Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1akZmbIhwM5tAUCF3H8Vihz5u_w.roa
File: 1akZmbIhwM5tAUCF3H8Vihz5u_w.roa (raw, json)
Hash identifier: vauKJdHAkAW+6Qu8i0a2kTUQHYWX3op1EPUgYPkh9Zo=
Subject key identifier: D5:A9:19:99:B2:21:C0:CE:6D:01:40:85:DC:7F:15:8A:1C:F9:BB:FC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3406
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1akZmbIhwM5tAUCF3H8Vihz5u_w.roa
Signing time: Thu 28 Mar 2024 22:52:04 +0000
ROA not before: Thu 28 Mar 2024 22:52:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13318 (0x3406)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 22:52:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D5A91999B221C0CE6D014085DC7F158A1CF9BBFC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:22:a7:47:9c:7d:40:56:cf:af:f8:ce:61:78:
7c:8a:c7:8b:94:8f:32:34:89:f6:fb:49:6c:18:1b:
bf:0b:9f:6b:29:f2:dc:ae:82:7d:7e:ba:f7:78:15:
72:b0:b4:c2:11:8f:a5:cc:df:75:d7:d0:5f:0e:72:
63:af:e3:48:b0:72:28:8b:25:a3:05:1e:9d:54:81:
c0:09:be:e7:48:50:50:ae:29:eb:7e:88:d2:3f:88:
70:4f:5b:73:49:e5:8c:38:24:e6:4f:b6:c9:f5:b8:
fb:ee:31:3a:37:f4:0f:13:6a:71:a8:a5:55:2c:8e:
6d:1a:8e:c2:ba:9c:e7:8b:0f:9e:d7:0e:40:9e:f3:
94:d6:9d:31:63:e0:88:38:20:63:00:cf:03:36:2a:
c7:3a:f7:bd:0b:c7:41:83:15:a9:c1:60:ba:a4:f5:
9b:8c:00:f8:41:f1:2a:65:a8:3e:07:81:a1:fb:e3:
5b:50:89:a3:45:60:84:43:77:48:04:d7:d8:be:f7:
69:37:60:4c:64:e1:b9:0c:e8:6d:9d:ef:c8:e5:57:
bd:29:70:4b:18:f9:cc:cd:30:7b:e6:37:7d:28:70:
b9:ee:f0:e6:ee:19:f1:fc:45:95:2e:6d:44:a1:65:
17:9f:13:ba:eb:64:cf:31:0a:d3:58:35:d2:d9:30:
80:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:A9:19:99:B2:21:C0:CE:6D:01:40:85:DC:7F:15:8A:1C:F9:BB:FC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1akZmbIhwM5tAUCF3H8Vihz5u_w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ac:f9:08:dd:6e:06:3e:4f:ab:bf:f2:23:25:1c:7f:7a:91:e0:
51:20:b5:4f:57:6e:cd:25:3f:93:11:33:da:ad:f4:e2:6c:c7:
21:7b:57:6b:00:8b:40:50:61:d5:0f:3f:bc:ee:42:cb:91:bf:
71:9a:bc:e8:ae:b1:d2:b8:02:bc:c2:7c:4d:67:19:87:70:09:
4c:a1:e8:53:ec:a9:d4:69:83:3e:a2:3e:e6:c1:86:43:43:c8:
e8:d3:7a:d8:0d:78:a7:64:c4:57:9b:50:6f:3c:67:54:fb:b9:
51:6d:fe:c9:5f:a4:05:cb:ab:93:73:64:3f:3b:72:de:cb:34:
c5:49:e1:c5:9d:70:95:e8:2c:e2:c1:e3:12:e7:c4:04:d4:b5:
85:09:23:8f:a1:03:f9:2f:21:20:db:22:f4:0a:a5:27:e3:4d:
c3:26:12:77:b7:73:a9:ca:35:c1:fe:16:5e:bb:9d:b2:42:32:
c5:39:9b:d7:bb:c5:43:4d:82:bf:04:7f:87:59:48:23:f4:3c:
4e:1c:e0:a5:36:d8:29:aa:69:49:b6:86:7d:a8:a7:38:22:91:
2e:b1:b2:e3:95:50:86:46:08:48:30:f7:69:5c:ce:ff:9a:da:
70:4f:8a:52:0a:11:64:4d:29:95:ce:3d:e6:c3:67:d3:1a:db:
ab:58:f0:76
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNAYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgy
MjUyMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ1QTkxOTk5QjIyMUMw
Q0U2RDAxNDA4NURDN0YxNThBMUNGOUJCRkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIIqdHnH1AVs+v+M5heHyKx4uUjzI0ifb7SWwYG78Ln2sp8tyu
gn1+uvd4FXKwtMIRj6XM33XX0F8OcmOv40iwciiLJaMFHp1UgcAJvudIUFCuKet+
iNI/iHBPW3NJ5Yw4JOZPtsn1uPvuMTo39A8TanGopVUsjm0ajsK6nOeLD57XDkCe
85TWnTFj4Ig4IGMAzwM2Ksc6970Lx0GDFanBYLqk9ZuMAPhB8SplqD4HgaH741tQ
iaNFYIRDd0gE19i+92k3YExk4bkM6G2d78jlV70pcEsY+czNMHvmN30ocLnu8Obu
GfH8RZUubUShZRefE7rrZM8xCtNYNdLZMICJAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU1akZmbIhwM5tAUCF3H8Vihz5u/wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFha1ptYklod001dEFV
Q0YzSDhWaWh6NXVfdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEArPkI3W4GPk+rv/IjJRx/epHgUSC1T1du
zSU/kxEz2q304mzHIXtXawCLQFBh1Q8/vO5Cy5G/cZq86K6x0rgCvMJ8TWcZh3AJ
TKHoU+yp1GmDPqI+5sGGQ0PI6NN62A14p2TEV5tQbzxnVPu5UW3+yV+kBcurk3Nk
Pzty3ss0xUnhxZ1wlegs4sHjEufEBNS1hQkjj6ED+S8hINsi9AqlJ+NNwyYSd7dz
qco1wf4WXrudskIyxTmb17vFQ02CvwR/h1lII/Q8ThzgpTbYKappSbaGfainOCKR
LrGy45VQhkYISDD3aVzO/5racE+KUgoRZE0plc495sNn0xrbq1jwdg==
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:21:05 2025 by rpki-client