Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/9aR7yi7XBn8TSFu0iDyQkCL6cZk.roa
File: 9aR7yi7XBn8TSFu0iDyQkCL6cZk.roa (raw, json)
Hash identifier: K/cCoFBIu1MMspgoRqAA+Ve6gNT4bHPxG7UZvc5qwK4=
Subject key identifier: F5:A4:7B:CA:2E:D7:06:7F:13:48:5B:B4:88:3C:90:90:22:FA:71:99
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B3A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9aR7yi7XBn8TSFu0iDyQkCL6cZk.roa
Signing time: Sun 07 Apr 2024 13:22:30 +0000
ROA not before: Sun 07 Apr 2024 13:22:30 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15162 (0x3b3a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 13:22:30 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F5A47BCA2ED7067F13485BB4883C909022FA7199
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:b1:e6:84:27:44:b7:d6:5f:7b:bc:47:d5:06:
e6:78:0b:5c:f5:86:d7:ba:3a:66:43:e2:95:6a:ab:
c4:70:ac:07:28:4c:38:de:28:ba:dc:63:bf:87:a2:
e3:e8:4e:cc:c3:cd:e7:d1:5a:06:22:00:99:90:2c:
f4:80:19:53:56:94:e1:06:53:e1:e5:18:d1:2c:4e:
74:e0:35:89:77:23:50:77:a1:55:43:22:f0:bc:c0:
a5:8f:a3:88:b2:f0:0a:58:6f:01:f1:d2:0b:ad:00:
f0:c4:05:2f:fb:bd:05:e8:08:93:44:e9:d0:19:49:
51:71:e5:9a:c1:ef:01:59:85:1a:bc:7f:13:44:0b:
97:c4:54:ca:13:fa:50:0b:c4:ef:41:e6:89:e4:30:
ff:89:0c:19:55:c7:6f:28:84:3c:47:95:62:c7:c5:
f8:9b:7b:a7:9e:40:12:70:17:dd:83:bd:47:67:bc:
d0:d3:7a:10:98:ed:e5:59:ef:47:6b:e3:6f:bc:ad:
07:35:a2:25:55:6d:f8:a1:78:25:0a:bf:e7:8a:a9:
fd:b7:f4:01:9b:66:aa:60:eb:0a:4b:e3:e0:fb:09:
53:b3:96:71:ca:52:f6:6b:96:c1:46:12:23:8b:6d:
a8:ca:b0:ae:41:51:60:5d:61:79:23:35:1c:ac:6b:
8a:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:A4:7B:CA:2E:D7:06:7F:13:48:5B:B4:88:3C:90:90:22:FA:71:99
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9aR7yi7XBn8TSFu0iDyQkCL6cZk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
aa:a9:8a:0c:43:3d:80:6e:d4:a1:37:88:8a:d1:f8:ec:d7:02:
ab:90:0d:80:06:5b:89:98:32:6e:b5:8e:eb:c2:b0:b8:15:d0:
3c:39:c0:be:31:14:2e:ea:52:a4:66:c0:92:c5:e9:a0:1c:93:
84:05:54:a3:ba:c3:5c:7c:9c:15:52:04:5e:f1:77:09:a1:4c:
7c:c1:83:08:92:fe:58:31:e7:03:e6:49:d0:ab:d6:86:61:be:
f7:52:56:4b:f8:a9:8b:e9:e0:ba:e2:b8:85:09:7d:95:1f:63:
44:41:aa:e9:96:fd:ae:dc:60:9c:b9:5a:22:b2:dd:1e:e2:7c:
40:17:f7:0d:11:8d:0d:d4:5c:0f:47:f7:e9:c9:dc:05:10:7f:
a6:85:8e:57:b8:e1:fc:c0:6d:eb:40:b9:ba:b6:62:cc:9c:95:
65:7d:32:40:5c:0a:2a:14:3c:7f:b3:93:57:7a:e9:a3:0b:1a:
06:7a:2e:46:67:bc:77:a2:a6:c6:84:c1:60:73:73:c3:65:c2:
c7:90:92:01:f8:5b:16:19:24:7d:81:88:43:2e:2e:c8:4b:0b:
91:5d:b1:91:62:75:21:64:03:f3:fa:d9:e1:89:fc:90:32:e5:
f5:f2:29:34:41:60:2d:1f:e4:0f:a0:3b:6c:70:17:69:50:c1:
45:f3:55:a2
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICOzowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcx
MzIyMzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY1QTQ3QkNBMkVENzA2
N0YxMzQ4NUJCNDg4M0M5MDkwMjJGQTcxOTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCyseaEJ0S31l97vEfVBuZ4C1z1hte6OmZD4pVqq8RwrAcoTDje
KLrcY7+HouPoTszDzefRWgYiAJmQLPSAGVNWlOEGU+HlGNEsTnTgNYl3I1B3oVVD
IvC8wKWPo4iy8ApYbwHx0gutAPDEBS/7vQXoCJNE6dAZSVFx5ZrB7wFZhRq8fxNE
C5fEVMoT+lALxO9B5onkMP+JDBlVx28ohDxHlWLHxfibe6eeQBJwF92DvUdnvNDT
ehCY7eVZ70dr42+8rQc1oiVVbfiheCUKv+eKqf239AGbZqpg6wpL4+D7CVOzlnHK
UvZrlsFGEiOLbajKsK5BUWBdYXkjNRysa4r5AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU9aR7yi7XBn8TSFu0iDyQkCL6cZkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzlhUjd5aTdYQm44VFNG
dTBpRHlRa0NMNmNaay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAqqmKDEM9gG7UoTeIitH47NcCq5ANgAZb
iZgybrWO68KwuBXQPDnAvjEULupSpGbAksXpoByThAVUo7rDXHycFVIEXvF3CaFM
fMGDCJL+WDHnA+ZJ0KvWhmG+91JWS/ipi+nguuK4hQl9lR9jREGq6Zb9rtxgnLla
IrLdHuJ8QBf3DRGNDdRcD0f36cncBRB/poWOV7jh/MBt60C5urZizJyVZX0yQFwK
KhQ8f7OTV3rpowsaBnouRme8d6KmxoTBYHNzw2XCx5CSAfhbFhkkfYGIQy4uyEsL
kV2xkWJ1IWQD8/rZ4Yn8kDLl9fIpNEFgLR/kD6A7bHAXaVDBRfNVog==
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:52:59 2025 by rpki-client