Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qJ93XzXYSAX2QDuh8nKwOYWY_w8.roa
File: qJ93XzXYSAX2QDuh8nKwOYWY_w8.roa (raw, json)
Hash identifier: mxe4cuQyVTWpMZ8UpbajAHUFp4WtFpEA4ZarZ3zztLI=
Subject key identifier: A8:9F:77:5F:35:D8:48:05:F6:40:3B:A1:F2:72:B0:39:85:98:FF:0F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4162
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qJ93XzXYSAX2QDuh8nKwOYWY_w8.roa
Signing time: Mon 15 Apr 2024 18:22:55 +0000
ROA not before: Mon 15 Apr 2024 18:22:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16738 (0x4162)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 18:22:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A89F775F35D84805F6403BA1F272B0398598FF0F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:da:48:01:8c:56:e0:6a:39:7a:8b:c1:b5:3b:
99:c4:21:a0:24:5a:45:0a:1f:10:ee:2a:e8:54:a3:
04:b7:3b:0a:cb:ca:b0:b0:05:57:57:34:0c:24:8d:
6b:a6:99:cd:4f:60:46:5e:5b:9e:a5:a9:92:4f:b3:
c5:00:57:f6:5b:d8:c9:86:cb:af:e5:24:ff:81:8f:
dc:ad:60:80:55:07:98:76:8b:c5:32:51:3a:b7:11:
3f:57:b9:49:dc:bf:3f:4b:f4:64:08:36:83:83:2d:
68:1c:80:d8:ec:27:9e:08:4d:3b:59:94:e9:1f:37:
cd:76:3f:85:23:81:b7:f4:0d:99:52:15:70:6b:d0:
0a:b5:10:fa:18:58:23:ec:be:05:cb:9b:30:3c:fd:
34:ae:7b:c1:41:73:3f:4f:31:df:9e:d5:82:f4:6c:
dc:71:48:91:87:6b:54:66:88:a3:31:ea:24:7a:bf:
4c:c6:43:ca:48:59:0e:60:22:e7:6c:38:22:e4:7f:
89:de:c8:d2:88:d6:f5:1d:59:bf:a5:6c:b7:19:13:
54:7a:18:3a:d9:9b:84:e3:12:ad:52:54:58:cf:34:
06:e7:63:d8:27:55:28:49:c0:26:b2:80:f5:4a:95:
22:5f:bf:a2:5d:0d:c5:a6:d6:34:1c:e2:a0:c7:d5:
9e:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:9F:77:5F:35:D8:48:05:F6:40:3B:A1:F2:72:B0:39:85:98:FF:0F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qJ93XzXYSAX2QDuh8nKwOYWY_w8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
58:0d:66:b0:49:4a:c9:ea:39:60:fc:3c:fb:b4:21:69:97:6e:
52:53:31:d1:4d:33:5b:97:46:75:c2:1d:5d:0a:16:a7:68:5c:
d7:30:52:3e:2f:18:ff:4a:e8:d3:ff:9e:e3:93:79:47:b1:cd:
88:3f:03:c4:56:bd:89:95:87:6f:30:02:2b:fd:02:03:ce:a0:
08:1f:43:d7:85:88:d0:17:e1:c9:fe:d1:81:be:ba:fd:4b:a6:
20:45:2d:87:17:21:63:7b:1c:83:07:c1:df:96:94:e6:e5:31:
c0:3a:44:8d:53:7f:44:15:73:78:02:93:9e:f0:0f:03:23:cc:
30:c5:c5:9a:0f:72:d8:8a:40:87:73:5a:8c:0a:9b:78:1f:26:
5e:34:ae:38:34:0b:ac:c0:6c:76:49:fa:04:8d:a4:f3:3c:3e:
09:40:3a:98:c3:cf:32:f3:fc:44:8a:09:d5:5b:a9:c8:95:cc:
7a:ea:57:94:73:fb:44:b1:92:24:f5:74:31:40:3a:12:5b:68:
2a:2a:7f:60:d4:09:44:76:91:42:e9:ad:aa:1d:f1:ee:84:03:
8b:74:91:3f:f6:53:5a:9d:fe:be:50:cf:9d:5d:6c:81:d4:a5:
bb:52:88:13:85:29:cd:c9:60:f5:17:b7:ce:ce:13:b2:67:26:
42:da:9d:f8
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQWIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
ODIyNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE4OUY3NzVGMzVEODQ4
MDVGNjQwM0JBMUYyNzJCMDM5ODU5OEZGMEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCa2kgBjFbgajl6i8G1O5nEIaAkWkUKHxDuKuhUowS3OwrLyrCw
BVdXNAwkjWummc1PYEZeW56lqZJPs8UAV/Zb2MmGy6/lJP+Bj9ytYIBVB5h2i8Uy
UTq3ET9XuUncvz9L9GQINoODLWgcgNjsJ54ITTtZlOkfN812P4Ujgbf0DZlSFXBr
0Aq1EPoYWCPsvgXLmzA8/TSue8FBcz9PMd+e1YL0bNxxSJGHa1RmiKMx6iR6v0zG
Q8pIWQ5gIudsOCLkf4neyNKI1vUdWb+lbLcZE1R6GDrZm4TjEq1SVFjPNAbnY9gn
VShJwCaygPVKlSJfv6JdDcWm1jQc4qDH1Z69AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUqJ93XzXYSAX2QDuh8nKwOYWY/w8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FKOTNYelhZU0FYMlFE
dWg4bkt3T1lXWV93OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAWA1msElKyeo5YPw8+7QhaZduUlMx0U0z
W5dGdcIdXQoWp2hc1zBSPi8Y/0ro0/+e45N5R7HNiD8DxFa9iZWHbzACK/0CA86g
CB9D14WI0Bfhyf7Rgb66/UumIEUthxchY3scgwfB35aU5uUxwDpEjVN/RBVzeAKT
nvAPAyPMMMXFmg9y2IpAh3NajAqbeB8mXjSuODQLrMBsdkn6BI2k8zw+CUA6mMPP
MvP8RIoJ1VupyJXMeupXlHP7RLGSJPV0MUA6EltoKip/YNQJRHaRQumtqh3x7oQD
i3SRP/ZTWp3+vlDPnV1sgdSlu1KIE4Upzclg9Re3zs4TsmcmQtqd+A==
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:57 2025 by rpki-client