Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/sXoYR4rdRT3zpK4BxFSPzD0bpLQ.roa
File: sXoYR4rdRT3zpK4BxFSPzD0bpLQ.roa (raw, json)
Hash identifier: FgZAvEXdmdR8a6ynh5VVNDkxJ29a/Fy4YhuMSISOI88=
Subject key identifier: B1:7A:18:47:8A:DD:45:3D:F3:A4:AE:01:C4:54:8F:CC:3D:1B:A4:B4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34CE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sXoYR4rdRT3zpK4BxFSPzD0bpLQ.roa
Signing time: Fri 29 Mar 2024 23:52:07 +0000
ROA not before: Fri 29 Mar 2024 23:52:07 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13518 (0x34ce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 23:52:07 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B17A18478ADD453DF3A4AE01C4548FCC3D1BA4B4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:7a:fb:28:56:14:97:ac:d5:65:92:37:50:2c:
a4:93:06:1f:7e:34:f6:72:56:af:55:4d:67:d7:41:
21:17:d1:d8:53:0c:dd:bb:3e:a4:d8:d1:f1:b3:a0:
2e:82:ab:5f:f3:a5:ec:7b:de:35:4c:4c:8c:89:02:
7d:d0:d3:0e:e8:27:f4:27:55:47:29:1e:c5:10:bc:
39:bd:26:2a:98:f4:bf:2e:5f:09:1c:90:33:bf:b9:
2f:56:23:6f:96:39:c5:72:b9:b4:54:25:b2:92:d9:
4b:7d:b0:4a:18:c2:b9:74:83:73:df:1c:e8:b0:31:
4e:13:b7:99:00:0b:c3:74:28:53:40:5c:d1:6f:07:
53:61:7c:dd:81:71:84:d9:4b:19:4f:c6:f3:b2:54:
25:22:ef:81:52:df:81:bd:97:88:0d:91:78:f5:d1:
2b:ea:f9:67:d7:82:3a:f6:ff:47:5c:75:be:1b:d9:
94:19:53:44:10:d7:b2:c4:aa:59:68:60:db:58:d8:
13:0e:a9:16:cc:7e:2d:0c:ec:ba:94:36:9e:55:53:
86:f3:86:6e:71:42:64:24:93:a6:2a:9f:7d:b6:ac:
00:22:d6:35:91:a8:a2:53:ae:8a:d9:eb:0a:56:15:
e0:7b:15:67:d3:a1:b9:00:91:d3:d1:e6:b0:65:5a:
ed:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:7A:18:47:8A:DD:45:3D:F3:A4:AE:01:C4:54:8F:CC:3D:1B:A4:B4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sXoYR4rdRT3zpK4BxFSPzD0bpLQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
73:23:05:f5:77:8c:ec:47:bd:2c:2a:77:f9:fd:9b:78:9a:37:
2e:7a:b4:cf:01:ac:69:d2:10:3d:bd:1b:8c:52:c8:bd:91:eb:
5d:10:89:f6:92:8f:0f:aa:1c:97:bf:3b:3a:e8:bc:cc:32:2d:
1d:08:b7:17:ea:ab:91:5e:bb:09:4f:0b:a1:fb:ea:a2:24:49:
9e:43:8f:66:12:59:07:d8:8c:4a:2e:a6:ee:31:d5:9a:3c:0b:
8e:37:41:7c:40:23:32:41:68:61:cd:02:a1:32:99:58:49:8c:
1a:9a:bc:5c:d6:e4:7b:44:e2:b3:e3:4a:35:0d:fe:42:e1:11:
65:bb:b9:89:b5:ec:c4:23:d8:87:37:fd:09:ed:8a:91:aa:f8:
60:3e:dd:aa:58:00:34:7c:94:29:02:14:f0:9d:40:da:2d:65:
0f:41:c8:01:40:bd:71:1f:a8:b3:e4:f6:64:9f:1b:85:d3:56:
a6:fa:b7:45:d9:e8:b2:7e:26:36:1e:0b:c9:b4:7f:98:e2:1f:
67:e5:0a:a8:34:d1:65:5d:b7:59:3b:93:8d:ba:49:3e:71:39:
9c:10:21:d9:68:da:df:c8:b4:3a:df:e8:cb:6d:43:bc:8d:7b:
fc:b8:e4:ea:e6:b5:4b:0b:8b:41:be:17:6f:27:95:e9:c5:c8:
c6:1b:4c:7e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNM4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjky
MzUyMDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEIxN0ExODQ3OEFERDQ1
M0RGM0E0QUUwMUM0NTQ4RkNDM0QxQkE0QjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCbevsoVhSXrNVlkjdQLKSTBh9+NPZyVq9VTWfXQSEX0dhTDN27
PqTY0fGzoC6Cq1/zpex73jVMTIyJAn3Q0w7oJ/QnVUcpHsUQvDm9JiqY9L8uXwkc
kDO/uS9WI2+WOcVyubRUJbKS2Ut9sEoYwrl0g3PfHOiwMU4Tt5kAC8N0KFNAXNFv
B1NhfN2BcYTZSxlPxvOyVCUi74FS34G9l4gNkXj10Svq+WfXgjr2/0dcdb4b2ZQZ
U0QQ17LEqlloYNtY2BMOqRbMfi0M7LqUNp5VU4bzhm5xQmQkk6Yqn322rAAi1jWR
qKJTrorZ6wpWFeB7FWfTobkAkdPR5rBlWu2DAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUsXoYR4rdRT3zpK4BxFSPzD0bpLQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NYb1lSNHJkUlQzenBL
NEJ4RlNQekQwYnBMUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAcyMF9XeM7Ee9LCp3+f2beJo3Lnq0zwGs
adIQPb0bjFLIvZHrXRCJ9pKPD6ocl787Oui8zDItHQi3F+qrkV67CU8LofvqoiRJ
nkOPZhJZB9iMSi6m7jHVmjwLjjdBfEAjMkFoYc0CoTKZWEmMGpq8XNbke0Tis+NK
NQ3+QuERZbu5ibXsxCPYhzf9Ce2Kkar4YD7dqlgANHyUKQIU8J1A2i1lD0HIAUC9
cR+os+T2ZJ8bhdNWpvq3Rdnosn4mNh4LybR/mOIfZ+UKqDTRZV23WTuTjbpJPnE5
nBAh2Wja38i0Ot/oy21DvI17/Ljk6ua1SwuLQb4XbyeV6cXIxhtMfg==
-----END CERTIFICATE-----
Generated at Mon Apr 14 14:56:12 2025 by rpki-client