b:
67:17:a2:f5:aa:65:45:25:60:16:28:75:b2:46:41:
a0:8d:ba:db:80:50:45:e4:c6:dc:98:18:33:a2:78:
aa:8f:64:fb:49:4d:23:9b:48:d4:f6:90:2e:4f:46:
4a:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:A9:A4:17:30:9E:DE:9F:0F:1D:83:6A:01:6E:37:90:09:71:E0:0F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JqmkFzCe3p8PHYNqAW43kAlx4A8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
56:f7:ba:58:2a:c2:32:56:a4:cd:ca:28:a0:b0:a4:40:7b:7e:
08:ed:40:27:16:68:19:86:04:1c:27:0b:e5:0a:a2:4f:6e:f7:
29:49:ba:f5:58:de:b0:da:8b:45:bf:bb:e2:2f:0c:d7:e9:21:
4c:de:e1:c5:f7:20:0f:2d:c8:b7:79:e6:ba:76:08:19:c1:30:
da:3b:c1:5b:c7:26:02:1e:9d:45:31:c8:8c:83:f7:d7:b2:77:
25:4a:85:b0:6c:b5:a2:94:23:67:ad:05:1f:8d:77:52:cf:13:
9e:03:0f:d7:eb:88:ac:d1:f4:52:7a:ac:4e:f4:fd:80:9f:d2:
a9:04:82:ff:32:10:0d:30:d1:76:db:d2:82:56:4d:da:8b:4e:
27:bf:e4:56:52:52:4f:c8:de:fd:ff:be:a4:73:1d:1e:be:e7:
a6:30:3a:04:8c:fd:02:ff:d0:a8:d3:51:6f:07:76:95:bf:bd:
e7:58:68:35:12:8c:d6:e0:0c:b2:53:ca:6c:63:5f:70:b8:5e:
6f:88:2a:bf:f0:07:6b:f7:c6:1f:96:04:e2:2f:d2:f6:da:67:
c2:6c:7c:4b:e8:40:a6:f8:ed:92:e2:0e:2d:3e:5e:ad:cb:6b:
9e:d4:38:8c:5f:ed:b0:8a:b5:4b:36:54:8f:ba:3e:f5:2b:f4:
ba:6e:cb:0a
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRHowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTky
MTIzMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI2QTlBNDE3MzA5RURF
OUYwRjFEODM2QTAxNkUzNzkwMDk3MUUwMEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhv1wV+Vz/la1GyS6lCS51ikXKV7+LyDXJAsmtuHpksr6A07UF
nyP9FITKc8Gj09ZYO49eIANP57JkqbTK/51a6LpvMFcq5LvBj4NYHNVHXR5vNaEz
4cUjQZ5YNuLEW954KGjHEkg9LBmPHlptIFOO8EhiBeLiQTlagAkq0ZEiqwVfhz2d
5uvvq9W+3TsEB3PZcRx2AOzXkWd79VHgzhHQKkvpX3fG147R08lxlb2Wztynd2+X
MMmjt6lq/Q6ToAYTz7bby225zt9c08XFUlE3C2cXovWqZUUlYBYodbJGQaCNutuA
UEXkxtyYGDOieKqPZPtJTSObSNT2kC5PRkpLAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUJqmkFzCe3p8PHYNqAW43kAlx4A8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0pxbWtGekNlM3A4UEhZ
TnFBVzQza0FseDRBOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAVve6WCrCMlakzcoooLCkQHt+CO1AJxZo
GYYEHCcL5QqiT273KUm69VjesNqLRb+74i8M1+khTN7hxfcgDy3It3nmunYIGcEw
2jvBW8cmAh6dRTHIjIP317J3JUqFsGy1opQjZ60FH413Us8TngMP1+uIrNH0Unqs
TvT9gJ/SqQSC/zIQDTDRdtvSglZN2otOJ7/kVlJST8je/f++pHMdHr7npjA6BIz9
Av/QqNNRbwd2lb+951hoNRKM1uAMslPKbGNfcLheb4gqv/AHa/fGH5YE4i/S9tpn
wmx8S+hApvjtkuIOLT5erctrntQ4jF/tsIq1SzZUj7o+9Sv0um7LCg==
-----END CERTIFICATE-----
Generated at Mon Apr 14 13:39:06 2025 by rpki-client