Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/6FX451zLv6Ahpa_93UPlDdC1s3o.roa
File: 6FX451zLv6Ahpa_93UPlDdC1s3o.roa (raw, json)
Hash identifier: 8UpecwCoTCnYH3Fvc9apN8GESp4rPVp5Db2nisePW2g=
Subject key identifier: E8:55:F8:E7:5C:CB:BF:A0:21:A5:AF:FD:DD:43:E5:0D:D0:B5:B3:7A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42FE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6FX451zLv6Ahpa_93UPlDdC1s3o.roa
Signing time: Wed 17 Apr 2024 21:53:00 +0000
ROA not before: Wed 17 Apr 2024 21:53:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17150 (0x42fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 21:53:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E855F8E75CCBBFA021A5AFFDDD43E50DD0B5B37A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:64:be:6a:80:70:2e:8a:92:b3:55:ef:48:e8:
5f:6d:b0:ba:e3:5d:6c:8f:c0:47:e4:52:e5:24:c1:
bc:3c:9a:34:a1:e8:c2:9a:a6:9f:21:f7:b7:54:87:
ff:ba:dc:8f:97:e5:da:ea:2b:0a:23:9a:dd:c9:8c:
90:bd:dc:b9:6b:bc:12:0c:24:64:88:77:67:ef:90:
e0:38:c5:9b:59:84:f7:67:c3:b3:c5:7c:b0:ed:0d:
f6:eb:72:10:99:dc:43:8f:fa:79:f2:02:ed:87:88:
80:65:09:8f:b4:fd:4e:9b:d5:ac:2b:48:3b:4a:a6:
c0:84:07:d6:98:00:a0:88:cc:e0:1c:d9:1e:8e:a5:
a9:84:c6:5b:22:18:0a:5f:aa:5b:4a:1e:c6:89:f1:
a2:80:b7:ab:c8:72:d5:ff:55:27:62:6a:d9:98:f0:
c0:d4:34:b0:1e:8d:c2:aa:d1:4a:71:3f:95:20:c8:
4c:d7:47:08:52:b2:02:fa:fb:52:f9:d9:7a:56:c5:
28:7c:72:78:da:40:c0:76:80:30:10:b1:55:d0:e8:
e8:e4:a3:61:d2:b1:85:18:b7:d3:03:ee:0c:0b:4d:
0a:8c:aa:a0:c5:57:38:e0:ac:11:1e:c5:d7:57:89:
53:33:02:06:15:0c:c9:b0:39:dd:96:6c:c2:26:9f:
6e:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:55:F8:E7:5C:CB:BF:A0:21:A5:AF:FD:DD:43:E5:0D:D0:B5:B3:7A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6FX451zLv6Ahpa_93UPlDdC1s3o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2d:f0:b0:01:48:e8:fb:27:e9:f6:40:e3:2a:b3:23:ec:b2:20:
19:64:2f:95:32:c7:b1:b0:80:2e:d2:25:b5:2e:b7:20:a8:8f:
53:e0:c6:a8:0e:06:fd:2e:54:8f:43:02:b7:4a:01:16:14:a2:
9b:72:37:eb:83:c3:34:19:a1:d9:b7:2e:4d:d8:5c:84:db:0f:
2a:d6:52:d5:1d:55:c1:0d:eb:7a:7b:37:a8:28:dd:66:f6:a8:
88:0c:c9:19:4e:1f:42:67:c3:f0:04:97:42:ec:7c:3b:22:c7:
2b:49:0d:f7:78:a4:ea:b6:66:0e:c6:f2:c4:b1:8c:d2:d9:05:
e7:e2:19:12:c8:c2:ae:8e:ca:5f:80:2a:4d:10:db:99:4d:b9:
04:bb:3f:f5:31:ae:84:f1:6a:32:f9:dd:19:3b:cc:50:95:60:
bc:c7:f7:77:86:6a:62:96:c4:45:09:c0:79:65:54:c3:17:c1:
13:f6:69:87:b0:0a:99:e7:71:d8:d8:26:c3:e4:cb:36:5d:9d:
db:61:26:56:de:25:db:96:cb:92:5e:f2:5d:79:52:f3:c3:ef:
98:00:63:c7:3f:0f:84:77:f2:b3:c6:a8:11:9d:c9:08:b8:d9:
b0:54:5d:55:9b:1e:ad:96:c3:a3:85:e9:42:94:8e:4b:f6:59:
be:95:e0:96
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQv4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcy
MTUzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU4NTVGOEU3NUNDQkJG
QTAyMUE1QUZGRERENDNFNTBERDBCNUIzN0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEZL5qgHAuipKzVe9I6F9tsLrjXWyPwEfkUuUkwbw8mjSh6MKa
pp8h97dUh/+63I+X5drqKwojmt3JjJC93LlrvBIMJGSId2fvkOA4xZtZhPdnw7PF
fLDtDfbrchCZ3EOP+nnyAu2HiIBlCY+0/U6b1awrSDtKpsCEB9aYAKCIzOAc2R6O
pamExlsiGApfqltKHsaJ8aKAt6vIctX/VSdiatmY8MDUNLAejcKq0UpxP5UgyEzX
RwhSsgL6+1L52XpWxSh8cnjaQMB2gDAQsVXQ6Ojko2HSsYUYt9MD7gwLTQqMqqDF
VzjgrBEexddXiVMzAgYVDMmwOd2WbMImn24LAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU6FX451zLv6Ahpa/93UPlDdC1s3owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzZGWDQ1MXpMdjZBaHBh
XzkzVVBsRGRDMXMzby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEALfCwAUjo+yfp9kDjKrMj7LIgGWQvlTLH
sbCALtIltS63IKiPU+DGqA4G/S5Uj0MCt0oBFhSim3I364PDNBmh2bcuTdhchNsP
KtZS1R1VwQ3rens3qCjdZvaoiAzJGU4fQmfD8ASXQux8OyLHK0kN93ik6rZmDsby
xLGM0tkF5+IZEsjCro7KX4AqTRDbmU25BLs/9TGuhPFqMvndGTvMUJVgvMf3d4Zq
YpbERQnAeWVUwxfBE/Zph7AKmedx2Ngmw+TLNl2d22EmVt4l25bLkl7yXXlS88Pv
mABjxz8PhHfys8aoEZ3JCLjZsFRdVZserZbDo4XpQpSOS/ZZvpXglg==
-----END CERTIFICATE-----
Generated at Sun Jun 22 16:41:42 2025 by rpki-client