Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/n275-1sGe_vbosnypYhU6-RFItE.roa
File: n275-1sGe_vbosnypYhU6-RFItE.roa (raw, json)
Hash identifier: gjfFWI6KxyQH6kW0x/K5Xd6kiq0R9Lt7K1quMmYEfnY=
Subject key identifier: 9F:6E:F9:FB:5B:06:7B:FB:DB:A2:C9:F2:A5:88:54:EB:E4:45:22:D1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 379E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/n275-1sGe_vbosnypYhU6-RFItE.roa
Signing time: Tue 02 Apr 2024 17:52:40 +0000
ROA not before: Tue 02 Apr 2024 17:52:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14238 (0x379e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 2 17:52:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=9F6EF9FB5B067BFBDBA2C9F2A58854EBE44522D1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:88:95:e1:99:62:ef:41:fa:32:ab:d9:5e:4d:
e2:89:db:1c:a5:6a:60:52:37:f3:a5:08:ae:c1:ba:
ca:5f:02:16:2d:5d:9b:a6:20:c0:42:bc:21:32:30:
64:4c:73:e8:ae:3a:60:6f:49:36:14:6b:a5:ec:93:
ac:9a:56:fb:a8:c4:59:23:6f:ed:25:89:88:42:71:
52:39:87:6a:da:6e:e6:32:15:04:18:55:3b:c8:95:
c0:56:e6:ee:f8:25:18:ba:40:01:c8:0d:2b:a8:eb:
49:53:7c:70:46:a8:c5:59:5d:1e:02:2f:50:8b:9f:
3f:ca:ef:fa:7d:18:0d:98:9d:ea:33:95:a3:0f:03:
07:c3:b3:9c:2c:d5:4c:11:40:1a:d5:b7:d2:d5:8c:
c4:93:6a:75:69:c6:c7:69:b0:e7:29:02:4b:b5:2a:
0e:fb:d0:05:1f:12:9e:36:69:9c:73:d7:73:df:05:
63:ed:cd:af:79:eb:2f:d0:36:50:34:69:c2:2d:0c:
3c:2e:fd:45:02:6f:8f:de:f5:ee:b5:7e:14:39:9c:
03:a2:04:b6:0b:4d:87:e4:03:68:25:67:8b:13:36:
25:ea:3e:e4:30:ab:66:ab:22:93:07:19:d1:15:01:
e3:b0:99:02:f3:6a:7d:f1:4b:66:b6:27:fc:8c:5c:
fc:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:6E:F9:FB:5B:06:7B:FB:DB:A2:C9:F2:A5:88:54:EB:E4:45:22:D1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/n275-1sGe_vbosnypYhU6-RFItE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
63:c0:40:4f:15:0c:23:10:33:8b:46:55:fc:c6:65:2c:be:e1:
d1:da:63:6a:a5:57:14:69:f7:1a:d3:73:4e:9f:15:87:21:5e:
96:79:9c:1f:4b:2e:65:d3:6f:d4:d8:d6:02:27:94:8a:87:90:
ab:6a:bc:00:e8:6d:5b:36:58:f1:6e:b0:6a:19:66:9a:40:4b:
d4:b2:78:e8:c3:e6:d7:04:f9:13:a2:af:ab:e3:48:59:f1:8e:
a8:45:c9:c2:ae:fb:72:4c:94:07:ae:80:28:75:d9:08:10:a8:
9a:22:8e:6b:61:83:0e:7c:b0:5d:17:4f:99:0b:61:b7:44:c8:
bb:f9:3d:3f:b0:0b:de:12:35:78:cb:b4:70:39:ef:1c:8f:a7:
67:08:65:ec:fa:9e:1b:9f:ca:30:31:1d:a8:a6:cb:fc:88:c0:
cd:ef:ca:4a:4b:8b:46:2f:1d:80:03:97:6c:c4:c4:91:7b:8f:
66:d1:37:0a:ca:b4:ff:0f:8d:4a:58:bc:f5:48:f3:c2:12:89:
33:ed:39:f3:2a:80:bc:3a:33:30:7c:9b:25:d5:f1:61:7a:17:
f3:10:b3:9e:07:d5:4d:c9:17:8f:66:1b:2a:3c:e3:d6:85:89:
e1:a0:8d:87:9a:b5:0f:1e:cf:fe:5a:e6:11:04:42:b0:ba:57:
27:90:87:b3
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICN54wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDIx
NzUyNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDlGNkVGOUZCNUIwNjdC
RkJEQkEyQzlGMkE1ODg1NEVCRTQ0NTIyRDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPiJXhmWLvQfoyq9leTeKJ2xylamBSN/OlCK7BuspfAhYtXZum
IMBCvCEyMGRMc+iuOmBvSTYUa6Xsk6yaVvuoxFkjb+0liYhCcVI5h2rabuYyFQQY
VTvIlcBW5u74JRi6QAHIDSuo60lTfHBGqMVZXR4CL1CLnz/K7/p9GA2YneozlaMP
AwfDs5ws1UwRQBrVt9LVjMSTanVpxsdpsOcpAku1Kg770AUfEp42aZxz13PfBWPt
za956y/QNlA0acItDDwu/UUCb4/e9e61fhQ5nAOiBLYLTYfkA2glZ4sTNiXqPuQw
q2arIpMHGdEVAeOwmQLzan3xS2a2J/yMXPyZAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUn275+1sGe/vbosnypYhU6+RFItEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L24yNzUtMXNHZV92Ym9z
bnlwWWhVNi1SRkl0RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAY8BATxUMIxAzi0ZV/MZlLL7h0dpjaqVX
FGn3GtNzTp8VhyFelnmcH0suZdNv1NjWAieUioeQq2q8AOhtWzZY8W6wahlmmkBL
1LJ46MPm1wT5E6Kvq+NIWfGOqEXJwq77ckyUB66AKHXZCBComiKOa2GDDnywXRdP
mQtht0TIu/k9P7AL3hI1eMu0cDnvHI+nZwhl7PqeG5/KMDEdqKbL/IjAze/KSkuL
Ri8dgAOXbMTEkXuPZtE3Csq0/w+NSli89UjzwhKJM+058yqAvDozMHybJdXxYXoX
8xCzngfVTckXj2YbKjzj1oWJ4aCNh5q1Dx7P/lrmEQRCsLpXJ5CHsw==
-----END CERTIFICATE-----
Generated at Sat May 17 23:40:40 2025 by rpki-client