Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/9dFdjetFab0mmWbQukJQ0tA9SAA.roa
File: 9dFdjetFab0mmWbQukJQ0tA9SAA.roa (raw, json)
Hash identifier: ovftSh1Bs25FGE53xU37j3/9422oniwKHMYHuaPXx4s=
Subject key identifier: F5:D1:5D:8D:EB:45:69:BD:26:99:66:D0:BA:42:50:D2:D0:3D:48:00
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4CC6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9dFdjetFab0mmWbQukJQ0tA9SAA.roa
Signing time: Tue 30 Apr 2024 22:53:35 +0000
ROA not before: Tue 30 Apr 2024 22:53:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19654 (0x4cc6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 22:53:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F5D15D8DEB4569BD269966D0BA4250D2D03D4800
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:c4:e2:61:ba:39:fb:8d:82:47:25:0b:e2:54:
44:f1:86:97:ca:76:93:a9:48:e9:ac:38:32:1b:2f:
3b:04:e9:94:be:ba:0b:71:04:53:db:bf:29:3a:f5:
48:80:c3:52:cb:7b:64:6a:37:cf:fc:f7:4b:d4:36:
00:90:e5:d1:d0:98:e7:00:22:5c:3f:e0:26:c2:7a:
f7:b7:c8:dc:84:6f:ac:6a:7c:20:67:59:5f:5e:2a:
c0:87:79:8b:19:13:52:a2:1d:c3:4f:e5:71:89:5d:
31:37:18:29:61:90:25:87:e4:b7:5b:e6:bf:d0:23:
a0:53:6f:fb:be:b8:33:34:da:bc:32:f2:4e:bd:2c:
b7:a5:d2:f7:69:c2:b7:91:0d:68:2e:61:12:7c:e0:
a0:7d:31:6e:4b:78:12:e5:7a:12:2e:99:8e:f1:42:
74:ab:09:19:2d:b3:ff:28:b0:33:2b:be:26:31:ec:
dd:8d:3f:72:51:9d:a9:10:2e:51:05:5b:96:cf:1f:
14:35:b0:e0:49:d3:f5:5b:27:8a:d1:c0:ca:79:b7:
d0:86:15:58:d4:e6:18:1b:20:82:f0:06:2e:c9:c5:
70:8f:bb:4c:92:fc:07:32:8d:54:99:cb:b3:74:44:
e6:34:f1:ca:5a:74:3b:72:69:d3:8a:3a:d0:e8:00:
c2:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:D1:5D:8D:EB:45:69:BD:26:99:66:D0:BA:42:50:D2:D0:3D:48:00
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9dFdjetFab0mmWbQukJQ0tA9SAA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
01:24:87:79:03:ef:c3:dd:0e:94:2a:af:52:f6:8a:0d:91:68:
bd:de:fc:e8:9d:76:ca:15:34:ed:cf:83:fe:01:03:3b:de:23:
d3:96:da:c1:0f:ca:53:c4:a1:36:53:7d:e8:b0:11:60:fb:46:
a7:ed:42:3d:ce:5c:e6:12:01:82:3f:16:fa:0b:7f:a9:5f:43:
97:44:fb:92:82:4e:89:d9:d9:87:5f:25:68:ae:f5:73:d8:7f:
9a:0f:f0:0f:b5:20:6f:a7:c8:5d:6c:3b:6d:01:e1:e7:fe:f7:
df:23:67:b6:ba:ac:5b:ec:f5:27:cd:a1:ed:e0:aa:45:32:63:
ea:65:8b:89:35:69:02:f0:ae:9d:b5:e7:c1:d4:59:e2:c5:d5:
6e:77:b4:01:8b:d3:b8:03:b9:f7:88:33:c5:66:00:5e:03:7d:
c4:f1:4f:cc:d3:f4:b4:db:27:a0:e6:c1:16:bf:7d:09:28:4c:
95:f1:4a:4d:4d:7d:07:dd:e2:5c:56:df:49:70:9e:9b:b7:c9:
b1:37:10:17:97:0b:a9:a0:32:c8:ae:ed:92:95:e8:76:38:77:
56:3d:e6:fa:41:20:bc:d1:61:99:46:34:ba:c8:a0:f2:3c:e5:
08:10:bd:47:cf:e9:f7:f0:6e:b7:76:50:da:e0:25:55:3a:c6:
eb:2d:5c:cf
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTMYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAy
MjUzMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY1RDE1RDhERUI0NTY5
QkQyNjk5NjZEMEJBNDI1MEQyRDAzRDQ4MDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRxOJhujn7jYJHJQviVETxhpfKdpOpSOmsODIbLzsE6ZS+ugtx
BFPbvyk69UiAw1LLe2RqN8/890vUNgCQ5dHQmOcAIlw/4CbCeve3yNyEb6xqfCBn
WV9eKsCHeYsZE1KiHcNP5XGJXTE3GClhkCWH5Ldb5r/QI6BTb/u+uDM02rwy8k69
LLel0vdpwreRDWguYRJ84KB9MW5LeBLlehIumY7xQnSrCRkts/8osDMrviYx7N2N
P3JRnakQLlEFW5bPHxQ1sOBJ0/VbJ4rRwMp5t9CGFVjU5hgbIILwBi7JxXCPu0yS
/AcyjVSZy7N0ROY08cpadDtyadOKOtDoAMK/AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU9dFdjetFab0mmWbQukJQ0tA9SAAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzlkRmRqZXRGYWIwbW1X
YlF1a0pRMHRBOVNBQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAASSHeQPvw90OlCqvUvaKDZFovd786J12
yhU07c+D/gEDO94j05bawQ/KU8ShNlN96LARYPtGp+1CPc5c5hIBgj8W+gt/qV9D
l0T7koJOidnZh18laK71c9h/mg/wD7Ugb6fIXWw7bQHh5/733yNntrqsW+z1J82h
7eCqRTJj6mWLiTVpAvCunbXnwdRZ4sXVbne0AYvTuAO594gzxWYAXgN9xPFPzNP0
tNsnoObBFr99CShMlfFKTU19B93iXFbfSXCem7fJsTcQF5cLqaAyyK7tkpXodjh3
Vj3m+kEgvNFhmUY0usig8jzlCBC9R8/p9/But3ZQ2uAlVTrG6y1czw==
-----END CERTIFICATE-----
Generated at Sun Jun 22 09:23:22 2025 by rpki-client