Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/A9H0sg79wI0VvzSd-l6fWDG3OMI.roa
File: A9H0sg79wI0VvzSd-l6fWDG3OMI.roa (raw, json)
Hash identifier: 7vYoxeIpRuAAUF9b9Tt51SrNQ2CD2EG4YvSXXUNfUZg=
Subject key identifier: 03:D1:F4:B2:0E:FD:C0:8D:15:BF:34:9D:FA:5E:9F:58:31:B7:38:C2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3BD6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/A9H0sg79wI0VvzSd-l6fWDG3OMI.roa
Signing time: Mon 08 Apr 2024 08:52:36 +0000
ROA not before: Mon 08 Apr 2024 08:52:36 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15318 (0x3bd6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 08:52:36 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=03D1F4B20EFDC08D15BF349DFA5E9F5831B738C2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:60:9c:d0:ca:12:b5:96:98:76:e7:8f:fe:9f:
21:49:d7:69:d6:f4:de:d9:7e:7d:5f:35:29:bb:68:
7f:d8:b1:d3:01:c2:cc:01:50:99:8c:e1:2b:95:52:
61:d3:33:92:6a:3b:96:1e:e8:9e:85:53:cd:88:da:
ce:24:f5:c7:b6:ed:dc:7c:91:35:ea:c7:c2:cb:f2:
f9:51:21:26:53:85:72:14:4f:3a:53:d0:0f:9e:13:
53:03:c8:41:0f:8b:58:4e:01:e8:3d:e2:d5:e2:27:
34:dd:d6:31:f3:69:be:66:d6:f8:65:a9:1e:30:da:
5c:06:18:5d:65:5c:5d:6b:61:86:ae:80:4e:04:95:
9f:1e:a5:e4:28:b8:60:d3:54:65:01:3b:e6:f0:69:
03:d3:71:df:b8:6f:b6:d2:81:65:94:95:63:7b:a2:
b3:ba:ad:57:a0:73:84:3f:0c:0a:b8:08:a8:26:d4:
ea:84:00:80:6b:d4:38:0d:85:73:4e:85:dd:38:aa:
47:9a:ae:97:5f:70:08:78:1e:8a:93:24:ed:69:cd:
61:8c:a1:63:2b:11:16:8e:07:ac:c5:53:ea:ce:ff:
4c:96:87:d8:e9:5e:f1:d8:f2:86:63:0a:6d:ba:71:
52:70:c5:23:3e:d2:d9:eb:34:95:40:46:99:9e:25:
c5:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:D1:F4:B2:0E:FD:C0:8D:15:BF:34:9D:FA:5E:9F:58:31:B7:38:C2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/A9H0sg79wI0VvzSd-l6fWDG3OMI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
68:a5:71:3f:f5:5e:5d:6d:cd:93:3e:a3:cc:d5:8f:59:f4:66:
e4:3c:6a:ae:f2:78:fa:8d:e5:de:fa:87:ff:fa:3f:31:76:ac:
5f:88:1a:27:1d:6c:7b:25:15:fb:29:28:be:0d:ac:c5:b0:07:
c1:f4:5b:e7:6b:48:8b:3b:a9:58:ff:24:1c:80:93:52:dd:2d:
2f:0f:ed:e4:25:88:f0:4c:7b:2b:4f:e7:63:46:14:0c:d7:cf:
2c:74:17:2a:d0:3b:df:bf:7d:5d:1b:e8:d4:18:f9:4a:61:23:
53:c5:2d:98:78:79:b7:21:00:5f:3b:ff:e9:f5:ba:21:66:06:
54:86:31:5a:f6:40:5d:94:8f:cd:89:9d:71:28:8e:d4:bb:5c:
b2:3c:97:33:d6:ab:d8:73:21:32:e8:f9:c9:76:a8:c9:05:79:
3e:18:c4:b9:17:45:d8:e8:34:67:b1:08:27:ee:fa:de:89:a7:
94:fd:06:a2:9e:cc:8f:c2:04:46:ab:08:fe:b3:ea:80:41:a9:
10:0f:36:a2:8d:17:01:0c:ad:10:0a:90:8d:dc:20:d7:1e:c1:
0f:fd:01:2c:12:0d:1e:37:06:e6:2c:de:1d:46:9d:50:53:a2:
cd:63:be:e5:03:50:c6:25:15:4c:ed:ef:16:78:f6:8a:45:8d:
9d:0c:c9:63
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICO9YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgw
ODUyMzZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAzRDFGNEIyMEVGREMw
OEQxNUJGMzQ5REZBNUU5RjU4MzFCNzM4QzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhYJzQyhK1lph254/+nyFJ12nW9N7Zfn1fNSm7aH/YsdMBwswB
UJmM4SuVUmHTM5JqO5Ye6J6FU82I2s4k9ce27dx8kTXqx8LL8vlRISZThXIUTzpT
0A+eE1MDyEEPi1hOAeg94tXiJzTd1jHzab5m1vhlqR4w2lwGGF1lXF1rYYaugE4E
lZ8epeQouGDTVGUBO+bwaQPTcd+4b7bSgWWUlWN7orO6rVegc4Q/DAq4CKgm1OqE
AIBr1DgNhXNOhd04qkearpdfcAh4HoqTJO1pzWGMoWMrERaOB6zFU+rO/0yWh9jp
XvHY8oZjCm26cVJwxSM+0tnrNJVARpmeJcUnAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUA9H0sg79wI0VvzSd+l6fWDG3OMIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0E5SDBzZzc5d0kwVnZ6
U2QtbDZmV0RHM09NSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAaKVxP/VeXW3Nkz6jzNWPWfRm5DxqrvJ4
+o3l3vqH//o/MXasX4gaJx1seyUV+ykovg2sxbAHwfRb52tIizupWP8kHICTUt0t
Lw/t5CWI8Ex7K0/nY0YUDNfPLHQXKtA73799XRvo1Bj5SmEjU8UtmHh5tyEAXzv/
6fW6IWYGVIYxWvZAXZSPzYmdcSiO1LtcsjyXM9ar2HMhMuj5yXaoyQV5PhjEuRdF
2Og0Z7EIJ+763omnlP0Gop7Mj8IERqsI/rPqgEGpEA82oo0XAQytEAqQjdwg1x7B
D/0BLBINHjcG5izeHUadUFOizWO+5QNQxiUVTO3vFnj2ikWNnQzJYw==
-----END CERTIFICATE-----
Generated at Sun May 18 02:08:28 2025 by rpki-client