Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/6GWsCzaPerersKyfNt2ngaqSOL8.roa
File: 6GWsCzaPerersKyfNt2ngaqSOL8.roa (raw, json)
Hash identifier: nZFSWbXHsigyfLK87ie9XZ/AAnY2Pznanxu98B2tN08=
Subject key identifier: E8:65:AC:0B:36:8F:7A:B7:AB:B0:AC:9F:36:DD:A7:81:AA:92:38:BF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3402
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6GWsCzaPerersKyfNt2ngaqSOL8.roa
Signing time: Thu 28 Mar 2024 22:22:04 +0000
ROA not before: Thu 28 Mar 2024 22:22:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13314 (0x3402)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 22:22:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E865AC0B368F7AB7ABB0AC9F36DDA781AA9238BF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:fb:43:4a:de:4e:9b:c3:1a:bb:a2:12:b9:e9:
ca:47:c6:be:51:14:1e:8d:b7:e2:44:98:e9:01:77:
c5:93:f7:af:ad:09:15:7f:af:34:7f:1a:fc:35:e6:
ab:8d:20:ba:b9:5a:c3:f1:69:34:1c:1e:d8:0a:62:
bb:f3:7f:b4:d8:94:2f:5b:f9:f7:b6:5f:f2:e5:48:
66:e4:34:fd:3f:f9:31:c7:a8:e9:e0:08:3b:df:33:
cf:e6:29:b7:44:95:48:0c:5c:09:65:fd:9f:51:f9:
56:67:56:40:91:6c:ce:ba:1b:56:39:54:dd:24:20:
a9:bc:8a:c4:ec:57:32:12:46:77:f5:0a:a2:e6:a6:
4b:b9:de:73:18:9d:14:5f:dd:20:8b:0a:44:c2:82:
d7:f1:c1:1d:bc:f4:ae:f2:56:ae:97:40:4c:5b:50:
e1:37:eb:28:3b:e3:f7:cb:a4:b8:e2:33:d2:32:0c:
d4:9a:28:8c:65:de:ef:ab:df:6d:12:31:50:07:69:
0d:ee:b5:58:36:19:f1:29:00:e5:66:09:b1:25:35:
44:0b:9d:fd:12:67:38:fe:8d:ca:ae:bf:0c:26:5d:
57:d4:52:58:31:49:50:1a:6d:fa:2c:47:0c:46:2c:
7d:fd:29:06:5e:b8:56:06:fd:9e:0e:22:24:b5:04:
f2:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:65:AC:0B:36:8F:7A:B7:AB:B0:AC:9F:36:DD:A7:81:AA:92:38:BF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6GWsCzaPerersKyfNt2ngaqSOL8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
85:cb:bd:d4:09:4e:86:c8:9f:21:3f:84:e6:5f:0d:02:3e:33:
fa:c0:c2:ed:40:61:c2:37:85:af:63:3a:ae:52:a2:bb:6d:82:
89:74:b3:a9:54:58:a2:4a:07:15:0e:98:1b:87:d0:f0:5d:c3:
16:cc:95:02:c9:cf:90:bc:28:54:d8:1a:12:37:9f:5c:a9:fd:
0c:69:3c:8a:8f:9b:ac:9d:5e:12:7f:5d:01:a3:74:84:6b:25:
71:8b:67:b7:d3:0a:ee:a9:7c:b4:21:a4:6a:71:82:bc:b5:04:
eb:1e:c3:c7:32:c1:bf:38:6b:e4:5b:e6:54:ef:d3:83:bf:65:
c0:93:1d:f2:c8:d0:19:03:f6:da:27:37:84:25:59:85:76:9d:
28:1c:c7:08:c8:42:00:8b:cb:42:55:c6:46:d0:86:5f:ea:37:
98:1a:5c:58:01:35:5c:40:23:bd:fd:ba:bd:ba:bd:b5:b8:2e:
04:65:b5:12:3c:0a:d4:fc:a9:60:18:df:62:7b:e5:0d:99:f6:
5a:01:ac:e8:8b:17:0e:21:16:73:fb:a7:b4:f6:69:d9:01:ba:
87:71:05:25:63:1b:b0:a9:fa:02:6a:d2:5b:a6:6f:ea:1e:c7:
82:61:cf:08:c9:5f:a6:39:fd:12:c2:58:0c:0b:9e:91:12:fa:
1d:23:9c:eb
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNAIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgy
MjIyMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU4NjVBQzBCMzY4RjdB
QjdBQkIwQUM5RjM2RERBNzgxQUE5MjM4QkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCm+0NK3k6bwxq7ohK56cpHxr5RFB6Nt+JEmOkBd8WT96+tCRV/
rzR/Gvw15quNILq5WsPxaTQcHtgKYrvzf7TYlC9b+fe2X/LlSGbkNP0/+THHqOng
CDvfM8/mKbdElUgMXAll/Z9R+VZnVkCRbM66G1Y5VN0kIKm8isTsVzISRnf1CqLm
pku53nMYnRRf3SCLCkTCgtfxwR289K7yVq6XQExbUOE36yg74/fLpLjiM9IyDNSa
KIxl3u+r320SMVAHaQ3utVg2GfEpAOVmCbElNUQLnf0SZzj+jcquvwwmXVfUUlgx
SVAabfosRwxGLH39KQZeuFYG/Z4OIiS1BPI/AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU6GWsCzaPerersKyfNt2ngaqSOL8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzZHV3NDemFQZXJlcnNL
eWZOdDJuZ2FxU09MOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAhcu91AlOhsifIT+E5l8NAj4z+sDC7UBh
wjeFr2M6rlKiu22CiXSzqVRYokoHFQ6YG4fQ8F3DFsyVAsnPkLwoVNgaEjefXKn9
DGk8io+brJ1eEn9dAaN0hGslcYtnt9MK7ql8tCGkanGCvLUE6x7DxzLBvzhr5Fvm
VO/Tg79lwJMd8sjQGQP22ic3hCVZhXadKBzHCMhCAIvLQlXGRtCGX+o3mBpcWAE1
XEAjvf26vbq9tbguBGW1EjwK1PypYBjfYnvlDZn2WgGs6IsXDiEWc/untPZp2QG6
h3EFJWMbsKn6AmrSW6Zv6h7HgmHPCMlfpjn9EsJYDAuekRL6HSOc6w==
-----END CERTIFICATE-----
Generated at Sun May 18 04:51:07 2025 by rpki-client