Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/6FQaxUi1UPdgqWeCYJHU9o-1Uz4.roa
File: 6FQaxUi1UPdgqWeCYJHU9o-1Uz4.roa (raw, json)
Hash identifier: HAI59to6J8gVh2FQ1TgBfVeJlW2XKLJAxs98rbOkblk=
Subject key identifier: E8:54:1A:C5:48:B5:50:F7:60:A9:67:82:60:91:D4:F6:8F:B5:53:3E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34D6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6FQaxUi1UPdgqWeCYJHU9o-1Uz4.roa
Signing time: Sat 30 Mar 2024 00:52:12 +0000
ROA not before: Sat 30 Mar 2024 00:52:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13526 (0x34d6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 00:52:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E8541AC548B550F760A967826091D4F68FB5533E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:28:96:cd:6a:54:c1:9c:d3:9e:07:81:4f:fe:
c0:49:c9:6b:00:03:01:f0:c3:0b:c1:e5:4b:ae:de:
90:26:f5:54:71:4f:bd:c8:a9:9e:02:38:6b:f8:ea:
05:07:ad:cb:b9:ce:07:97:4b:7e:68:0e:73:3e:57:
8b:11:70:26:dd:11:1d:a8:b7:20:e0:71:17:49:a6:
61:be:a6:95:91:d3:47:8d:af:0a:39:4a:fd:a3:58:
f1:25:a1:51:91:52:8e:44:40:46:45:87:7e:5d:8a:
fc:23:d8:15:5c:58:48:2f:0d:34:60:c6:6a:2d:3d:
4b:b2:8d:28:d6:10:63:30:b6:9c:55:65:0d:e0:fb:
d3:e5:25:52:b7:88:44:38:56:47:81:ef:59:29:0f:
ad:c3:95:96:81:d0:db:82:99:11:32:a2:00:0d:ca:
86:36:dd:d4:fa:f9:73:78:67:1e:c1:8d:8f:05:77:
da:78:b5:cc:4d:fb:5e:ce:06:b3:76:2b:a2:41:fc:
84:42:6b:99:04:e7:3a:0c:ab:49:50:69:5d:59:e2:
8c:ea:86:10:ca:76:ca:eb:72:00:5c:74:7a:e6:f0:
5a:3b:09:ec:7b:76:bb:d9:c5:21:5e:73:98:03:6c:
16:0f:f6:33:3b:e7:70:d5:73:7a:bc:cd:ac:66:c6:
73:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:54:1A:C5:48:B5:50:F7:60:A9:67:82:60:91:D4:F6:8F:B5:53:3E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6FQaxUi1UPdgqWeCYJHU9o-1Uz4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1e:ee:cd:0b:70:5c:36:f3:63:92:6b:03:03:8a:26:b1:11:77:
ad:ae:29:86:2b:97:b0:ef:13:3e:33:c0:44:a7:3e:68:94:12:
d7:56:80:1d:ab:93:df:f3:39:e8:c0:45:a5:2b:21:3a:4a:94:
5b:74:0d:60:35:a3:24:be:d9:f9:2c:9b:7e:2b:0c:ca:2f:d1:
a6:28:17:26:eb:d8:43:70:29:76:65:85:a0:0f:6a:0f:fe:53:
d7:fa:c7:ab:47:ed:37:5e:bf:a1:06:db:cc:2a:de:d5:2d:01:
56:da:8c:56:2d:a8:c8:98:a9:12:fb:15:05:28:ff:ce:1f:65:
de:62:76:fa:04:0b:ee:c5:eb:fa:00:4f:f5:50:8d:34:08:f3:
34:b7:c7:ca:3a:5c:55:21:98:fb:9f:25:f8:82:75:44:31:c3:
1e:74:4f:6d:28:87:c8:89:ea:49:0d:79:b5:6e:70:ae:ef:2c:
82:4e:0f:93:52:96:cd:fa:bd:04:5f:ca:26:14:b1:5f:0c:99:
e9:a7:bd:0e:a6:44:b0:5d:12:f1:60:f2:8f:4d:b1:a7:d7:40:
35:9e:06:58:4d:cc:7d:f1:2c:d7:ec:ca:14:02:85:f5:ec:01:
d5:f3:f9:fa:a8:42:ed:82:e3:cf:81:58:68:de:55:50:7e:e3:
04:92:19:1e
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICNNYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAw
MDUyMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU4NTQxQUM1NDhCNTUw
Rjc2MEE5Njc4MjYwOTFENEY2OEZCNTUzM0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRKJbNalTBnNOeB4FP/sBJyWsAAwHwwwvB5Uuu3pAm9VRxT73I
qZ4COGv46gUHrcu5zgeXS35oDnM+V4sRcCbdER2otyDgcRdJpmG+ppWR00eNrwo5
Sv2jWPEloVGRUo5EQEZFh35divwj2BVcWEgvDTRgxmotPUuyjSjWEGMwtpxVZQ3g
+9PlJVK3iEQ4VkeB71kpD63DlZaB0NuCmREyogANyoY23dT6+XN4Zx7BjY8Fd9p4
tcxN+17OBrN2K6JB/IRCa5kE5zoMq0lQaV1Z4ozqhhDKdsrrcgBcdHrm8Fo7Cex7
drvZxSFec5gDbBYP9jM753DVc3q8zaxmxnPVAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU6FQaxUi1UPdgqWeCYJHU9o+1Uz4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzZGUWF4VWkxVVBkZ3FX
ZUNZSkhVOW8tMVV6NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAHu7NC3BcNvNjkmsDA4omsRF3ra4phiuX
sO8TPjPARKc+aJQS11aAHauT3/M56MBFpSshOkqUW3QNYDWjJL7Z+SybfisMyi/R
pigXJuvYQ3ApdmWFoA9qD/5T1/rHq0ftN16/oQbbzCre1S0BVtqMVi2oyJipEvsV
BSj/zh9l3mJ2+gQL7sXr+gBP9VCNNAjzNLfHyjpcVSGY+58l+IJ1RDHDHnRPbSiH
yInqSQ15tW5wru8sgk4Pk1KWzfq9BF/KJhSxXwyZ6ae9DqZEsF0S8WDyj02xp9dA
NZ4GWE3MffEs1+zKFAKF9ewB1fP5+qhC7YLjz4FYaN5VUH7jBJIZHg==
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:55 2025 by rpki-client