Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nw_sU94DS9w9Xevb9btWeEDizG0.roa
File: nw_sU94DS9w9Xevb9btWeEDizG0.roa (raw, json)
Hash identifier: WPMJ9RBXKgP9OY0oRliNg8pc+Nn7wqBGCE/xeDW2ZSw=
Subject key identifier: 9F:0F:EC:53:DE:03:4B:DC:3D:5D:EB:DB:F5:BB:56:78:40:E2:CC:6D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54A6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nw_sU94DS9w9Xevb9btWeEDizG0.roa
Signing time: Sat 11 May 2024 10:54:04 +0000
ROA not before: Sat 11 May 2024 10:54:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21670 (0x54a6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 10:54:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9F0FEC53DE034BDC3D5DEBDBF5BB567840E2CC6D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:0e:09:26:0a:79:b6:9a:2c:56:65:d7:f0:e9:
0f:23:4e:ba:63:81:1c:95:b9:b2:91:65:0c:15:bc:
a9:79:1c:03:c7:10:00:11:a2:22:37:c4:2b:05:d8:
a4:ef:b2:eb:e2:0b:4a:10:85:94:59:83:47:2a:8c:
95:71:79:89:d9:7f:23:d5:13:cb:0e:7b:4c:29:10:
88:5c:21:0a:30:d7:28:a2:b9:30:80:85:7e:72:7c:
a1:4e:35:6b:37:65:23:59:d2:82:43:a1:3d:db:fd:
b8:5e:ff:f3:01:57:a1:3f:a1:aa:fa:d9:87:99:86:
ac:1f:45:39:f1:b6:08:08:ca:90:f0:1c:a2:ef:f9:
c2:c7:8f:96:a6:b1:6b:b4:ed:09:d6:90:5a:c8:49:
52:bb:70:77:5f:6d:72:f1:71:48:a7:bd:47:f7:20:
af:1d:79:3a:20:e2:35:c9:99:0b:0c:40:f9:89:d0:
77:fd:b9:8b:30:ee:66:bc:0f:a4:4f:33:be:a4:74:
56:37:d1:9a:e4:c6:e9:ed:6a:ae:94:58:0e:55:aa:
f0:d2:d8:86:e2:69:d3:dc:e6:22:72:77:34:cd:06:
40:45:4d:b4:a2:ac:95:f2:ff:b4:e0:8f:21:f8:74:
c1:45:a9:a3:77:ca:3b:9f:dc:8e:68:6d:fc:33:ee:
bb:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:0F:EC:53:DE:03:4B:DC:3D:5D:EB:DB:F5:BB:56:78:40:E2:CC:6D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nw_sU94DS9w9Xevb9btWeEDizG0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1c:ee:80:4a:f8:54:64:af:c7:b0:e2:6e:98:c3:7a:76:8c:80:
5d:07:3d:b2:73:ed:19:d7:03:40:61:78:f2:d7:12:14:5a:65:
40:52:03:10:8d:62:c9:c8:48:af:5a:0e:7d:92:7e:ab:40:78:
7c:97:31:d9:09:92:e4:fc:62:4f:1c:67:0e:40:db:5f:f9:58:
e6:fb:b1:b6:65:90:3c:bd:96:3b:b8:89:f2:f5:c9:b5:45:85:
9d:6d:c4:c1:71:ba:d4:69:f2:7a:99:08:e6:f4:18:0c:04:88:
77:29:07:99:74:3b:24:82:ed:dd:0c:e8:fe:11:1e:5a:fb:40:
e1:00:65:25:01:a9:86:95:88:14:fb:cd:ae:46:81:b3:90:b9:
ce:3a:8c:6a:51:8f:d5:61:74:a9:8f:73:7c:93:c4:b9:c4:1d:
39:94:59:c2:17:8c:0a:b2:fc:05:c5:4b:9b:b6:c1:47:0e:85:
10:e5:de:ef:09:b6:2e:c7:10:31:36:3c:5a:e8:a5:8f:a4:fd:
7d:94:e8:de:e2:11:d8:fa:ab:57:10:6f:14:1a:7a:4f:11:d2:
92:bc:4e:61:43:9f:f0:15:95:ee:a7:04:4b:bd:6e:e0:97:21:
cd:8d:e2:c9:07:fb:a2:36:3b:77:82:17:73:7f:65:50:d0:a9:
d2:91:cb:07
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVKYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEx
MDU0MDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlGMEZFQzUzREUwMzRC
REMzRDVERUJEQkY1QkI1Njc4NDBFMkNDNkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGDgkmCnm2mixWZdfw6Q8jTrpjgRyVubKRZQwVvKl5HAPHEAAR
oiI3xCsF2KTvsuviC0oQhZRZg0cqjJVxeYnZfyPVE8sOe0wpEIhcIQow1yiiuTCA
hX5yfKFONWs3ZSNZ0oJDoT3b/bhe//MBV6E/oar62YeZhqwfRTnxtggIypDwHKLv
+cLHj5amsWu07QnWkFrISVK7cHdfbXLxcUinvUf3IK8deTog4jXJmQsMQPmJ0Hf9
uYsw7ma8D6RPM76kdFY30Zrkxuntaq6UWA5VqvDS2IbiadPc5iJydzTNBkBFTbSi
rJXy/7TgjyH4dMFFqaN3yjuf3I5obfwz7rsrAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUnw/sU94DS9w9Xevb9btWeEDizG0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L253X3NVOTREUzl3OVhl
dmI5YnRXZUVEaXpHMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAHO6ASvhUZK/HsOJumMN6doyAXQc9snPt
GdcDQGF48tcSFFplQFIDEI1iychIr1oOfZJ+q0B4fJcx2QmS5PxiTxxnDkDbX/lY
5vuxtmWQPL2WO7iJ8vXJtUWFnW3EwXG61GnyepkI5vQYDASIdykHmXQ7JILt3Qzo
/hEeWvtA4QBlJQGphpWIFPvNrkaBs5C5zjqMalGP1WF0qY9zfJPEucQdOZRZwheM
CrL8BcVLm7bBRw6FEOXe7wm2LscQMTY8Wuilj6T9fZTo3uIR2PqrVxBvFBp6TxHS
krxOYUOf8BWV7qcES71u4JchzY3iyQf7ojY7d4IXc39lUNCp0pHLBw==
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:34:09 2025 by rpki-client