Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/T-cm9SsN70SHvKLLPjaLe4Nxf8M.roa
File: T-cm9SsN70SHvKLLPjaLe4Nxf8M.roa (raw, json)
Hash identifier: ovuZUprS5VdGSVup5K2nrZrJeALS65VK5UXPnD9vkiU=
Subject key identifier: 4F:E7:26:F5:2B:0D:EF:44:87:BC:A2:CB:3E:36:8B:7B:83:71:7F:C3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 417A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/T-cm9SsN70SHvKLLPjaLe4Nxf8M.roa
Signing time: Mon 15 Apr 2024 21:22:59 +0000
ROA not before: Mon 15 Apr 2024 21:22:59 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16762 (0x417a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 21:22:59 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4FE726F52B0DEF4487BCA2CB3E368B7B83717FC3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:41:60:32:49:c9:01:74:d0:00:a7:c6:cd:bc:
fd:5e:86:1e:cc:e0:d8:61:39:28:d7:88:25:ed:3b:
bf:b3:b3:94:fe:b2:8c:2c:6c:86:34:0b:9a:1e:d3:
29:ff:a9:a3:f2:17:2a:b4:73:bb:40:71:b7:aa:27:
38:7a:48:b0:5f:82:fb:45:97:83:11:9b:d5:77:e3:
5f:17:65:b0:da:6c:a9:a3:6e:53:f6:77:2e:9e:0f:
31:07:b3:77:c3:c8:9f:47:ac:84:31:b4:44:cc:f8:
13:96:97:ff:fc:45:ba:30:2d:4b:ac:cb:ce:7b:2c:
da:4d:10:e9:88:c1:9e:b7:85:2c:05:c7:3e:8a:49:
91:58:45:93:10:df:af:59:65:6b:d6:7e:fa:45:72:
3c:b8:b2:a6:4f:e1:c2:03:c2:72:c1:34:d1:8f:36:
ba:70:db:2d:cf:e0:04:eb:ac:d6:b3:3f:6c:df:7d:
7a:1f:22:72:ac:60:5a:6d:e5:cd:05:84:21:3c:83:
d7:18:ff:f4:49:bd:fc:7e:d0:12:08:f6:0d:fc:08:
e2:59:75:07:a9:46:2d:a3:d1:bf:29:cc:8a:fb:8c:
a1:d9:75:43:44:f7:38:4c:20:95:76:1b:25:a4:8f:
33:68:ce:a4:e2:90:57:5d:48:82:f6:f4:01:fa:54:
3a:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:E7:26:F5:2B:0D:EF:44:87:BC:A2:CB:3E:36:8B:7B:83:71:7F:C3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/T-cm9SsN70SHvKLLPjaLe4Nxf8M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5d:3a:cf:e1:48:ef:ee:a2:96:7e:ce:9f:20:1c:2b:16:48:c4:
ff:01:06:44:aa:31:60:2b:31:fc:e7:a8:dc:5a:10:30:48:5d:
33:a2:eb:8e:fa:ec:a2:af:69:85:1e:f1:1d:f7:a6:dc:dc:c5:
3a:d8:bf:92:03:88:9e:f9:87:1b:03:df:57:ba:53:6d:81:29:
f3:3c:2b:85:85:81:5c:dc:16:49:92:2c:70:1a:89:6d:5a:da:
91:0b:68:45:e5:56:89:2f:d9:69:fb:8a:32:e9:28:9f:4a:39:
59:46:9a:b9:19:7d:4e:b8:b2:ca:0b:ee:07:7e:bf:66:c0:41:
ef:9e:4a:f1:5d:1b:38:bb:e7:43:21:92:ba:23:90:af:92:38:
5e:74:15:0b:e7:0b:83:30:90:92:b4:e7:30:b9:3a:b6:ae:82:
00:e3:bd:bf:59:06:3e:46:77:68:e6:9c:00:01:3b:0a:b1:4f:
f8:b7:68:c3:c7:5f:32:67:0a:1b:de:bb:3b:56:28:b5:fa:49:
bd:cc:8a:b2:de:80:28:37:22:67:da:98:cd:0b:be:3e:24:1c:
0d:7e:7b:b8:29:34:cc:57:99:fc:86:27:a2:65:60:5a:d3:28:
d4:0b:3f:dd:c3:e9:05:54:e6:af:f9:15:b1:61:cb:b6:cb:44:
17:47:e4:de
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQXowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUy
MTIyNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRGRTcyNkY1MkIwREVG
NDQ4N0JDQTJDQjNFMzY4QjdCODM3MTdGQzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHQWAySckBdNAAp8bNvP1ehh7M4NhhOSjXiCXtO7+zs5T+sows
bIY0C5oe0yn/qaPyFyq0c7tAcbeqJzh6SLBfgvtFl4MRm9V3418XZbDabKmjblP2
dy6eDzEHs3fDyJ9HrIQxtETM+BOWl//8RbowLUusy857LNpNEOmIwZ63hSwFxz6K
SZFYRZMQ369ZZWvWfvpFcjy4sqZP4cIDwnLBNNGPNrpw2y3P4ATrrNazP2zffXof
InKsYFpt5c0FhCE8g9cY//RJvfx+0BII9g38COJZdQepRi2j0b8pzIr7jKHZdUNE
9zhMIJV2GyWkjzNozqTikFddSIL29AH6VDp9AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUT+cm9SsN70SHvKLLPjaLe4Nxf8MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1QtY205U3NONzBTSHZL
TExQamFMZTROeGY4TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAXTrP4Ujv7qKWfs6fIBwrFkjE/wEGRKox
YCsx/Oeo3FoQMEhdM6Lrjvrsoq9phR7xHfem3NzFOti/kgOInvmHGwPfV7pTbYEp
8zwrhYWBXNwWSZIscBqJbVrakQtoReVWiS/ZafuKMukon0o5WUaauRl9Triyygvu
B36/ZsBB755K8V0bOLvnQyGSuiOQr5I4XnQVC+cLgzCQkrTnMLk6tq6CAOO9v1kG
PkZ3aOacAAE7CrFP+Ldow8dfMmcKG967O1YotfpJvcyKst6AKDciZ9qYzQu+PiQc
DX57uCk0zFeZ/IYnomVgWtMo1As/3cPpBVTmr/kVsWHLtstEF0fk3g==
-----END CERTIFICATE-----
Generated at Sat Jun 21 00:47:19 2025 by rpki-client