Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/9msfSH8X4is44ZGryztTdp-Mw7s.roa
File: 9msfSH8X4is44ZGryztTdp-Mw7s.roa (raw, json)
Hash identifier: Bq4Y+zOCWBfDzFzq1TPDuHxpIbz+8g/1oM7OAcK+T8o=
Subject key identifier: F6:6B:1F:48:7F:17:E2:2B:38:E1:91:AB:CB:3B:53:76:9F:8C:C3:BB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C32
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9msfSH8X4is44ZGryztTdp-Mw7s.roa
Signing time: Tue 30 Apr 2024 04:23:52 +0000
ROA not before: Tue 30 Apr 2024 04:23:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19506 (0x4c32)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 04:23:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F66B1F487F17E22B38E191ABCB3B53769F8CC3BB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:c8:e3:ad:25:6d:55:64:1c:3b:26:cf:a2:0a:
09:73:72:33:d1:d0:55:e6:b3:60:7d:dd:45:1b:17:
31:a4:3b:0e:e2:6f:61:11:3b:31:95:0b:6a:63:17:
31:5c:e4:32:df:0d:d8:06:cb:ae:db:14:7d:a1:f1:
3c:ba:4b:5e:c4:46:3b:64:76:40:d7:8d:d0:d9:97:
11:da:da:7d:74:3e:2b:6b:cf:2d:c1:11:5a:9f:47:
93:59:9d:69:0f:03:5f:ef:28:1b:86:78:96:bf:04:
9f:a0:38:f1:c9:8b:93:66:cd:f9:d5:39:bc:a8:56:
e0:69:dd:12:4e:c4:3e:dd:cb:02:af:3a:bb:ec:91:
a0:00:f0:70:c3:8d:83:56:63:a4:eb:7d:66:27:f9:
87:22:71:72:cc:e6:b2:5d:70:6c:c4:4e:58:92:c4:
a0:89:83:e8:f6:c0:d7:25:15:4f:7a:d9:ee:23:4a:
b0:f0:13:87:3c:6e:13:6b:9d:2e:42:42:a0:ee:7d:
c3:66:c8:1a:3b:72:a5:e2:31:e5:c1:61:5a:37:db:
ca:24:8a:88:d6:6b:9b:0d:6a:8e:c6:f3:e1:81:c2:
60:c6:6e:6a:e4:97:d9:1d:cd:2d:80:bb:99:7f:9b:
50:e3:e3:92:a9:7a:9d:e9:50:a9:c3:60:85:09:1b:
f5:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:6B:1F:48:7F:17:E2:2B:38:E1:91:AB:CB:3B:53:76:9F:8C:C3:BB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9msfSH8X4is44ZGryztTdp-Mw7s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8d:8a:ca:39:5d:7c:c2:f7:80:65:92:45:fa:1d:f7:f1:f8:00:
ed:8b:a1:4a:83:47:a0:33:61:97:5a:d4:e9:ec:b6:c7:41:f7:
24:cd:05:11:62:e0:4d:c0:16:20:d3:70:57:b3:e1:c2:3c:fe:
d5:24:0c:6c:7d:bc:e0:e2:3b:e6:cc:c7:28:9e:04:2e:fd:1c:
bf:2d:53:63:f0:be:c6:ab:99:8a:d6:d0:14:37:2f:a6:d1:99:
57:14:d5:52:56:cf:37:d2:45:b8:fe:1a:c5:0f:ab:dd:c2:ba:
54:46:6d:09:51:d0:50:92:86:e7:da:9e:09:21:05:89:01:7f:
e5:eb:a5:c0:33:42:be:23:5b:ad:b5:b3:69:15:79:5a:6b:bf:
1c:48:bb:87:b5:8f:1c:2c:a5:3b:c1:eb:b9:37:7e:14:a8:1b:
54:cc:74:ae:21:7c:e2:13:c6:00:22:79:4a:d7:75:65:83:25:
ec:3c:b4:d8:ca:57:05:a4:bd:25:5a:5a:aa:fa:77:b4:ad:25:
b4:89:20:79:b3:9e:93:cb:94:34:e2:b3:6e:59:96:07:d6:c6:
d4:90:1c:34:f3:d8:6f:4b:6d:92:96:22:68:a8:20:79:ae:1d:
7e:9d:c5:f2:d2:de:16:84:c4:6c:16:71:65:a0:a2:57:fb:b9:
11:20:69:c4
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTDIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAw
NDIzNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY2NkIxRjQ4N0YxN0Uy
MkIzOEUxOTFBQkNCM0I1Mzc2OUY4Q0MzQkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfyOOtJW1VZBw7Js+iCglzcjPR0FXms2B93UUbFzGkOw7ib2ER
OzGVC2pjFzFc5DLfDdgGy67bFH2h8Ty6S17ERjtkdkDXjdDZlxHa2n10Pitrzy3B
EVqfR5NZnWkPA1/vKBuGeJa/BJ+gOPHJi5NmzfnVObyoVuBp3RJOxD7dywKvOrvs
kaAA8HDDjYNWY6TrfWYn+YcicXLM5rJdcGzETliSxKCJg+j2wNclFU962e4jSrDw
E4c8bhNrnS5CQqDufcNmyBo7cqXiMeXBYVo328okiojWa5sNao7G8+GBwmDGbmrk
l9kdzS2Au5l/m1Dj45Kpep3pUKnDYIUJG/XhAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU9msfSH8X4is44ZGryztTdp+Mw7swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Lzltc2ZTSDhYNGlzNDRa
R3J5enRUZHAtTXc3cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAjYrKOV18wveAZZJF+h338fgA7YuhSoNH
oDNhl1rU6ey2x0H3JM0FEWLgTcAWINNwV7Phwjz+1SQMbH284OI75szHKJ4ELv0c
vy1TY/C+xquZitbQFDcvptGZVxTVUlbPN9JFuP4axQ+r3cK6VEZtCVHQUJKG59qe
CSEFiQF/5eulwDNCviNbrbWzaRV5Wmu/HEi7h7WPHCylO8HruTd+FKgbVMx0riF8
4hPGACJ5Std1ZYMl7Dy02MpXBaS9JVpaqvp3tK0ltIkgebOek8uUNOKzblmWB9bG
1JAcNPPYb0ttkpYiaKggea4dfp3F8tLeFoTEbBZxZaCiV/u5ESBpxA==
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:55:51 2025 by rpki-client