Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/6ft7P4JZL_NE2uX-Ttf4X0mTNVA.roa
File: 6ft7P4JZL_NE2uX-Ttf4X0mTNVA.roa (raw, json)
Hash identifier: bKVXlPvscJoPJ3/NtjszRnqq+QGkiKr7O1t34ZfQgkc=
Subject key identifier: E9:FB:7B:3F:82:59:2F:F3:44:DA:E5:FE:4E:D7:F8:5F:49:93:35:50
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 379A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6ft7P4JZL_NE2uX-Ttf4X0mTNVA.roa
Signing time: Tue 02 Apr 2024 17:22:14 +0000
ROA not before: Tue 02 Apr 2024 17:22:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14234 (0x379a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 2 17:22:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E9FB7B3F82592FF344DAE5FE4ED7F85F49933550
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fb:cb:de:9b:f2:39:2a:eb:a1:60:5c:36:db:0f:
88:f5:2e:e5:a6:19:56:85:fd:e3:c3:87:d4:78:d1:
e3:ba:b6:52:de:b6:f9:df:e5:ab:70:fc:5f:e5:10:
cb:ba:4f:8b:c9:b5:67:1f:a4:2d:d1:9d:08:48:20:
0b:88:a2:92:c4:da:ab:41:2d:e7:ac:a7:0a:83:c9:
44:1f:4f:fd:f8:60:39:dc:34:b2:aa:07:93:b4:39:
d6:55:7f:4e:e5:dc:a5:b4:c8:28:a6:f6:8d:09:0b:
fa:a0:5a:55:80:c6:07:de:f7:d8:38:6e:58:7f:a0:
f4:12:5b:98:29:37:9f:2c:5b:8b:ed:ee:10:07:a9:
c4:4b:98:b0:ac:b9:ff:44:e8:65:63:6a:9a:27:32:
5c:d1:cf:7e:32:f9:3a:cb:34:a0:b5:d7:3e:9f:ca:
e9:7f:31:e9:10:ac:11:b0:55:d0:a5:e1:e4:97:42:
49:82:d7:d0:af:fe:a5:f7:95:77:b4:30:b5:5e:dd:
fb:4f:e4:2e:11:85:c5:6e:ae:0c:33:a5:b3:d1:e0:
9c:50:bd:e3:f5:16:70:78:72:02:b7:4f:ec:3f:c0:
ed:30:c0:e1:10:6e:36:d5:30:ce:a1:e0:83:33:63:
47:d8:1f:84:86:40:a5:f0:2b:6f:21:5e:22:c9:f2:
f6:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:FB:7B:3F:82:59:2F:F3:44:DA:E5:FE:4E:D7:F8:5F:49:93:35:50
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6ft7P4JZL_NE2uX-Ttf4X0mTNVA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a5:ab:4d:80:5e:cf:c5:45:d2:83:80:70:c2:19:2d:52:0d:aa:
2c:3f:18:7c:b8:84:57:6a:dc:e9:0d:b5:5d:68:5b:80:5b:33:
1d:21:62:fe:0e:37:18:a8:4e:37:fa:c4:6d:b3:84:21:71:09:
b0:c3:19:68:6e:a0:b4:b9:53:23:37:ea:c4:1d:72:9d:11:53:
e9:70:73:ad:f5:49:51:21:c3:c8:dd:0f:60:a0:8e:0c:a8:2f:
dd:e5:fa:fc:ab:fe:34:45:83:bd:29:0c:2d:b9:97:3a:cb:49:
01:12:ab:ed:a6:48:6c:e4:89:b9:f1:69:b2:b2:d0:33:8c:3b:
63:ac:9f:8b:f3:b0:fc:86:94:9d:3a:ec:e7:78:c6:1d:71:9c:
54:d0:db:b4:5a:39:78:6f:76:82:6f:81:d8:71:4b:4e:cc:99:
fe:ae:38:f4:41:0e:10:7e:7e:c8:14:77:af:75:bf:ce:f9:b0:
ff:2e:a1:49:af:ff:e1:fd:14:e0:24:c4:86:2e:84:8f:f4:dd:
ea:06:0f:83:97:96:af:43:33:8f:3e:5f:be:38:9b:9b:f6:5c:
83:07:ee:12:d3:55:4f:3a:67:ff:de:72:f5:21:96:3f:65:1f:
83:2a:e2:0c:94:73:b1:5a:6f:46:89:81:ec:33:28:d6:52:e2:
53:c7:f0:1f
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICN5owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDIx
NzIyMTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU5RkI3QjNGODI1OTJG
RjM0NERBRTVGRTRFRDdGODVGNDk5MzM1NTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD7y96b8jkq66FgXDbbD4j1LuWmGVaF/ePDh9R40eO6tlLetvnf
5atw/F/lEMu6T4vJtWcfpC3RnQhIIAuIopLE2qtBLeespwqDyUQfT/34YDncNLKq
B5O0OdZVf07l3KW0yCim9o0JC/qgWlWAxgfe99g4blh/oPQSW5gpN58sW4vt7hAH
qcRLmLCsuf9E6GVjaponMlzRz34y+TrLNKC11z6fyul/MekQrBGwVdCl4eSXQkmC
19Cv/qX3lXe0MLVe3ftP5C4RhcVurgwzpbPR4JxQveP1FnB4cgK3T+w/wO0wwOEQ
bjbVMM6h4IMzY0fYH4SGQKXwK28hXiLJ8vYhAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU6ft7P4JZL/NE2uX+Ttf4X0mTNVAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzZmdDdQNEpaTF9ORTJ1
WC1UdGY0WDBtVE5WQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEApatNgF7PxUXSg4BwwhktUg2qLD8YfLiE
V2rc6Q21XWhbgFszHSFi/g43GKhON/rEbbOEIXEJsMMZaG6gtLlTIzfqxB1ynRFT
6XBzrfVJUSHDyN0PYKCODKgv3eX6/Kv+NEWDvSkMLbmXOstJARKr7aZIbOSJufFp
srLQM4w7Y6yfi/Ow/IaUnTrs53jGHXGcVNDbtFo5eG92gm+B2HFLTsyZ/q449EEO
EH5+yBR3r3W/zvmw/y6hSa//4f0U4CTEhi6Ej/Td6gYPg5eWr0Mzjz5fvjibm/Zc
gwfuEtNVTzpn/95y9SGWP2UfgyriDJRzsVpvRomB7DMo1lLiU8fwHw==
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:04 2025 by rpki-client