Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AObqZ9d_t1mQGEL-HyQwYFY5x9M.roa
File: AObqZ9d_t1mQGEL-HyQwYFY5x9M.roa (raw, json)
Hash identifier: 6bvyfmsDC1RYxXTSlS+1wb5XPXijsJb2GViusraW4zU=
Subject key identifier: 00:E6:EA:67:D7:7F:B7:59:90:18:42:FE:1F:24:30:60:56:39:C7:D3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 440A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AObqZ9d_t1mQGEL-HyQwYFY5x9M.roa
Signing time: Fri 19 Apr 2024 07:23:00 +0000
ROA not before: Fri 19 Apr 2024 07:23:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17418 (0x440a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 07:23:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=00E6EA67D77FB759901842FE1F2430605639C7D3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:97:60:a7:af:30:1b:e7:33:37:12:64:9f:f6:
c2:77:9d:c4:da:51:6a:26:c0:ef:1c:92:71:b0:69:
22:aa:41:49:73:65:15:4c:5b:46:c4:47:4b:f9:93:
c8:6b:8f:a5:88:89:47:4a:47:df:d1:5f:17:99:17:
de:a7:ed:0d:06:c6:39:c0:8c:9f:9c:3f:22:e9:97:
48:fa:b3:51:32:cb:5c:b2:bf:ef:2f:b6:15:b3:17:
bd:23:84:af:1d:ff:d5:13:11:13:38:27:fc:0f:4f:
2e:a8:7e:46:f2:45:1c:91:3a:05:50:96:b4:6f:5a:
c6:e5:8d:59:f7:ed:38:00:36:40:eb:06:11:bd:a7:
38:68:f3:b9:ab:f5:54:d6:d2:e4:01:c1:02:39:36:
fc:c9:b3:1e:f7:e4:74:7c:b4:04:06:75:c8:5d:74:
4a:b9:4c:96:86:31:8f:9a:b1:b3:6f:88:21:cf:ac:
ef:a3:c0:4c:1f:b1:d1:34:f1:09:09:b7:1a:d6:00:
a1:b8:5c:d6:fb:d9:b5:be:ce:d9:d4:dc:13:65:d7:
c3:07:9b:3d:f0:79:0f:14:4b:9b:e0:d6:b3:c4:8d:
e9:37:b9:99:a2:47:a6:9b:1b:1e:32:22:c4:4f:c8:
3c:be:06:eb:d2:0c:8b:00:5e:a9:6b:1d:e3:7f:05:
15:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:E6:EA:67:D7:7F:B7:59:90:18:42:FE:1F:24:30:60:56:39:C7:D3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AObqZ9d_t1mQGEL-HyQwYFY5x9M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b9:07:ac:3d:12:4c:2c:39:f3:72:8f:20:7e:ab:8a:f0:10:13:
f1:3d:af:4b:0a:01:e4:83:08:1c:f4:15:05:16:55:61:71:31:
54:a4:eb:b6:b2:e0:fa:99:20:53:13:dc:e3:ad:eb:75:a8:e1:
92:b6:5f:c8:90:20:51:82:96:09:a1:4f:f2:a2:08:c0:57:46:
dd:bb:ca:1a:8c:59:b9:cd:e3:9a:6a:e0:94:26:03:f6:b0:64:
ea:b3:5d:73:d5:b8:5b:27:5e:0e:57:42:be:15:80:b7:d8:0d:
8a:37:38:da:f8:84:7b:78:b2:75:6a:47:62:7b:19:68:16:f7:
b0:93:bc:97:6a:b4:98:2d:e2:0f:0f:d3:44:0a:1a:50:23:54:
e4:86:ea:e8:a4:5d:6d:58:8b:e7:71:35:6b:fb:80:ce:94:ad:
da:14:43:eb:1c:92:77:79:c5:45:f4:c1:27:7e:fa:e0:70:27:
eb:93:b2:39:3e:df:ee:72:c5:c2:fc:6f:a3:5a:a9:99:e6:df:
7f:cc:66:4c:fb:42:52:bb:49:57:b6:ad:6a:60:04:04:c6:7a:
03:9f:8f:6e:23:f6:45:d8:55:bf:df:41:f0:62:c7:2f:ec:be:
f2:42:bf:cb:e2:bf:7c:c6:fc:7d:13:0a:4b:fe:a5:46:34:f2:
56:10:c3:00
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICRAowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkw
NzIzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAwRTZFQTY3RDc3RkI3
NTk5MDE4NDJGRTFGMjQzMDYwNTYzOUM3RDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGl2CnrzAb5zM3EmSf9sJ3ncTaUWomwO8cknGwaSKqQUlzZRVM
W0bER0v5k8hrj6WIiUdKR9/RXxeZF96n7Q0GxjnAjJ+cPyLpl0j6s1Eyy1yyv+8v
thWzF70jhK8d/9UTERM4J/wPTy6ofkbyRRyROgVQlrRvWsbljVn37TgANkDrBhG9
pzho87mr9VTW0uQBwQI5NvzJsx735HR8tAQGdchddEq5TJaGMY+asbNviCHPrO+j
wEwfsdE08QkJtxrWAKG4XNb72bW+ztnU3BNl18MHmz3weQ8US5vg1rPEjek3uZmi
R6abGx4yIsRPyDy+BuvSDIsAXqlrHeN/BRWrAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUAObqZ9d/t1mQGEL+HyQwYFY5x9MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FPYnFaOWRfdDFtUUdF
TC1IeVF3WUZZNXg5TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAuQesPRJMLDnzco8gfquK8BAT8T2vSwoB
5IMIHPQVBRZVYXExVKTrtrLg+pkgUxPc463rdajhkrZfyJAgUYKWCaFP8qIIwFdG
3bvKGoxZuc3jmmrglCYD9rBk6rNdc9W4WydeDldCvhWAt9gNijc42viEe3iydWpH
YnsZaBb3sJO8l2q0mC3iDw/TRAoaUCNU5Ibq6KRdbViL53E1a/uAzpSt2hRD6xyS
d3nFRfTBJ3764HAn65OyOT7f7nLFwvxvo1qpmebff8xmTPtCUrtJV7atamAEBMZ6
A5+PbiP2RdhVv99B8GLHL+y+8kK/y+K/fMb8fRMKS/6lRjTyVhDDAA==
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:25:50 2025 by rpki-client