Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WVjkbd3lmiIjdW6HRoQWGrDVxuE.roa
File: WVjkbd3lmiIjdW6HRoQWGrDVxuE.roa (raw, json)
Hash identifier: 0PY3c8ZHsiZ6C1SWfdn8nGU+9g9hBaAbWTSETYJaJ08=
Subject key identifier: 59:58:E4:6D:DD:E5:9A:22:23:75:6E:87:46:84:16:1A:B0:D5:C6:E1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 487A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WVjkbd3lmiIjdW6HRoQWGrDVxuE.roa
Signing time: Thu 25 Apr 2024 05:23:20 +0000
ROA not before: Thu 25 Apr 2024 05:23:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18554 (0x487a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 25 05:23:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5958E46DDDE59A2223756E874684161AB0D5C6E1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:11:de:cf:67:63:08:6d:f5:e4:70:01:35:2b:
8d:ed:de:b3:9a:7a:43:c9:3a:3c:0b:37:9d:42:75:
55:60:32:fd:2a:c2:08:d2:fa:d2:b7:de:dd:d7:c4:
eb:d2:00:5b:b0:74:c6:55:9a:b1:09:43:21:4f:89:
7d:c5:fa:25:cd:da:6c:ab:d5:19:0a:53:65:fa:b8:
f4:af:9b:7c:ea:24:33:54:c7:4f:59:bd:db:22:fb:
4c:d8:01:3e:6c:54:5f:72:ba:c0:73:5c:7c:0b:41:
2a:3d:2a:67:1b:ed:e6:97:e6:5c:c2:9b:0b:87:1e:
84:97:8b:6e:48:b9:ff:55:27:eb:b9:9f:54:46:ef:
f1:16:59:e2:4f:9a:46:67:f3:3a:64:e3:f3:05:93:
ee:64:95:ab:75:b0:db:dc:1f:86:27:c1:e7:4c:e5:
7d:bb:7b:fe:6c:a8:3e:58:90:03:0c:d4:d9:e8:86:
49:33:f8:e1:51:0b:ce:44:dd:df:b7:01:81:c5:63:
39:e2:93:0a:5e:33:d1:a4:7d:eb:71:86:38:9b:93:
78:23:fd:2f:ce:5f:61:de:80:b0:af:26:b3:65:34:
84:8b:bb:bf:40:db:af:f2:f6:da:b6:de:b7:3d:20:
66:98:91:15:69:42:be:8f:9f:bf:05:b5:27:21:85:
ed:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:58:E4:6D:DD:E5:9A:22:23:75:6E:87:46:84:16:1A:B0:D5:C6:E1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WVjkbd3lmiIjdW6HRoQWGrDVxuE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
53:03:c4:1a:3a:eb:db:43:77:66:16:6a:f4:31:ae:70:6a:d0:
a8:3e:0b:a9:ba:9e:f5:e2:71:36:84:48:4d:4b:8d:b8:a1:c2:
8a:a9:a0:c3:6b:4d:eb:5b:02:ed:c9:ce:db:91:a4:31:61:03:
6d:81:35:b5:8f:ea:cc:07:d9:ed:f5:52:50:77:14:93:27:f1:
d6:79:97:9d:a5:3e:3f:ab:24:75:ea:bf:9b:28:e1:34:d6:a0:
00:e7:d9:8d:d2:ae:58:f1:fa:e3:44:87:8a:cc:9f:ff:b1:b3:
81:fe:77:1e:04:bc:e3:0b:f7:6f:76:cd:4f:b1:c4:c2:01:1d:
f6:2f:7f:2a:97:cd:54:39:2b:c7:17:e4:93:7e:29:41:e9:e1:
d2:52:e0:2b:b6:b6:c6:bf:43:3a:80:6f:26:bc:8c:a9:d0:6d:
3f:3b:4b:c6:4a:4c:15:93:25:42:d8:a8:86:e6:2a:a0:fb:46:
f2:61:2b:3f:4a:4c:f1:3b:88:78:30:68:29:a0:a2:4e:57:40:
25:eb:d9:81:99:71:79:3b:55:4c:69:73:bf:22:27:e8:73:fd:
ce:71:c8:de:9f:2e:94:3e:a3:2b:be:a1:26:4a:f2:bc:0e:ff:
a0:7e:14:48:9a:1d:70:c7:ce:e0:07:ef:0a:90:a7:24:ed:fc:
27:a6:5b:1f
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSHowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjUw
NTIzMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU5NThFNDZERERFNTlB
MjIyMzc1NkU4NzQ2ODQxNjFBQjBENUM2RTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUEd7PZ2MIbfXkcAE1K43t3rOaekPJOjwLN51CdVVgMv0qwgjS
+tK33t3XxOvSAFuwdMZVmrEJQyFPiX3F+iXN2myr1RkKU2X6uPSvm3zqJDNUx09Z
vdsi+0zYAT5sVF9yusBzXHwLQSo9Kmcb7eaX5lzCmwuHHoSXi25Iuf9VJ+u5n1RG
7/EWWeJPmkZn8zpk4/MFk+5klat1sNvcH4YnwedM5X27e/5sqD5YkAMM1Nnohkkz
+OFRC85E3d+3AYHFYznikwpeM9Gkfetxhjibk3gj/S/OX2HegLCvJrNlNISLu79A
26/y9tq23rc9IGaYkRVpQr6Pn78FtSchhe0hAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUWVjkbd3lmiIjdW6HRoQWGrDVxuEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dWamtiZDNsbWlJamRX
NkhSb1FXR3JEVnh1RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAUwPEGjrr20N3ZhZq9DGucGrQqD4Lqbqe
9eJxNoRITUuNuKHCiqmgw2tN61sC7cnO25GkMWEDbYE1tY/qzAfZ7fVSUHcUkyfx
1nmXnaU+P6skdeq/myjhNNagAOfZjdKuWPH640SHisyf/7Gzgf53HgS84wv3b3bN
T7HEwgEd9i9/KpfNVDkrxxfkk34pQenh0lLgK7a2xr9DOoBvJryMqdBtPztLxkpM
FZMlQtiohuYqoPtG8mErP0pM8TuIeDBoKaCiTldAJevZgZlxeTtVTGlzvyIn6HP9
znHI3p8ulD6jK76hJkryvA7/oH4USJodcMfO4AfvCpCnJO38J6ZbHw==
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:39 2025 by rpki-client