Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/LNtmrsvJm-PP1Hw4QTrwsfdCMKs.roa
File: LNtmrsvJm-PP1Hw4QTrwsfdCMKs.roa (raw, json)
Hash identifier: Yv66jKVu9MgvSwLh1QD1vMIo8hjbgESA8cd1wlea7nk=
Subject key identifier: 2C:DB:66:AE:CB:C9:9B:E3:CF:D4:7C:38:41:3A:F0:B1:F7:42:30:AB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4252
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LNtmrsvJm-PP1Hw4QTrwsfdCMKs.roa
Signing time: Wed 17 Apr 2024 00:22:58 +0000
ROA not before: Wed 17 Apr 2024 00:22:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16978 (0x4252)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 00:22:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2CDB66AECBC99BE3CFD47C38413AF0B1F74230AB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fe:05:24:f1:14:cf:bb:9c:c3:fa:c2:87:5c:4e:
f9:a8:58:24:5b:d2:86:32:d6:51:bb:71:7f:4f:ae:
41:16:9b:2d:be:b4:0d:e6:88:26:f4:b4:7a:a1:a2:
d4:1d:f5:f2:b6:14:9e:99:c2:ae:07:e6:c7:8a:b0:
9a:11:62:20:a0:21:5d:e2:00:87:8d:a2:43:ad:ee:
d4:70:c6:ba:00:4a:00:19:74:76:cd:24:e4:49:c2:
d5:08:fe:98:92:ae:5f:21:b1:b7:2f:42:72:5f:07:
b3:d8:ad:65:47:e1:f6:7f:5a:db:ee:75:3c:d9:7d:
c2:99:b3:50:3a:39:a1:b7:8f:df:22:04:24:c0:23:
6b:64:d8:a9:5f:88:e8:9f:9a:62:7a:81:18:b3:06:
56:fa:6a:61:7d:3c:aa:fb:0b:17:cc:61:82:f7:b6:
cd:54:51:72:21:b4:1e:c1:84:cc:75:0c:ca:41:1f:
b4:1d:d9:25:42:0b:92:71:39:40:99:24:b8:b7:91:
01:34:6d:59:f9:f9:8c:c2:fd:c3:28:77:41:00:4e:
2c:e2:a1:93:e7:97:64:ae:bf:15:b4:54:d7:d3:86:
99:fb:21:60:12:90:56:db:7a:ec:cf:ef:63:bf:e4:
42:d2:26:49:3b:69:3b:66:76:26:e5:1a:b7:03:c0:
24:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:DB:66:AE:CB:C9:9B:E3:CF:D4:7C:38:41:3A:F0:B1:F7:42:30:AB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LNtmrsvJm-PP1Hw4QTrwsfdCMKs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
99:1d:2a:6c:1e:7a:d1:9a:3f:fd:53:de:33:23:b8:fc:12:cc:
41:e7:ba:5c:76:14:17:d4:5f:3b:5c:74:7e:d3:d5:d6:09:c0:
40:9b:e1:91:73:0b:d1:5e:c9:ff:cc:c3:97:ed:8f:12:7d:93:
92:3e:33:33:c3:6c:b2:f2:d0:b2:75:08:dd:33:bf:4d:ac:cd:
24:e0:b9:4f:02:d0:0c:62:a4:26:17:b6:49:25:a0:7c:5e:e8:
61:74:ed:08:75:a1:e6:28:e3:63:63:c2:65:f6:83:4e:7f:f4:
16:79:c5:16:56:5f:cc:8c:45:46:c1:39:8d:2e:21:b2:bb:7a:
88:3f:07:32:df:73:36:08:05:f8:f4:e0:f2:d5:5d:69:f2:61:
6e:5a:d1:3a:2a:af:05:f9:b4:b0:ec:0e:8f:ef:ca:0e:33:87:
32:5d:99:c9:f1:7e:e0:26:74:dc:c7:27:f7:1d:76:3b:b1:22:
bc:44:08:db:01:9c:a3:db:f6:fd:28:e2:fe:51:73:ac:f8:ef:
84:8b:b1:70:e8:a5:86:ec:97:46:30:d0:b6:d6:23:a6:c4:78:
92:04:72:81:b2:4f:8a:4c:72:a9:e5:7b:a7:d1:4e:12:4a:ac:
69:38:9a:64:89:df:c6:1f:af:33:06:d4:c8:91:a1:f3:2d:ee:
d9:dc:58:f7
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQlIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcw
MDIyNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDJDREI2NkFFQ0JDOTlC
RTNDRkQ0N0MzODQxM0FGMEIxRjc0MjMwQUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD+BSTxFM+7nMP6wodcTvmoWCRb0oYy1lG7cX9PrkEWmy2+tA3m
iCb0tHqhotQd9fK2FJ6Zwq4H5seKsJoRYiCgIV3iAIeNokOt7tRwxroASgAZdHbN
JORJwtUI/piSrl8hsbcvQnJfB7PYrWVH4fZ/WtvudTzZfcKZs1A6OaG3j98iBCTA
I2tk2KlfiOifmmJ6gRizBlb6amF9PKr7CxfMYYL3ts1UUXIhtB7BhMx1DMpBH7Qd
2SVCC5JxOUCZJLi3kQE0bVn5+YzC/cMod0EATizioZPnl2SuvxW0VNfThpn7IWAS
kFbbeuzP72O/5ELSJkk7aTtmdiblGrcDwCTjAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQULNtmrsvJm+PP1Hw4QTrwsfdCMKswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0xOdG1yc3ZKbS1QUDFI
dzRRVHJ3c2ZkQ01Lcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAmR0qbB560Zo//VPeMyO4/BLMQee6XHYU
F9RfO1x0ftPV1gnAQJvhkXML0V7J/8zDl+2PEn2Tkj4zM8NssvLQsnUI3TO/TazN
JOC5TwLQDGKkJhe2SSWgfF7oYXTtCHWh5ijjY2PCZfaDTn/0FnnFFlZfzIxFRsE5
jS4hsrt6iD8HMt9zNggF+PTg8tVdafJhblrROiqvBfm0sOwOj+/KDjOHMl2ZyfF+
4CZ03Mcn9x12O7EivEQI2wGco9v2/Sji/lFzrPjvhIuxcOilhuyXRjDQttYjpsR4
kgRygbJPikxyqeV7p9FOEkqsaTiaZInfxh+vMwbUyJGh8y3u2dxY9w==
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:42:07 2025 by rpki-client