Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/z0Dm0HyIDqgqYsm3_GRw6Z-4lNU.roa
File: z0Dm0HyIDqgqYsm3_GRw6Z-4lNU.roa (raw, json)
Hash identifier: EHeMivEJU9qkw6T9GQ98wrmYVgOuFYhOdT5xD9lb/9s=
Subject key identifier: CF:40:E6:D0:7C:88:0E:A8:2A:62:C9:B7:FC:64:70:E9:9F:B8:94:D5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5422
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/z0Dm0HyIDqgqYsm3_GRw6Z-4lNU.roa
Signing time: Fri 10 May 2024 18:24:02 +0000
ROA not before: Fri 10 May 2024 18:24:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21538 (0x5422)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 18:24:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=CF40E6D07C880EA82A62C9B7FC6470E99FB894D5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:d6:ee:7a:50:2c:1d:28:24:ea:ee:09:f3:7b:
0d:fa:23:76:af:05:61:af:84:5a:43:64:6e:04:c9:
6a:be:c9:54:d6:55:f0:e1:b8:6c:0d:f6:5c:06:07:
ab:87:ef:48:a5:80:68:04:db:3c:04:1c:a0:9c:96:
c0:cb:db:e4:a4:6a:da:68:65:23:54:0c:6d:90:e0:
9b:cf:ec:bb:f9:b6:76:9d:84:f1:66:a3:51:d6:f4:
5d:96:8c:47:d7:ab:c5:2f:91:b1:fe:10:79:aa:5a:
2b:50:58:1b:f9:d7:d0:1d:53:39:89:34:79:2e:18:
dd:83:e4:de:66:d4:d6:24:63:eb:0c:e9:68:fb:dc:
e7:e7:f9:c4:dd:50:49:a7:a6:90:5b:38:82:f8:67:
16:26:09:aa:df:31:ec:11:fe:44:45:b3:bd:4a:92:
f6:c3:6b:be:05:48:40:69:c4:cc:c1:5c:45:10:b6:
ba:0b:c9:8c:b5:50:49:a1:2a:15:97:3d:e5:03:94:
e0:20:8c:b3:b9:28:ce:ae:a8:11:91:6c:de:59:19:
2a:2e:46:1a:c9:44:0d:5b:fe:d7:25:47:2d:58:fc:
52:e6:fd:63:d6:c2:a6:71:f6:f7:1c:c7:48:a1:63:
23:47:43:c6:4d:c3:9e:6e:0f:8b:da:8a:32:08:7f:
88:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:40:E6:D0:7C:88:0E:A8:2A:62:C9:B7:FC:64:70:E9:9F:B8:94:D5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/z0Dm0HyIDqgqYsm3_GRw6Z-4lNU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
32:b1:d1:c7:60:41:48:84:14:3e:c9:e6:65:a8:1d:e1:d3:35:
89:e1:14:38:47:12:30:d6:e2:e4:46:7a:38:a8:b0:e0:22:ba:
f6:b9:d8:0a:2c:5c:b8:c3:6a:12:48:9d:99:e0:cd:9e:ab:c9:
ed:e2:74:4b:58:c0:b8:d6:62:cd:4e:12:63:6c:4c:5d:23:a3:
e0:9f:ad:41:ae:a8:d3:bf:23:6d:88:f6:50:53:58:32:0e:d9:
ba:e4:a5:59:e5:f4:3e:e4:15:80:21:c6:26:fa:95:49:e2:8c:
51:a1:64:2a:e5:e9:30:a3:2e:74:e6:f2:5f:e4:6a:92:74:da:
48:ac:cf:1c:8a:1e:8e:17:2d:70:8e:95:44:ce:b5:a6:1d:07:
38:f7:55:4a:bc:ce:6a:ca:7b:ee:22:7f:41:ea:32:39:ac:49:
c9:a5:73:46:71:97:2a:65:19:be:c5:c1:66:ca:a7:43:b8:68:
71:9e:66:93:b4:d4:c0:8b:9a:d7:a7:24:b5:75:c9:a9:7f:e2:
b0:97:6c:49:a6:d6:03:9d:34:b0:e5:44:dd:5b:26:1e:ef:8c:
53:98:31:64:fc:f0:c6:12:90:20:c8:19:d0:50:f8:e6:f3:24:
93:66:dc:e2:f7:53:b0:5f:e8:30:2c:7d:e4:3e:0e:88:7f:a4:
2b:5c:82:c2
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVCIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAx
ODI0MDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKENGNDBFNkQwN0M4ODBF
QTgyQTYyQzlCN0ZDNjQ3MEU5OUZCODk0RDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCW1u56UCwdKCTq7gnzew36I3avBWGvhFpDZG4EyWq+yVTWVfDh
uGwN9lwGB6uH70ilgGgE2zwEHKCclsDL2+SkatpoZSNUDG2Q4JvP7Lv5tnadhPFm
o1HW9F2WjEfXq8UvkbH+EHmqWitQWBv519AdUzmJNHkuGN2D5N5m1NYkY+sM6Wj7
3Ofn+cTdUEmnppBbOIL4ZxYmCarfMewR/kRFs71KkvbDa74FSEBpxMzBXEUQtroL
yYy1UEmhKhWXPeUDlOAgjLO5KM6uqBGRbN5ZGSouRhrJRA1b/tclRy1Y/FLm/WPW
wqZx9vccx0ihYyNHQ8ZNw55uD4vaijIIf4j1AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUz0Dm0HyIDqgqYsm3/GRw6Z+4lNUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3owRG0wSHlJRHFncVlz
bTNfR1J3NlotNGxOVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAMrHRx2BBSIQUPsnmZagd4dM1ieEUOEcS
MNbi5EZ6OKiw4CK69rnYCixcuMNqEkidmeDNnqvJ7eJ0S1jAuNZizU4SY2xMXSOj
4J+tQa6o078jbYj2UFNYMg7ZuuSlWeX0PuQVgCHGJvqVSeKMUaFkKuXpMKMudOby
X+RqknTaSKzPHIoejhctcI6VRM61ph0HOPdVSrzOasp77iJ/QeoyOaxJyaVzRnGX
KmUZvsXBZsqnQ7hocZ5mk7TUwIua16cktXXJqX/isJdsSabWA500sOVE3VsmHu+M
U5gxZPzwxhKQIMgZ0FD45vMkk2bc4vdTsF/oMCx95D4OiH+kK1yCwg==
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:55:30 2025 by rpki-client