Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NfPq37s8lVBS12T4ro4BIALJEQU.roa
File: NfPq37s8lVBS12T4ro4BIALJEQU.roa (raw, json)
Hash identifier: aJM1zyuLZy59m8oGI/Ydh7/+S7iRXD/jA3OlpNQH/G4=
Subject key identifier: 35:F3:EA:DF:BB:3C:95:50:52:D7:64:F8:AE:8E:01:20:02:C9:11:05
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 50FE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NfPq37s8lVBS12T4ro4BIALJEQU.roa
Signing time: Mon 06 May 2024 13:53:50 +0000
ROA not before: Mon 06 May 2024 13:53:50 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20734 (0x50fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 13:53:50 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=35F3EADFBB3C955052D764F8AE8E012002C91105
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:64:d9:b6:02:f3:d2:f6:9a:9e:fc:75:16:5e:
2a:a2:bd:c0:fb:83:36:e6:98:c9:53:eb:c5:20:22:
06:75:8f:63:0e:fa:98:97:9a:e2:48:5f:cf:da:e9:
91:62:fd:d9:20:5f:45:eb:bc:3b:5a:0f:4e:c2:a3:
cd:a6:35:d0:50:d1:e2:17:70:34:20:02:11:18:d2:
50:cf:7b:2f:64:3b:75:43:69:95:19:8b:bb:1b:d8:
7f:6d:c9:10:5d:40:00:ed:7f:73:07:46:77:20:f0:
b0:02:47:0a:00:09:b8:a4:d1:0c:0b:6e:9b:cb:66:
90:c5:03:66:42:4a:e9:68:28:d3:92:20:c5:d6:ea:
80:b9:0e:a2:ef:64:0e:c8:db:3d:33:a9:a7:de:84:
0d:f5:73:12:c6:e9:1d:0f:11:c4:d3:e4:0f:f8:63:
c9:4c:04:1d:cc:08:b7:64:fc:67:67:15:65:33:ad:
f4:a7:88:0c:e9:8d:66:af:b3:fb:00:ee:26:6e:df:
c5:72:b6:23:5b:f8:be:73:64:47:b7:d6:5f:82:3d:
71:01:53:b9:48:80:16:8c:05:d2:82:d4:a9:44:e3:
cc:3c:b5:0f:2b:f7:c1:0d:28:8a:ac:92:c3:e0:4a:
1c:9f:98:99:5d:29:c5:3e:5e:d1:92:1a:63:03:4b:
07:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:F3:EA:DF:BB:3C:95:50:52:D7:64:F8:AE:8E:01:20:02:C9:11:05
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NfPq37s8lVBS12T4ro4BIALJEQU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
85:7a:ed:8c:9e:01:97:ae:30:6a:83:8a:2d:c6:57:90:2f:4e:
bd:bc:a7:9c:8e:d7:56:db:b9:37:30:7d:72:79:18:e5:84:ac:
2a:3b:7c:5b:34:88:2b:98:7d:88:09:e6:f5:8b:d8:e6:d7:12:
52:dd:77:8e:c0:e2:9b:7a:e2:04:d8:8b:d2:d6:72:5e:de:2f:
7b:b0:bf:69:22:14:db:4b:56:53:e9:cf:77:33:24:b4:9a:85:
e3:89:3d:f4:67:a9:94:ad:43:07:c0:7d:2c:f6:cd:54:50:15:
bc:5b:c1:83:b6:f9:f5:83:07:30:fa:92:e7:7b:4f:93:f1:d3:
d3:11:66:6c:59:f8:98:00:02:18:97:40:03:32:0c:25:a5:5b:
23:b4:57:dd:2b:d8:c1:92:94:e2:1d:13:ef:33:46:04:b4:69:
88:70:06:9d:e4:a1:7a:0d:ad:aa:08:e7:44:24:30:d4:de:d1:
be:d2:40:44:2a:f3:47:8e:62:5d:48:01:bb:0c:4a:80:4f:f8:
a3:76:8f:3d:cd:e3:05:29:2a:e5:ee:bb:01:a1:13:8e:2e:3c:
3e:bf:67:b8:1e:d3:48:48:9f:d6:87:3f:3b:c4:4d:91:98:ef:
27:da:bc:a8:99:94:01:79:fd:7a:90:37:b0:09:84:0d:72:35:
5d:bb:00:a6
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICUP4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYx
MzUzNTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM1RjNFQURGQkIzQzk1
NTA1MkQ3NjRGOEFFOEUwMTIwMDJDOTExMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9ZNm2AvPS9pqe/HUWXiqivcD7gzbmmMlT68UgIgZ1j2MO+piX
muJIX8/a6ZFi/dkgX0XrvDtaD07Co82mNdBQ0eIXcDQgAhEY0lDPey9kO3VDaZUZ
i7sb2H9tyRBdQADtf3MHRncg8LACRwoACbik0QwLbpvLZpDFA2ZCSuloKNOSIMXW
6oC5DqLvZA7I2z0zqafehA31cxLG6R0PEcTT5A/4Y8lMBB3MCLdk/GdnFWUzrfSn
iAzpjWavs/sA7iZu38VytiNb+L5zZEe31l+CPXEBU7lIgBaMBdKC1KlE48w8tQ8r
98ENKIqsksPgShyfmJldKcU+XtGSGmMDSwdXAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUNfPq37s8lVBS12T4ro4BIALJEQUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05mUHEzN3M4bFZCUzEy
VDRybzRCSUFMSkVRVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAhXrtjJ4Bl64waoOKLcZXkC9OvbynnI7X
Vtu5NzB9cnkY5YSsKjt8WzSIK5h9iAnm9YvY5tcSUt13jsDim3riBNiL0tZyXt4v
e7C/aSIU20tWU+nPdzMktJqF44k99GeplK1DB8B9LPbNVFAVvFvBg7b59YMHMPqS
53tPk/HT0xFmbFn4mAACGJdAAzIMJaVbI7RX3SvYwZKU4h0T7zNGBLRpiHAGneSh
eg2tqgjnRCQw1N7RvtJARCrzR45iXUgBuwxKgE/4o3aPPc3jBSkq5e67AaETji48
Pr9nuB7TSEif1oc/O8RNkZjvJ9q8qJmUAXn9epA3sAmEDXI1XbsApg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:15:22 2024 by rpki-client on console-fra.rpki-client.org