Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/6FTcXMRJ0oawb-8JvItzd5S4Pw4.roa
File: 6FTcXMRJ0oawb-8JvItzd5S4Pw4.roa (raw, json)
Hash identifier: 0f54k5azOn3CaNjA/uPMavmZlbv0crvJa4rn+8nys6U=
Subject key identifier: E8:54:DC:5C:C4:49:D2:86:B0:6F:EF:09:BC:8B:73:77:94:B8:3F:0E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3CC2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6FTcXMRJ0oawb-8JvItzd5S4Pw4.roa
Signing time: Tue 09 Apr 2024 14:23:04 +0000
ROA not before: Tue 09 Apr 2024 14:23:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15554 (0x3cc2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 14:23:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E854DC5CC449D286B06FEF09BC8B737794B83F0E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:8a:db:ac:2e:23:b6:bc:45:5b:97:33:db:58:
71:16:e5:6f:3d:65:6c:a0:8e:6d:6c:af:8c:b4:89:
78:90:76:74:92:25:c8:25:36:ed:89:9d:6d:46:98:
ce:0d:70:dc:dc:d3:53:c7:fe:cd:f8:1b:21:6d:7c:
df:ce:52:9d:fa:53:d8:47:46:a8:15:b6:62:db:d9:
6f:94:03:9e:df:cb:ea:2b:89:0d:3c:b7:a4:a5:bc:
75:9f:00:18:85:c4:04:08:09:d5:03:be:34:19:fc:
2b:54:f2:83:65:2f:1e:a5:7b:f6:e8:fe:f7:e7:f6:
91:d3:d8:08:04:89:63:38:ae:25:e9:87:5a:35:df:
24:e0:88:2c:7d:04:67:d0:30:b4:82:88:b5:6f:80:
71:4d:e3:3d:e6:70:39:9b:6c:c9:02:e1:ca:7e:5b:
d4:80:40:76:2f:db:34:45:4b:e4:93:19:14:7f:b6:
de:1e:6d:58:95:56:10:e1:c3:11:00:b9:d4:fa:7d:
e4:74:fe:26:1f:8f:b3:7e:4b:cb:3f:4a:e9:56:8a:
07:6b:83:23:d2:8b:2c:da:00:d0:a4:20:ab:1e:57:
b0:04:43:7d:77:92:93:be:3b:f7:a4:48:1a:7d:a5:
c3:f1:64:41:93:a4:ab:e8:9f:97:18:01:75:42:90:
b6:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:54:DC:5C:C4:49:D2:86:B0:6F:EF:09:BC:8B:73:77:94:B8:3F:0E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6FTcXMRJ0oawb-8JvItzd5S4Pw4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5b:19:d6:60:7b:30:a7:0b:54:d5:dd:2e:84:9f:6f:2b:d3:af:
57:57:ae:d5:3f:82:17:de:05:eb:e8:98:fa:5e:29:b4:dc:9c:
6a:5f:0c:04:e9:e6:c3:bf:e8:3a:f4:de:c1:4e:c9:7d:4d:b3:
2c:22:0b:1b:61:4f:ae:21:df:c1:f3:d6:01:c0:f5:23:75:35:
23:7f:7e:43:d0:5e:ac:5b:8b:ea:73:69:e6:4b:e5:de:7a:aa:
5f:ef:56:77:6e:48:3c:49:bd:6d:99:93:e9:51:e5:05:9a:4c:
c6:65:f9:eb:27:7a:79:77:c0:3e:14:b6:ba:5b:41:d4:02:c0:
5c:4a:32:62:53:8d:9a:a2:33:fb:c7:c3:a0:72:45:e3:c9:08:
1a:92:30:36:cd:97:32:e0:b9:a9:79:8c:cc:2d:3b:d4:6e:42:
5c:b4:f9:9b:26:3a:54:77:9d:d7:2a:00:80:49:56:06:c4:9e:
7d:b6:63:54:87:8b:e9:1b:92:14:1e:2d:e2:57:de:a2:ec:8f:
88:43:15:e8:24:0a:57:c2:12:ba:07:ec:06:06:bc:5c:bb:66:
36:a1:d0:28:87:2a:0d:f9:bf:5b:2d:50:d0:83:2f:00:ea:4a:
2b:1e:a0:8b:14:78:08:65:20:10:85:c3:21:81:15:70:d5:54:
14:25:61:aa
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPMIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkx
NDIzMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU4NTREQzVDQzQ0OUQy
ODZCMDZGRUYwOUJDOEI3Mzc3OTRCODNGMEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2itusLiO2vEVblzPbWHEW5W89ZWygjm1sr4y0iXiQdnSSJcgl
Nu2JnW1GmM4NcNzc01PH/s34GyFtfN/OUp36U9hHRqgVtmLb2W+UA57fy+oriQ08
t6SlvHWfABiFxAQICdUDvjQZ/CtU8oNlLx6le/bo/vfn9pHT2AgEiWM4riXph1o1
3yTgiCx9BGfQMLSCiLVvgHFN4z3mcDmbbMkC4cp+W9SAQHYv2zRFS+STGRR/tt4e
bViVVhDhwxEAudT6feR0/iYfj7N+S8s/SulWigdrgyPSiyzaANCkIKseV7AEQ313
kpO+O/ekSBp9pcPxZEGTpKvon5cYAXVCkLYnAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU6FTcXMRJ0oawb+8JvItzd5S4Pw4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzZGVGNYTVJKMG9hd2It
OEp2SXR6ZDVTNFB3NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAWxnWYHswpwtU1d0uhJ9vK9OvV1eu1T+C
F94F6+iY+l4ptNycal8MBOnmw7/oOvTewU7JfU2zLCILG2FPriHfwfPWAcD1I3U1
I39+Q9BerFuL6nNp5kvl3nqqX+9Wd25IPEm9bZmT6VHlBZpMxmX56yd6eXfAPhS2
ultB1ALAXEoyYlONmqIz+8fDoHJF48kIGpIwNs2XMuC5qXmMzC071G5CXLT5myY6
VHed1yoAgElWBsSefbZjVIeL6RuSFB4t4lfeouyPiEMV6CQKV8ISugfsBga8XLtm
NqHQKIcqDfm/Wy1Q0IMvAOpKKx6gixR4CGUgEIXDIYEVcNVUFCVhqg==
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:38:59 2025 by rpki-client