Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PS_G6gIZN0SyKSEAgmVSNtV034w.roa
File: PS_G6gIZN0SyKSEAgmVSNtV034w.roa (raw, json)
Hash identifier: 4ioXwShjlDqH/uGPisUULUt3l9QdX7dEqRI3/Qw5Ufw=
Subject key identifier: 3D:2F:C6:EA:02:19:37:44:B2:29:21:00:82:65:52:36:D5:74:DF:8C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3BFE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PS_G6gIZN0SyKSEAgmVSNtV034w.roa
Signing time: Mon 08 Apr 2024 13:52:35 +0000
ROA not before: Mon 08 Apr 2024 13:52:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15358 (0x3bfe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 13:52:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3D2FC6EA02193744B229210082655236D574DF8C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:e5:ff:e3:86:8f:03:25:2d:32:b7:aa:e4:a3:
89:4a:6a:45:63:1e:00:c0:08:df:32:71:92:60:72:
d8:6a:87:0b:63:a7:8e:cf:e1:f9:27:57:46:83:d1:
a7:72:b2:16:d4:9d:86:ed:1a:b6:2d:bd:b9:b3:da:
a0:95:00:e9:b4:cf:7d:4e:bb:67:08:47:09:54:6d:
8f:c4:f2:92:45:71:f2:94:d0:af:90:6c:c4:ee:6f:
09:41:cf:ce:58:f1:19:b4:52:d4:f4:41:a8:4c:ba:
b2:e3:9a:12:5d:b3:08:13:9b:d0:12:2a:0c:b6:68:
37:49:01:86:01:38:a4:24:fd:ca:5a:c9:26:35:af:
c7:2a:7c:75:8e:81:be:6f:33:6a:a2:68:b1:20:86:
be:bf:3b:81:cf:35:0a:e3:20:bd:70:de:9c:11:97:
63:02:60:65:72:5c:a3:13:46:e0:14:16:93:18:a8:
0e:f2:31:c6:04:b2:11:d9:53:a8:be:a9:f6:0a:90:
77:3b:c6:50:60:a1:c7:fb:42:c0:fe:00:a1:69:9f:
0a:dd:be:29:08:af:76:a5:50:dd:5d:48:57:48:98:
9e:0d:70:ef:72:04:d3:63:cd:fa:b0:95:be:7c:60:
e8:ca:a3:ed:45:fd:44:c0:d6:18:9a:e6:d5:34:3a:
0b:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:2F:C6:EA:02:19:37:44:B2:29:21:00:82:65:52:36:D5:74:DF:8C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PS_G6gIZN0SyKSEAgmVSNtV034w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
11:5a:24:e1:74:6a:1a:08:4f:4d:9a:98:af:36:4b:5f:8b:39:
8c:e9:3f:5f:fd:a6:c3:07:49:c7:d0:7b:f9:ff:53:9d:ad:ba:
83:36:af:ea:47:5e:04:95:71:b1:a6:ee:99:ad:2e:7c:9f:bb:
62:ee:10:54:a3:e6:24:78:86:a8:9d:c2:43:50:ad:4c:66:c1:
85:86:60:59:2c:27:11:53:d9:73:96:15:39:3c:cc:ec:b4:dc:
18:81:00:b7:1d:7f:e3:1e:bc:78:2a:c7:5e:cb:9b:dd:96:b2:
41:ce:b9:fc:7f:ca:03:6c:c3:a7:c9:87:f6:b2:d7:39:3e:42:
8b:c8:4e:fa:ed:a4:42:77:75:fb:ef:fb:74:20:70:a7:d2:91:
8b:c6:4b:c3:f8:9a:23:9f:d2:6c:59:71:a2:46:a0:d1:b9:8b:
4d:a1:43:65:8d:36:6f:f2:11:94:20:13:be:68:4c:21:60:36:
81:37:bc:9d:1a:4a:be:c2:2d:f7:01:f5:f9:da:c5:94:70:42:
b9:6f:40:70:b5:1f:ae:af:3a:95:33:98:34:c3:59:09:19:76:
f6:1c:cb:4d:03:14:1d:27:83:5c:5e:b6:84:cc:f7:e2:f5:06:
dd:86:05:8a:b7:a4:38:6f:29:dd:66:83:20:81:dc:6f:aa:9e:
8f:73:10:d1
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICO/4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgx
MzUyMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNEMkZDNkVBMDIxOTM3
NDRCMjI5MjEwMDgyNjU1MjM2RDU3NERGOEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDS5f/jho8DJS0yt6rko4lKakVjHgDACN8ycZJgcthqhwtjp47P
4fknV0aD0adyshbUnYbtGrYtvbmz2qCVAOm0z31Ou2cIRwlUbY/E8pJFcfKU0K+Q
bMTubwlBz85Y8Rm0UtT0QahMurLjmhJdswgTm9ASKgy2aDdJAYYBOKQk/cpaySY1
r8cqfHWOgb5vM2qiaLEghr6/O4HPNQrjIL1w3pwRl2MCYGVyXKMTRuAUFpMYqA7y
McYEshHZU6i+qfYKkHc7xlBgocf7QsD+AKFpnwrdvikIr3alUN1dSFdImJ4NcO9y
BNNjzfqwlb58YOjKo+1F/UTA1hia5tU0OgtxAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUPS/G6gIZN0SyKSEAgmVSNtV034wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BTX0c2Z0laTjBTeUtT
RUFnbVZTTnRWMDM0dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAEVok4XRqGghPTZqYrzZLX4s5jOk/X/2m
wwdJx9B7+f9Tna26gzav6kdeBJVxsabuma0ufJ+7Yu4QVKPmJHiGqJ3CQ1CtTGbB
hYZgWSwnEVPZc5YVOTzM7LTcGIEAtx1/4x68eCrHXsub3ZayQc65/H/KA2zDp8mH
9rLXOT5Ci8hO+u2kQnd1++/7dCBwp9KRi8ZLw/iaI5/SbFlxokag0bmLTaFDZY02
b/IRlCATvmhMIWA2gTe8nRpKvsIt9wH1+drFlHBCuW9AcLUfrq86lTOYNMNZCRl2
9hzLTQMUHSeDXF62hMz34vUG3YYFirekOG8p3WaDIIHcb6qej3MQ0Q==
-----END CERTIFICATE-----
Generated at Sat May 17 22:46:46 2025 by rpki-client