Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/p6rB1cwGtZfh6ihooktNZXqEidk.roa
File: p6rB1cwGtZfh6ihooktNZXqEidk.roa (raw, json)
Hash identifier: dvobsSfjNbea23oGKkGTyswCMSwxD+XPfbQ/9PykObo=
Subject key identifier: A7:AA:C1:D5:CC:06:B5:97:E1:EA:28:68:A2:4B:4D:65:7A:84:89:D9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 414A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/p6rB1cwGtZfh6ihooktNZXqEidk.roa
Signing time: Mon 15 Apr 2024 15:23:02 +0000
ROA not before: Mon 15 Apr 2024 15:23:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16714 (0x414a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 15:23:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A7AAC1D5CC06B597E1EA2868A24B4D657A8489D9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:4d:5b:e2:15:a6:1a:32:ff:0e:5c:2f:13:0d:
90:30:46:73:e2:a7:6d:0d:7b:c3:56:be:51:2f:d0:
1e:74:2b:26:8a:42:28:af:ad:a9:eb:2c:16:5a:c2:
ba:92:74:93:1f:54:14:6b:67:62:e6:cf:0e:70:28:
07:34:76:14:5b:5d:b9:f3:31:54:fb:69:33:0b:84:
ab:26:70:8f:fa:e9:69:f0:60:d8:3b:be:70:a4:c0:
0b:49:6f:f6:5d:ed:af:27:0f:c8:38:85:a5:bc:28:
81:8c:b3:cd:ce:ac:8c:e1:82:85:0e:d0:63:8d:fa:
59:0e:e4:d4:80:e0:c9:d4:f6:f4:bb:17:4d:d4:b9:
63:ae:1a:0e:3d:72:68:0b:50:b3:16:41:06:1b:6f:
d0:d1:e4:2c:19:44:8f:0e:8b:0e:c6:02:bf:d7:7e:
62:2b:61:46:07:cc:ed:dd:6f:a8:6a:c0:e8:25:c4:
9a:ea:59:47:d2:7e:43:89:8d:72:40:82:86:b6:5b:
09:1c:13:14:92:70:63:6c:ef:dc:78:75:42:f9:e2:
84:be:86:cf:3f:32:cb:11:18:3d:1b:58:1b:46:77:
b7:78:a5:dc:5f:de:14:1a:dc:71:55:fb:2f:27:8c:
5b:0c:26:55:34:2f:14:73:17:38:0c:4e:52:ec:a9:
80:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:AA:C1:D5:CC:06:B5:97:E1:EA:28:68:A2:4B:4D:65:7A:84:89:D9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/p6rB1cwGtZfh6ihooktNZXqEidk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9b:0a:ac:dd:c8:94:91:02:43:da:84:a6:8b:99:a5:b0:3c:e1:
53:f7:2f:34:a2:fd:aa:97:5e:7e:3c:06:14:cd:24:56:15:e3:
8a:ca:fb:d4:04:84:46:69:1f:dc:93:1f:d9:d5:59:a9:b2:f9:
91:1c:c5:31:b5:14:5a:d4:c5:3a:d4:e3:1d:22:97:9e:67:1a:
31:49:a8:bb:b2:8a:4a:03:92:99:13:b5:24:f9:84:9a:8e:29:
a6:56:db:2b:f6:a6:22:f0:9e:62:ca:84:51:97:aa:fd:93:a0:
43:f1:ca:dc:6f:bd:23:9c:8a:47:65:a5:1e:d1:f2:4b:3a:3c:
e9:a3:ca:f1:67:ff:d1:2a:e8:8f:f9:76:e1:1d:05:15:ca:53:
1e:da:8d:f4:8e:fd:1c:ef:70:83:a0:7e:59:9d:44:6d:45:35:
a8:c1:0b:29:f7:d6:c3:24:52:7f:a5:73:3f:0b:0c:a3:cb:06:
2e:a0:c4:fe:b5:8e:91:f2:3d:4a:9c:3b:cb:35:f4:08:bf:35:
17:dd:ae:91:ec:95:c1:0a:6f:2c:05:a2:f1:49:69:57:1b:5c:
fe:86:f0:41:3a:41:e4:97:21:b4:6c:c0:c8:76:ea:38:dd:70:
0d:d3:0c:75:83:25:80:fe:f5:7a:83:24:30:cd:5e:ba:5f:86:
4a:b2:8d:bc
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQUowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
NTIzMDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE3QUFDMUQ1Q0MwNkI1
OTdFMUVBMjg2OEEyNEI0RDY1N0E4NDg5RDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJTVviFaYaMv8OXC8TDZAwRnPip20Ne8NWvlEv0B50KyaKQiiv
ranrLBZawrqSdJMfVBRrZ2Lmzw5wKAc0dhRbXbnzMVT7aTMLhKsmcI/66WnwYNg7
vnCkwAtJb/Zd7a8nD8g4haW8KIGMs83OrIzhgoUO0GON+lkO5NSA4MnU9vS7F03U
uWOuGg49cmgLULMWQQYbb9DR5CwZRI8Oiw7GAr/XfmIrYUYHzO3db6hqwOglxJrq
WUfSfkOJjXJAgoa2WwkcExSScGNs79x4dUL54oS+hs8/MssRGD0bWBtGd7d4pdxf
3hQa3HFV+y8njFsMJlU0LxRzFzgMTlLsqYCRAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUp6rB1cwGtZfh6ihooktNZXqEidkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3A2ckIxY3dHdFpmaDZp
aG9va3ROWlhxRWlkay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAmwqs3ciUkQJD2oSmi5mlsDzhU/cvNKL9
qpdefjwGFM0kVhXjisr71ASERmkf3JMf2dVZqbL5kRzFMbUUWtTFOtTjHSKXnmca
MUmou7KKSgOSmRO1JPmEmo4pplbbK/amIvCeYsqEUZeq/ZOgQ/HK3G+9I5yKR2Wl
HtHySzo86aPK8Wf/0Sroj/l24R0FFcpTHtqN9I79HO9wg6B+WZ1EbUU1qMELKffW
wyRSf6VzPwsMo8sGLqDE/rWOkfI9Spw7yzX0CL81F92ukeyVwQpvLAWi8UlpVxtc
/obwQTpB5JchtGzAyHbqON1wDdMMdYMlgP71eoMkMM1eul+GSrKNvA==
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:51:44 2025 by rpki-client