Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YE_TwkAnMLsmirxxdOx4ioIKemk.roa
File: YE_TwkAnMLsmirxxdOx4ioIKemk.roa (raw, json)
Hash identifier: NMsk4iAnxyFTJrjVm6xv0hSVr6tlb1x1wFyHrNkCrug=
Subject key identifier: 60:4F:D3:C2:40:27:30:BB:26:8A:BC:71:74:EC:78:8A:82:0A:7A:69
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3D0A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YE_TwkAnMLsmirxxdOx4ioIKemk.roa
Signing time: Tue 09 Apr 2024 23:22:38 +0000
ROA not before: Tue 09 Apr 2024 23:22:38 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15626 (0x3d0a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 23:22:38 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=604FD3C2402730BB268ABC7174EC788A820A7A69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:78:a5:f8:4e:55:af:df:a4:c6:30:eb:fb:c7:
08:4c:ed:fd:63:dc:d0:90:4a:52:89:c4:fc:64:2b:
ea:a9:28:e1:0c:d2:c5:56:b7:c0:93:79:3e:60:15:
09:98:85:82:bb:e2:25:c2:86:07:1f:83:61:05:7e:
05:88:87:be:cc:2d:b6:17:d7:a0:9e:44:2e:a0:21:
e7:ee:5e:57:1f:78:44:fe:05:ad:a2:2a:5f:d9:8e:
32:08:7a:29:99:5b:6f:64:bf:68:a4:3e:91:64:e8:
3f:6f:b8:86:bc:10:e3:78:86:17:40:b7:b7:8a:9c:
9b:7e:b6:36:88:d2:b8:d7:3a:7c:31:2c:c9:fc:a0:
83:94:cc:68:a1:c2:88:ba:1c:97:48:41:7c:05:6b:
b2:cd:96:4e:f7:44:34:ad:15:9f:3d:a2:ba:98:64:
76:89:cb:8c:2b:00:68:69:ed:2f:44:6a:bb:01:75:
f0:9b:72:c0:9d:ba:46:41:fa:9a:f7:08:4c:ef:e4:
6a:87:c1:25:99:49:e0:96:31:bb:a0:03:bb:48:d9:
91:16:81:6c:a8:a9:21:3f:a2:ec:1b:3e:4c:9e:92:
66:21:4d:1e:97:17:ca:6f:02:f7:a9:43:a2:97:38:
a0:1c:c3:54:10:01:20:f1:92:f1:73:61:da:3a:be:
9a:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:4F:D3:C2:40:27:30:BB:26:8A:BC:71:74:EC:78:8A:82:0A:7A:69
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YE_TwkAnMLsmirxxdOx4ioIKemk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
31:b2:36:a5:dc:f9:19:39:92:c1:42:ba:de:90:fe:0d:a3:9d:
58:8e:81:15:53:3e:0a:c5:c3:a9:59:71:b5:15:06:cc:85:f9:
54:cd:c2:18:fc:d3:6a:2d:04:dc:0b:e5:52:cf:df:c4:f2:b1:
c4:46:97:01:93:eb:4f:96:61:24:ce:3d:d0:45:8b:3b:a7:8c:
7b:87:b4:a8:39:c4:c0:4d:16:db:be:05:bf:4d:01:86:2e:88:
65:15:cd:7f:4b:bb:d4:1c:c5:ee:03:22:ce:d3:9f:34:c2:1a:
48:7d:a9:13:9d:98:8c:70:bb:d0:37:c7:84:5d:73:cd:af:6a:
23:7c:ca:55:c9:1d:11:d9:51:6c:55:fd:67:16:8f:37:86:6d:
c1:7f:a6:62:e7:df:d3:ac:8e:a3:09:01:33:67:f5:0d:3e:7f:
39:35:b1:ce:18:f6:3f:f3:15:90:f3:69:8f:8a:15:d0:60:b3:
a1:62:4d:3b:b8:6c:0e:d2:b8:cd:75:26:22:bb:9a:8f:9b:ef:
28:13:fa:3a:22:23:83:c2:0f:89:8d:fb:28:dd:10:10:90:1b:
6c:62:c7:19:ea:89:04:05:7e:e5:95:91:c8:7a:6a:d8:7c:4f:
85:d4:7b:1d:32:1f:b3:f4:10:61:77:f6:b1:d9:57:1d:30:80:
d4:83:6b:57
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPQowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDky
MzIyMzhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDYwNEZEM0MyNDAyNzMw
QkIyNjhBQkM3MTc0RUM3ODhBODIwQTdBNjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDceKX4TlWv36TGMOv7xwhM7f1j3NCQSlKJxPxkK+qpKOEM0sVW
t8CTeT5gFQmYhYK74iXChgcfg2EFfgWIh77MLbYX16CeRC6gIefuXlcfeET+Ba2i
Kl/ZjjIIeimZW29kv2ikPpFk6D9vuIa8EON4hhdAt7eKnJt+tjaI0rjXOnwxLMn8
oIOUzGihwoi6HJdIQXwFa7LNlk73RDStFZ89orqYZHaJy4wrAGhp7S9EarsBdfCb
csCdukZB+pr3CEzv5GqHwSWZSeCWMbugA7tI2ZEWgWyoqSE/ouwbPkyekmYhTR6X
F8pvAvepQ6KXOKAcw1QQASDxkvFzYdo6vppbAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUYE/TwkAnMLsmirxxdOx4ioIKemkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lFX1R3a0FuTUxzbWly
eHhkT3g0aW9JS2Vtay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAMbI2pdz5GTmSwUK63pD+DaOdWI6BFVM+
CsXDqVlxtRUGzIX5VM3CGPzTai0E3AvlUs/fxPKxxEaXAZPrT5ZhJM490EWLO6eM
e4e0qDnEwE0W274Fv00Bhi6IZRXNf0u71BzF7gMiztOfNMIaSH2pE52YjHC70DfH
hF1zza9qI3zKVckdEdlRbFX9ZxaPN4ZtwX+mYuff06yOowkBM2f1DT5/OTWxzhj2
P/MVkPNpj4oV0GCzoWJNO7hsDtK4zXUmIruaj5vvKBP6OiIjg8IPiY37KN0QEJAb
bGLHGeqJBAV+5ZWRyHpq2HxPhdR7HTIfs/QQYXf2sdlXHTCA1INrVw==
-----END CERTIFICATE-----
Generated at Mon Apr 14 11:08:32 2025 by rpki-client