Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/G9Frq5I8Ix5tv6DN_geW9H4KtiE.roa
File: G9Frq5I8Ix5tv6DN_geW9H4KtiE.roa (raw, json)
Hash identifier: RQLnEKE1E3BsUQEFa/HgwxTJDwq2TziifKuStsDTGbc=
Subject key identifier: 1B:D1:6B:AB:92:3C:23:1E:6D:BF:A0:CD:FE:07:96:F4:7E:0A:B6:21
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 548A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G9Frq5I8Ix5tv6DN_geW9H4KtiE.roa
Signing time: Sat 11 May 2024 07:24:05 +0000
ROA not before: Sat 11 May 2024 07:24:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21642 (0x548a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 07:24:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1BD16BAB923C231E6DBFA0CDFE0796F47E0AB621
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:c4:18:ab:7e:8b:f9:e5:36:89:4d:0f:af:4a:
15:e3:80:92:e8:13:58:a0:c4:84:09:6e:8b:a6:dd:
01:70:5a:b8:c3:0e:18:f1:94:ff:87:11:e5:d8:14:
58:77:19:9a:13:14:0e:b7:6c:a5:c4:0b:5c:90:a0:
c8:f8:15:6f:ec:e8:58:bd:51:bb:6c:41:a5:b4:40:
cc:1c:5a:0f:5a:d4:93:c8:70:d8:b4:02:60:4c:e8:
e1:cb:2d:4d:d3:b9:e1:29:eb:22:49:92:93:06:f6:
c7:82:bb:2c:da:6f:ce:c1:1b:8a:cf:df:a5:5a:68:
dc:ad:c1:00:88:37:02:23:78:01:e5:8c:f4:fc:9a:
2d:15:ab:3f:00:3a:0f:0e:9f:c1:2b:81:d3:61:e0:
4e:b0:0c:b6:cc:b5:58:8d:c5:39:df:2b:e9:e4:89:
3b:6c:af:af:f2:7a:93:a7:c5:52:78:51:eb:48:ea:
15:8a:4e:56:75:7d:9a:63:c3:35:5f:74:93:d3:9c:
5a:2f:fa:2b:4b:ec:11:62:e4:13:6e:b2:2c:fa:51:
18:3b:eb:ec:c8:c8:ca:96:a5:4f:1d:33:ee:c2:f0:
54:de:33:28:8c:98:c4:98:ac:13:ea:87:9c:4d:2e:
ac:b9:48:ea:a1:fe:af:d6:cc:84:6a:e2:35:c8:4c:
4e:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:D1:6B:AB:92:3C:23:1E:6D:BF:A0:CD:FE:07:96:F4:7E:0A:B6:21
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G9Frq5I8Ix5tv6DN_geW9H4KtiE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7c:1e:5d:f6:f8:66:93:4b:c9:94:d1:7a:f5:4b:ad:0b:94:85:
19:a8:8f:8a:1b:bb:f1:92:dd:e4:bc:7a:c5:3e:71:d7:8d:cf:
92:62:13:b3:26:13:37:2b:f8:39:48:05:64:17:e6:e4:dc:92:
95:2b:00:f6:67:a2:06:ac:e2:6c:03:da:9b:50:3a:da:65:c3:
97:fe:6d:65:84:ca:4c:3d:e7:4a:98:78:74:f6:84:84:da:cb:
4f:8f:72:62:f0:09:db:6c:67:c3:c2:37:e4:5d:2f:28:5c:e2:
d5:90:ef:6f:e1:24:ff:ea:6a:21:34:22:e9:23:bb:fc:ca:5a:
82:b0:3f:f5:96:78:da:63:6c:23:25:aa:fb:11:93:51:29:54:
bb:81:b1:4f:89:c0:06:7e:7f:2f:0f:44:65:fe:b5:33:57:ec:
41:66:12:85:57:b1:e1:56:c1:ec:fa:ef:cf:2f:61:87:95:1a:
df:3b:c9:e2:4f:d9:d4:b2:3a:9e:7f:9a:57:0b:3a:16:57:51:
91:b7:ba:5a:a9:e7:3b:8f:34:b9:54:dd:5e:f1:ec:16:fe:13:
e4:d2:26:fe:07:31:c7:80:8a:f2:59:53:92:73:82:24:7c:91:
71:fb:3e:dd:a0:2b:fa:81:e9:38:31:81:4b:93:1c:30:20:e5:
16:a6:b2:04
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVIowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEw
NzI0MDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFCRDE2QkFCOTIzQzIz
MUU2REJGQTBDREZFMDc5NkY0N0UwQUI2MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD4xBirfov55TaJTQ+vShXjgJLoE1igxIQJboum3QFwWrjDDhjx
lP+HEeXYFFh3GZoTFA63bKXEC1yQoMj4FW/s6Fi9UbtsQaW0QMwcWg9a1JPIcNi0
AmBM6OHLLU3TueEp6yJJkpMG9seCuyzab87BG4rP36VaaNytwQCINwIjeAHljPT8
mi0Vqz8AOg8On8ErgdNh4E6wDLbMtViNxTnfK+nkiTtsr6/yepOnxVJ4UetI6hWK
TlZ1fZpjwzVfdJPTnFov+itL7BFi5BNusiz6URg76+zIyMqWpU8dM+7C8FTeMyiM
mMSYrBPqh5xNLqy5SOqh/q/WzIRq4jXITE5TAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUG9Frq5I8Ix5tv6DN/geW9H4KtiEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0c5RnJxNUk4SXg1dHY2
RE5fZ2VXOUg0S3RpRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAfB5d9vhmk0vJlNF69UutC5SFGaiPihu7
8ZLd5Lx6xT5x143PkmITsyYTNyv4OUgFZBfm5NySlSsA9meiBqzibAPam1A62mXD
l/5tZYTKTD3nSph4dPaEhNrLT49yYvAJ22xnw8I35F0vKFzi1ZDvb+Ek/+pqITQi
6SO7/MpagrA/9ZZ42mNsIyWq+xGTUSlUu4GxT4nABn5/Lw9EZf61M1fsQWYShVex
4VbB7Prvzy9hh5Ua3zvJ4k/Z1LI6nn+aVws6FldRkbe6WqnnO480uVTdXvHsFv4T
5NIm/gcxx4CK8llTknOCJHyRcfs+3aAr+oHpODGBS5McMCDlFqayBA==
-----END CERTIFICATE-----
Generated at Sat Jun 21 17:31:10 2025 by rpki-client