Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/9nCtWogj6pQ_5ussA3ltpVQB86k.roa
File: 9nCtWogj6pQ_5ussA3ltpVQB86k.roa (raw, json)
Hash identifier: B8kzeT8Ff88csZNw+ikYdp9Ujf5EPpHOKi9Ivaf23lM=
Subject key identifier: F6:70:AD:5A:88:23:EA:94:3F:E6:EB:2C:03:79:6D:A5:54:01:F3:A9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 540E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9nCtWogj6pQ_5ussA3ltpVQB86k.roa
Signing time: Fri 10 May 2024 15:54:09 +0000
ROA not before: Fri 10 May 2024 15:54:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21518 (0x540e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 15:54:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F670AD5A8823EA943FE6EB2C03796DA55401F3A9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:04:7f:45:cc:43:c1:9f:22:7b:4a:88:20:57:
58:00:a5:f4:9a:ce:dd:8c:1a:26:a7:b0:7e:8d:3f:
80:5c:2e:f7:8e:91:57:ee:5f:d1:52:b6:c8:bd:65:
f2:e0:53:bb:9f:dc:b5:53:11:cf:52:90:e6:91:d6:
16:17:38:96:11:0b:ff:fd:42:61:90:cd:9f:61:a1:
8d:50:4f:74:4a:27:42:dc:ab:87:ab:c1:ae:91:67:
6a:ed:4f:0f:51:8c:3d:0d:20:8b:0a:04:1c:b5:8e:
57:bf:40:2c:be:13:eb:79:83:e9:36:5d:f5:81:f9:
04:1e:90:c2:ee:8f:76:3c:02:a8:61:4a:87:7f:cb:
96:b2:ab:1d:4e:b9:4d:1c:df:a8:bb:39:69:fe:f2:
a7:f4:c2:2b:1f:91:5d:4f:d3:0f:46:c3:3c:38:45:
5c:db:a3:3d:65:a6:6d:17:d5:f5:14:1c:64:b6:82:
7d:05:42:bf:01:6a:32:7e:37:8d:44:1a:05:76:33:
3f:7d:f8:65:53:1f:57:ef:aa:51:5d:f4:75:4c:05:
ad:39:42:16:a1:07:d7:b9:38:5c:6b:d8:e3:da:e5:
75:8d:27:ca:91:1e:cc:61:1c:d3:27:f0:23:fd:56:
b9:0d:a5:a8:af:3a:b9:dd:45:e7:49:37:bb:62:7a:
8d:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:70:AD:5A:88:23:EA:94:3F:E6:EB:2C:03:79:6D:A5:54:01:F3:A9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9nCtWogj6pQ_5ussA3ltpVQB86k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
22:05:2f:d3:4b:28:b9:c8:fe:df:2f:13:b6:ca:eb:d1:52:5b:
83:89:19:62:0b:a7:e3:80:3e:e8:be:89:26:b4:2f:53:3a:23:
b2:ff:f9:40:64:8d:a2:fd:a5:a4:92:56:05:11:22:5a:d6:30:
37:d0:eb:c9:78:a3:b0:59:4a:13:cf:8a:54:23:15:70:06:9b:
67:d2:b6:bd:9a:96:dd:b4:07:0e:a6:81:50:4a:44:d3:b7:18:
e6:df:a2:3e:80:ad:b8:41:f9:6d:9e:e2:d1:6c:59:7d:4a:91:
e1:2b:5c:31:45:79:df:40:11:a6:20:8b:11:ad:f1:d8:02:99:
50:c2:74:6e:c3:93:99:6b:23:50:a5:ec:41:0b:b1:e2:6f:ef:
62:63:90:65:a9:46:5d:b8:69:c2:7d:87:75:23:19:16:37:e7:
1d:7f:a1:78:02:b6:45:15:82:b4:b2:71:3d:9e:32:5d:77:3f:
65:35:28:25:b7:7d:8e:7d:53:f6:6d:99:5e:8f:78:2f:1d:e1:
c9:de:8f:8a:4e:25:03:e4:6a:ab:7a:f9:ca:d0:02:3c:0d:1f:
20:2e:37:59:2e:6f:2f:24:4f:37:74:51:21:12:11:de:c9:ac:
4a:26:5c:eb:a9:fa:de:19:18:4e:ab:26:bc:1d:55:6b:7c:8b:
8b:05:c7:a6
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVA4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAx
NTU0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY2NzBBRDVBODgyM0VB
OTQzRkU2RUIyQzAzNzk2REE1NTQwMUYzQTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1BH9FzEPBnyJ7SoggV1gApfSazt2MGiansH6NP4BcLveOkVfu
X9FStsi9ZfLgU7uf3LVTEc9SkOaR1hYXOJYRC//9QmGQzZ9hoY1QT3RKJ0Lcq4er
wa6RZ2rtTw9RjD0NIIsKBBy1jle/QCy+E+t5g+k2XfWB+QQekMLuj3Y8AqhhSod/
y5ayqx1OuU0c36i7OWn+8qf0wisfkV1P0w9Gwzw4RVzboz1lpm0X1fUUHGS2gn0F
Qr8BajJ+N41EGgV2Mz99+GVTH1fvqlFd9HVMBa05QhahB9e5OFxr2OPa5XWNJ8qR
HsxhHNMn8CP9VrkNpaivOrndRedJN7tieo3NAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU9nCtWogj6pQ/5ussA3ltpVQB86kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzluQ3RXb2dqNnBRXzV1
c3NBM2x0cFZRQjg2ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAIgUv00soucj+3y8Ttsrr0VJbg4kZYgun
44A+6L6JJrQvUzojsv/5QGSNov2lpJJWBREiWtYwN9DryXijsFlKE8+KVCMVcAab
Z9K2vZqW3bQHDqaBUEpE07cY5t+iPoCtuEH5bZ7i0WxZfUqR4StcMUV530ARpiCL
Ea3x2AKZUMJ0bsOTmWsjUKXsQQux4m/vYmOQZalGXbhpwn2HdSMZFjfnHX+heAK2
RRWCtLJxPZ4yXXc/ZTUoJbd9jn1T9m2ZXo94Lx3hyd6Pik4lA+Rqq3r5ytACPA0f
IC43WS5vLyRPN3RRIRIR3smsSiZc66n63hkYTqsmvB1Va3yLiwXHpg==
-----END CERTIFICATE-----
Generated at Mon Apr 14 23:29:43 2025 by rpki-client