Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ix0CydptsdJOn72TjYowZgG1AfA.roa
File: ix0CydptsdJOn72TjYowZgG1AfA.roa (raw, json)
Hash identifier: 72ANshbLfjdydqXPN/9nrLGyrqam3InSROguP3h1wFo=
Subject key identifier: 8B:1D:02:C9:DA:6D:B1:D2:4E:9F:BD:93:8D:8A:30:66:01:B5:01:F0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F2A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ix0CydptsdJOn72TjYowZgG1AfA.roa
Signing time: Fri 12 Apr 2024 19:22:49 +0000
ROA not before: Fri 12 Apr 2024 19:22:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16170 (0x3f2a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 19:22:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8B1D02C9DA6DB1D24E9FBD938D8A306601B501F0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:82:d5:4c:e3:88:bf:db:a1:f9:61:20:d7:49:
0a:0a:a5:a3:1b:8d:77:60:27:73:4a:2a:01:73:11:
eb:cc:e6:a4:ff:aa:98:1e:51:03:78:71:14:a2:d4:
2a:51:fe:cd:da:0c:fb:18:7d:11:cd:f3:0a:01:36:
15:34:f8:78:14:c8:bb:a5:b2:6c:e5:bc:7a:28:71:
02:3b:6a:bd:c9:6d:20:35:5c:32:51:49:a6:01:c4:
14:df:ef:16:97:f0:f8:93:d2:7e:fb:f9:4d:13:f5:
a9:b4:3f:55:a4:e6:fd:2d:5c:9f:95:36:13:ec:16:
56:e9:67:07:9c:65:b9:0d:82:69:c9:7c:34:a3:cf:
f5:03:34:c3:0f:06:d7:fc:8e:ee:ae:8e:11:4e:a5:
ef:56:44:bd:f9:ef:a0:a6:99:52:24:a9:c3:46:13:
35:7e:05:f8:e6:19:dd:fe:e5:28:18:68:16:18:25:
08:21:1f:2f:ca:ac:34:4b:64:4b:de:dc:8b:97:46:
da:4c:58:20:d7:40:4f:d2:02:67:c0:b9:a2:99:4c:
e0:d2:35:d4:c7:cb:7b:66:34:61:1c:dc:c2:f8:9c:
52:66:ba:3d:9e:14:8d:4c:3a:87:2d:cd:7d:17:89:
c6:e1:16:ee:35:4e:ef:41:1b:f2:61:3b:47:7a:09:
1c:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:1D:02:C9:DA:6D:B1:D2:4E:9F:BD:93:8D:8A:30:66:01:B5:01:F0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ix0CydptsdJOn72TjYowZgG1AfA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
69:19:cc:db:46:23:49:b2:5d:44:51:ed:04:f3:be:44:b4:4d:
26:ed:76:99:7a:a3:1b:16:3c:1c:0c:26:95:60:14:91:cb:67:
5b:7e:6f:e2:e2:9b:e1:69:a5:1c:4c:7e:44:82:cb:e8:30:97:
7d:f4:57:2c:55:d7:77:27:5d:fe:c4:ec:4f:86:f4:8a:3e:08:
db:9c:31:b4:f6:03:ad:b6:7f:61:d9:18:11:d9:1c:93:ee:62:
71:b9:b3:47:3f:99:02:ba:93:fc:ef:5c:11:50:b7:fe:09:85:
da:55:60:cb:c0:89:ce:e1:5b:14:0e:b7:21:98:2e:0c:1e:ae:
cb:46:99:3b:9b:c3:3e:1f:8b:45:ba:ea:de:38:92:97:f2:6b:
34:22:6b:42:b3:48:40:59:ba:dd:c6:53:d4:b5:5c:6e:a3:42:
a2:a0:c4:05:c3:e7:f6:1a:28:02:f3:3a:1e:9a:59:6a:51:b0:
80:9e:5f:97:8e:f1:ce:09:d7:c5:21:4c:87:7d:9e:68:1b:d3:
11:3a:aa:97:7d:1a:eb:c7:82:c1:d8:b9:1d:1d:b6:f5:84:43:
b6:e6:f4:65:67:c1:fd:fc:31:30:3f:42:10:85:88:39:a4:99:
6e:fd:23:70:e0:38:e0:0f:6a:94:bd:3e:f0:98:41:60:b1:ff:
15:ee:92:99
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPyowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIx
OTIyNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhCMUQwMkM5REE2REIx
RDI0RTlGQkQ5MzhEOEEzMDY2MDFCNTAxRjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCZgtVM44i/26H5YSDXSQoKpaMbjXdgJ3NKKgFzEevM5qT/qpge
UQN4cRSi1CpR/s3aDPsYfRHN8woBNhU0+HgUyLulsmzlvHoocQI7ar3JbSA1XDJR
SaYBxBTf7xaX8PiT0n77+U0T9am0P1Wk5v0tXJ+VNhPsFlbpZwecZbkNgmnJfDSj
z/UDNMMPBtf8ju6ujhFOpe9WRL3576CmmVIkqcNGEzV+BfjmGd3+5SgYaBYYJQgh
Hy/KrDRLZEve3IuXRtpMWCDXQE/SAmfAuaKZTODSNdTHy3tmNGEc3ML4nFJmuj2e
FI1MOoctzX0XicbhFu41Tu9BG/JhO0d6CRztAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUix0CydptsdJOn72TjYowZgG1AfAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2l4MEN5ZHB0c2RKT243
MlRqWW93WmdHMUFmQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAaRnM20YjSbJdRFHtBPO+RLRNJu12mXqj
GxY8HAwmlWAUkctnW35v4uKb4WmlHEx+RILL6DCXffRXLFXXdydd/sTsT4b0ij4I
25wxtPYDrbZ/YdkYEdkck+5icbmzRz+ZArqT/O9cEVC3/gmF2lVgy8CJzuFbFA63
IZguDB6uy0aZO5vDPh+LRbrq3jiSl/JrNCJrQrNIQFm63cZT1LVcbqNCoqDEBcPn
9hooAvM6HppZalGwgJ5fl47xzgnXxSFMh32eaBvTETqql30a68eCwdi5HR229YRD
tub0ZWfB/fwxMD9CEIWIOaSZbv0jcOA44A9qlL0+8JhBYLH/Fe6SmQ==
-----END CERTIFICATE-----
Generated at Sun Jun 22 16:52:22 2025 by rpki-client