Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qdYyYUi8Kzh-E7hAFEfoEYg6aIA.roa
File: qdYyYUi8Kzh-E7hAFEfoEYg6aIA.roa (raw, json)
Hash identifier: 27+FhRHfe5bYKxzAk/9m3tGeCYBAQzhXZfxadvA8rmQ=
Subject key identifier: A9:D6:32:61:48:BC:2B:38:7E:13:B8:40:14:47:E8:11:88:3A:68:80
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4192
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qdYyYUi8Kzh-E7hAFEfoEYg6aIA.roa
Signing time: Tue 16 Apr 2024 00:22:54 +0000
ROA not before: Tue 16 Apr 2024 00:22:54 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16786 (0x4192)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 00:22:54 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A9D6326148BC2B387E13B8401447E811883A6880
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:8b:f8:5b:c5:aa:0d:ba:a2:55:4c:43:00:32:
54:3b:a9:0f:75:19:fe:5f:6b:e9:67:84:72:21:1f:
a6:e9:18:57:52:b8:83:bb:3d:d2:fd:bc:81:75:36:
e9:fd:67:c5:c6:b3:58:10:6d:2d:ee:15:c5:74:bc:
9c:e4:27:51:0b:fa:d0:28:96:21:2e:38:03:01:28:
dc:60:70:cb:aa:8a:8f:7a:a5:30:69:2b:6b:88:73:
0f:f5:07:c5:0d:6e:77:5f:e3:26:7d:90:c6:14:42:
18:73:43:e0:05:e0:c0:19:5e:90:df:8d:9a:04:d0:
48:08:20:f1:a0:18:27:87:2b:c1:4e:19:e5:71:0c:
95:5e:0e:30:60:3e:4e:c6:9d:45:91:ec:87:c1:b1:
45:00:76:8d:3e:37:c2:56:89:8f:7e:b7:cc:54:ab:
14:df:8c:2a:b0:0f:8a:24:78:bf:87:ec:e5:25:a0:
62:96:d5:51:c7:10:16:f0:17:35:46:a2:d2:6d:70:
56:20:b5:75:71:2b:7b:50:ea:a6:29:ea:04:6b:68:
f2:01:bf:8a:5e:a8:ca:e8:6f:36:df:5f:1d:8c:94:
8c:39:ab:6c:c7:cf:39:ac:92:6c:4e:35:23:83:72:
0e:12:67:4d:bf:ab:fc:09:a1:cb:15:f1:94:7d:a5:
49:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:D6:32:61:48:BC:2B:38:7E:13:B8:40:14:47:E8:11:88:3A:68:80
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qdYyYUi8Kzh-E7hAFEfoEYg6aIA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
76:7d:28:b2:0d:0a:53:b2:6b:1e:b5:e2:4c:05:b6:65:8a:c3:
35:0d:c7:3a:6e:84:da:4a:35:d1:86:3c:fb:cd:66:6f:ac:02:
b7:7c:ed:de:db:8a:54:df:3c:3d:e4:99:ce:f4:77:49:2d:a4:
e1:6c:91:cc:32:26:c7:2c:f2:6d:70:f4:85:41:27:82:67:17:
e9:0a:62:2a:98:c9:89:dd:a9:d3:b1:65:38:e9:36:51:d9:7c:
c4:08:a3:a4:3c:4c:dd:78:59:24:7f:f4:a8:76:57:59:e0:48:
0d:48:d5:cc:50:66:ad:bb:fa:69:1c:0e:69:ad:65:e5:6f:6b:
27:66:67:cb:2f:96:ce:b1:1b:50:b8:03:70:c7:80:62:c6:b4:
7f:b8:39:7a:bc:7c:73:17:9f:5d:81:c7:27:81:6b:d3:ec:5a:
12:96:23:b7:8e:9b:83:c3:ca:14:03:91:14:78:ac:b3:ee:cd:
8b:1a:73:aa:b5:5f:94:7b:4f:00:c1:e0:8c:d5:72:72:bf:c9:
08:14:5a:ee:e6:07:7b:7f:eb:3c:c2:eb:01:2b:f6:9c:11:ac:
0f:bb:72:39:98:73:33:bd:03:f8:0d:15:d7:ad:af:5f:b7:7c:
0a:ae:37:e4:d7:4c:31:5f:39:ee:48:1d:5d:fc:41:aa:4f:0c:
94:14:3b:f3
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICQZIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYw
MDIyNTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEE5RDYzMjYxNDhCQzJC
Mzg3RTEzQjg0MDE0NDdFODExODgzQTY4ODAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGi/hbxaoNuqJVTEMAMlQ7qQ91Gf5fa+lnhHIhH6bpGFdSuIO7
PdL9vIF1Nun9Z8XGs1gQbS3uFcV0vJzkJ1EL+tAoliEuOAMBKNxgcMuqio96pTBp
K2uIcw/1B8UNbndf4yZ9kMYUQhhzQ+AF4MAZXpDfjZoE0EgIIPGgGCeHK8FOGeVx
DJVeDjBgPk7GnUWR7IfBsUUAdo0+N8JWiY9+t8xUqxTfjCqwD4okeL+H7OUloGKW
1VHHEBbwFzVGotJtcFYgtXVxK3tQ6qYp6gRraPIBv4peqMrobzbfXx2MlIw5q2zH
zzmskmxONSODcg4SZ02/q/wJocsV8ZR9pUmHAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUqdYyYUi8Kzh+E7hAFEfoEYg6aIAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FkWXlZVWk4S3poLUU3
aEFGRWZvRVlnNmFJQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAdn0osg0KU7JrHrXiTAW2ZYrDNQ3HOm6E
2ko10YY8+81mb6wCt3zt3tuKVN88PeSZzvR3SS2k4WyRzDImxyzybXD0hUEngmcX
6QpiKpjJid2p07FlOOk2Udl8xAijpDxM3XhZJH/0qHZXWeBIDUjVzFBmrbv6aRwO
aa1l5W9rJ2Znyy+WzrEbULgDcMeAYsa0f7g5erx8cxefXYHHJ4Fr0+xaEpYjt46b
g8PKFAORFHiss+7NixpzqrVflHtPAMHgjNVycr/JCBRa7uYHe3/rPMLrASv2nBGs
D7tyOZhzM70D+A0V162vX7d8Cq435NdMMV857kgdXfxBqk8MlBQ78w==
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:56:13 2025 by rpki-client