Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/P9gx_DmN0S1C3xKWbqIVh97r7Xw.roa
File: P9gx_DmN0S1C3xKWbqIVh97r7Xw.roa (raw, json)
Hash identifier: /txqkRjHssg/UcNalCWud3dOqYw4vXKlOh9NHZviEkc=
Subject key identifier: 3F:D8:31:FC:39:8D:D1:2D:42:DF:12:96:6E:A2:15:87:DE:EB:ED:7C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 354E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P9gx_DmN0S1C3xKWbqIVh97r7Xw.roa
Signing time: Sat 30 Mar 2024 15:52:09 +0000
ROA not before: Sat 30 Mar 2024 15:52:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13646 (0x354e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 15:52:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3FD831FC398DD12D42DF12966EA21587DEEBED7C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:a4:53:df:87:c2:c3:34:a5:d2:e7:f2:e6:7e:
9d:47:9e:30:d1:71:b4:ca:22:8e:23:e3:17:59:c4:
a8:62:25:90:08:d8:57:1d:d4:02:5d:f0:3d:ef:da:
54:1b:56:00:df:81:fc:fd:46:d9:7c:74:74:93:f8:
54:ab:58:ea:27:79:a0:1a:c1:a9:66:c4:c6:42:de:
26:b8:d5:40:47:98:eb:48:ce:77:90:f8:36:1a:10:
fa:1f:5f:ac:ec:51:40:08:45:47:e5:4c:eb:13:cd:
18:36:e7:93:3c:79:ce:eb:b3:0e:8b:1b:ee:a1:6e:
f1:21:e7:03:85:87:02:23:11:05:1a:f3:a3:3d:01:
26:ad:3c:a7:b2:e8:08:10:10:51:41:df:35:bf:90:
2e:31:1e:82:e8:36:40:79:fd:de:4a:50:1e:5c:a2:
d3:1c:68:f0:47:d0:dc:31:6d:7c:0a:eb:06:7b:cb:
21:4b:40:87:46:58:74:93:ff:b1:c2:d2:35:19:89:
0f:fd:e9:4b:38:31:c0:f4:16:53:da:a1:2b:15:7d:
8d:ba:aa:9e:4a:4d:b2:07:c9:4b:56:54:4f:9c:fe:
e7:5a:e2:f3:a1:90:7a:5b:ed:60:0d:df:64:71:76:
6b:89:cb:dd:6c:3f:d6:0a:87:f9:21:0b:1e:59:e4:
3f:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:D8:31:FC:39:8D:D1:2D:42:DF:12:96:6E:A2:15:87:DE:EB:ED:7C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P9gx_DmN0S1C3xKWbqIVh97r7Xw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b4:c5:83:a1:53:c1:af:cf:09:d4:04:e6:42:4c:95:61:ee:23:
e9:4a:19:e0:0e:a4:44:bf:e8:6c:cb:f8:32:48:d7:55:73:a9:
f4:5d:b5:b4:86:51:fb:c7:b7:65:1f:2b:fb:94:62:dd:50:d0:
0c:c6:19:0c:f7:35:52:e8:5d:eb:f3:2c:6f:ac:5b:1a:20:20:
c8:a3:61:b6:5a:9c:d5:24:27:4e:b1:e4:c9:ea:09:a5:16:d0:
23:8a:3d:10:fe:7f:12:73:ac:f1:32:1c:15:25:54:0b:2d:3f:
d4:c7:76:25:e5:f5:4b:67:f9:00:f4:26:79:4c:cf:87:7d:ed:
d2:cb:f3:87:f7:8c:39:3b:ff:b0:7d:f7:d3:c9:73:5f:62:be:
b6:63:7a:a1:16:1e:65:e6:b1:6f:8a:dd:15:ed:df:06:22:4f:
3b:b5:ef:f5:ec:dd:45:8a:6c:93:16:31:94:01:17:67:ba:71:
35:a3:38:5f:c3:f8:bf:d3:a9:5e:04:67:ce:2e:b5:b9:0e:19:
a8:89:a8:d4:23:01:e0:24:14:43:72:1e:f4:13:10:50:0f:3b:
9b:08:97:b0:0c:d9:32:30:0d:55:7d:47:da:3c:dd:5c:b2:d2:
68:9e:96:60:e1:8c:34:c8:da:55:ea:e5:8f:88:a9:b2:35:3a:
e3:6f:f2:ad
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNU4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAx
NTUyMDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNGRDgzMUZDMzk4REQx
MkQ0MkRGMTI5NjZFQTIxNTg3REVFQkVEN0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDipFPfh8LDNKXS5/Lmfp1HnjDRcbTKIo4j4xdZxKhiJZAI2Fcd
1AJd8D3v2lQbVgDfgfz9Rtl8dHST+FSrWOoneaAawalmxMZC3ia41UBHmOtIzneQ
+DYaEPofX6zsUUAIRUflTOsTzRg255M8ec7rsw6LG+6hbvEh5wOFhwIjEQUa86M9
ASatPKey6AgQEFFB3zW/kC4xHoLoNkB5/d5KUB5cotMcaPBH0NwxbXwK6wZ7yyFL
QIdGWHST/7HC0jUZiQ/96Us4McD0FlPaoSsVfY26qp5KTbIHyUtWVE+c/uda4vOh
kHpb7WAN32RxdmuJy91sP9YKh/khCx5Z5D8lAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUP9gx/DmN0S1C3xKWbqIVh97r7XwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1A5Z3hfRG1OMFMxQzN4
S1dicUlWaDk3cjdYdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAtMWDoVPBr88J1ATmQkyVYe4j6UoZ4A6k
RL/obMv4MkjXVXOp9F21tIZR+8e3ZR8r+5Ri3VDQDMYZDPc1Uuhd6/Msb6xbGiAg
yKNhtlqc1SQnTrHkyeoJpRbQI4o9EP5/EnOs8TIcFSVUCy0/1Md2JeX1S2f5APQm
eUzPh33t0svzh/eMOTv/sH3308lzX2K+tmN6oRYeZeaxb4rdFe3fBiJPO7Xv9ezd
RYpskxYxlAEXZ7pxNaM4X8P4v9OpXgRnzi61uQ4ZqImo1CMB4CQUQ3Ie9BMQUA87
mwiXsAzZMjANVX1H2jzdXLLSaJ6WYOGMNMjaVerlj4ipsjU642/yrQ==
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:40:01 2025 by rpki-client