Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ST7_yxcZkBtr4ocCM5bGpqyy7g8.roa
File: ST7_yxcZkBtr4ocCM5bGpqyy7g8.roa (raw, json)
Hash identifier: lbddCDVjEuNXQwe1yKJ9LnGU/lqXnJ8o25W+fW1SOyI=
Subject key identifier: 49:3E:FF:CB:17:19:90:1B:6B:E2:87:02:33:96:C6:A6:AC:B2:EE:0F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4FB6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ST7_yxcZkBtr4ocCM5bGpqyy7g8.roa
Signing time: Sat 04 May 2024 20:54:00 +0000
ROA not before: Sat 04 May 2024 20:54:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20406 (0x4fb6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 4 20:54:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=493EFFCB1719901B6BE287023396C6A6ACB2EE0F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:06:ae:34:7e:fa:6a:37:f5:9f:01:44:fa:04:
bc:1f:c5:3a:e0:53:30:b3:de:7f:f5:3b:7a:80:18:
e1:4d:32:0f:ec:eb:4c:b0:e4:1f:41:b5:0d:97:32:
73:e3:b1:9b:fe:c5:84:0c:2e:d6:2a:25:4f:3b:81:
3e:2f:a3:4f:29:1f:fb:3a:96:87:bd:9d:d9:9b:23:
b5:8f:5c:3b:37:46:44:d0:4c:67:ef:12:f2:00:58:
6f:69:f8:04:e4:c6:66:f7:11:eb:ad:53:46:9e:47:
cc:1c:8f:82:8a:7b:93:ae:b2:48:d1:a8:0a:78:a4:
d5:c5:f4:12:a1:88:9b:25:89:4d:42:93:80:f0:4e:
b7:e0:bc:4b:72:c7:a8:f7:1a:35:b6:9d:2c:0a:cb:
79:a0:94:fb:5c:bb:18:2f:61:3b:98:2f:72:61:6c:
df:f6:f1:00:41:14:39:8d:39:4b:21:c9:50:64:ec:
ea:4e:20:c1:49:cc:db:36:55:9e:37:f6:29:5f:ce:
f7:0f:05:68:e6:15:6a:24:f4:7e:37:a0:7f:e9:4f:
4a:22:d6:05:f3:f6:a9:59:77:38:04:4a:1d:10:e6:
13:af:e7:61:22:93:d4:1b:4d:52:bd:90:f1:f6:8a:
dd:06:30:a1:bc:4b:c6:f7:5c:47:df:eb:6b:19:28:
aa:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:3E:FF:CB:17:19:90:1B:6B:E2:87:02:33:96:C6:A6:AC:B2:EE:0F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ST7_yxcZkBtr4ocCM5bGpqyy7g8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
78:ea:62:68:2a:ec:07:6a:74:2f:36:a6:fd:12:d2:71:a7:b8:
0e:32:e1:95:65:b1:b7:c6:05:49:4d:51:df:f4:51:b6:f2:36:
28:b3:a5:e7:3d:32:14:6c:9a:db:f8:f4:eb:db:10:4f:16:0a:
2b:93:3b:f9:cf:d2:9e:19:ec:ec:a7:2a:bf:75:1f:30:60:3d:
9e:64:8d:76:ca:85:f2:75:e2:96:8b:56:b2:5a:36:e7:e2:33:
60:18:8e:b7:2c:ce:69:86:11:37:c9:01:a5:40:bc:d8:3e:0a:
43:52:89:6f:ce:88:b3:7e:9c:ae:1b:c0:1e:34:c0:5f:a3:9a:
1d:2b:e8:f1:fd:a1:0d:a4:7f:9b:8f:d6:03:af:03:b0:b4:81:
73:75:4e:18:61:fb:e9:17:f5:c7:a3:47:e5:84:7b:56:86:5d:
a3:03:d6:25:f5:d6:89:ea:42:02:4e:a5:cc:fe:de:0c:a8:af:
99:c1:fc:d3:c4:b1:3f:3d:9a:e6:a5:ea:42:66:57:47:1e:cc:
9c:f4:96:4c:8c:38:65:7b:7c:74:16:6e:b1:5b:df:ee:72:82:
ad:6d:24:4c:e1:7c:f0:b9:45:60:da:c3:18:aa:95:42:e8:73:
00:52:53:a4:bd:fc:e3:b5:56:4f:f4:49:28:98:a4:e2:cd:d5:
34:16:e2:7c
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICT7YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDQy
MDU0MDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ5M0VGRkNCMTcxOTkw
MUI2QkUyODcwMjMzOTZDNkE2QUNCMkVFMEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFBq40fvpqN/WfAUT6BLwfxTrgUzCz3n/1O3qAGOFNMg/s60yw
5B9BtQ2XMnPjsZv+xYQMLtYqJU87gT4vo08pH/s6loe9ndmbI7WPXDs3RkTQTGfv
EvIAWG9p+ATkxmb3EeutU0aeR8wcj4KKe5OuskjRqAp4pNXF9BKhiJsliU1Ck4Dw
TrfgvEtyx6j3GjW2nSwKy3mglPtcuxgvYTuYL3JhbN/28QBBFDmNOUshyVBk7OpO
IMFJzNs2VZ439ilfzvcPBWjmFWok9H43oH/pT0oi1gXz9qlZdzgESh0Q5hOv52Ei
k9QbTVK9kPH2it0GMKG8S8b3XEff62sZKKoJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUST7/yxcZkBtr4ocCM5bGpqyy7g8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1NUN195eGNaa0J0cjRv
Y0NNNWJHcHF5eTdnOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAeOpiaCrsB2p0Lzam/RLScae4DjLhlWWx
t8YFSU1R3/RRtvI2KLOl5z0yFGya2/j069sQTxYKK5M7+c/Snhns7Kcqv3UfMGA9
nmSNdsqF8nXilotWslo25+IzYBiOtyzOaYYRN8kBpUC82D4KQ1KJb86Is36crhvA
HjTAX6OaHSvo8f2hDaR/m4/WA68DsLSBc3VOGGH76Rf1x6NH5YR7VoZdowPWJfXW
iepCAk6lzP7eDKivmcH808SxPz2a5qXqQmZXRx7MnPSWTIw4ZXt8dBZusVvf7nKC
rW0kTOF88LlFYNrDGKqVQuhzAFJTpL3847VWT/RJKJik4s3VNBbifA==
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:49 2025 by rpki-client