Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/G4PcMg-4HJ64kuWY4QHv094O4vQ.roa
File: G4PcMg-4HJ64kuWY4QHv094O4vQ.roa (raw, json)
Hash identifier: 8F7ZYTncDkkNkZp6tm3ZrVZ2CfaLL3gkeEvO9ViTeyg=
Subject key identifier: 1B:83:DC:32:0F:B8:1C:9E:B8:92:E5:98:E1:01:EF:D3:DE:0E:E2:F4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C02
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G4PcMg-4HJ64kuWY4QHv094O4vQ.roa
Signing time: Mon 29 Apr 2024 22:23:31 +0000
ROA not before: Mon 29 Apr 2024 22:23:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19458 (0x4c02)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 22:23:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1B83DC320FB81C9EB892E598E101EFD3DE0EE2F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:ce:02:77:3b:d2:39:a2:37:47:8d:1a:76:51:
05:9e:dd:a1:67:9c:03:96:4c:9f:97:d2:6b:1c:d1:
f4:2e:f3:b9:94:30:99:b7:ab:46:01:fb:ab:bd:e2:
77:ce:47:f3:18:cc:69:44:1a:ee:9c:3f:f2:38:a1:
47:46:fa:c9:c5:77:e6:c9:d2:13:09:7e:92:7b:e4:
cc:72:dc:7b:91:0e:c3:ca:2c:9f:87:25:2a:2f:d9:
4d:7d:2b:d8:f0:89:8e:2f:3c:c5:18:9e:1b:87:a5:
3e:61:07:83:79:3b:df:81:a0:c1:e9:a2:63:2b:fe:
db:ae:d6:ed:76:52:c8:5a:2b:8b:1a:75:df:07:a5:
f4:7c:cc:a6:af:a9:5f:26:fe:16:4f:1c:fd:cc:f2:
6c:df:d1:d6:08:0f:8a:65:e6:cb:ac:b4:74:db:c4:
0e:ca:1c:d2:00:2c:bf:0a:5f:a1:08:f8:13:0d:75:
a3:f9:06:f5:13:bd:63:8f:7a:d6:72:09:5b:5e:d7:
c0:46:cd:81:6e:70:e4:19:1b:86:1e:a9:05:24:0b:
28:1b:55:89:63:15:d4:c5:fb:86:e2:89:1c:cc:b8:
69:08:2c:48:98:56:37:66:43:94:7c:e5:7e:48:7c:
dc:4f:4b:01:10:c8:8f:5c:6a:c5:ca:44:71:4a:5a:
5b:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:83:DC:32:0F:B8:1C:9E:B8:92:E5:98:E1:01:EF:D3:DE:0E:E2:F4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G4PcMg-4HJ64kuWY4QHv094O4vQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
80:29:57:42:fd:b6:30:d0:78:a2:b7:a2:9e:77:4c:4d:f6:0a:
2e:b5:a7:4a:0d:20:da:b1:fb:b5:bd:da:ff:9d:5f:f0:95:03:
68:57:ae:fd:9a:52:9c:38:52:e5:5b:dd:64:ec:35:5d:a7:82:
5a:58:ce:0c:e4:aa:af:47:31:20:a7:97:79:36:df:2f:6c:22:
28:86:d8:cf:83:30:43:fc:ea:6f:58:50:73:1d:8a:ab:37:d9:
21:8d:7e:bf:50:c2:c6:16:7f:86:65:60:a4:85:4c:f0:03:36:
2e:09:e2:b1:e5:2d:75:fd:15:ad:8f:00:6c:8f:df:fd:98:5d:
8e:bd:f8:39:2f:1d:b5:1d:3f:0c:a1:23:13:db:13:59:0f:c9:
87:9c:02:42:5a:ba:0e:6f:fe:ba:33:cb:1c:4a:7a:df:05:24:
75:7c:87:ee:ee:9e:ae:66:e6:4f:8d:dc:a5:b2:cc:77:f1:0d:
e9:c5:d2:ac:e4:2c:56:b4:50:6a:6c:2d:f3:96:3e:45:72:99:
2c:be:d0:aa:f0:c7:88:04:3d:92:3f:8c:6b:6f:ec:e8:96:b2:
3b:b4:62:46:d0:40:b2:94:73:59:b3:64:d3:a4:03:1c:3c:fe:
46:4f:ee:98:ba:5b:5b:7c:bc:b8:d1:44:d3:eb:18:b2:44:f4:
a9:3c:b4:9f
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICTAIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjky
MjIzMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFCODNEQzMyMEZCODFD
OUVCODkyRTU5OEUxMDFFRkQzREUwRUUyRjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDpzgJ3O9I5ojdHjRp2UQWe3aFnnAOWTJ+X0msc0fQu87mUMJm3
q0YB+6u94nfOR/MYzGlEGu6cP/I4oUdG+snFd+bJ0hMJfpJ75Mxy3HuRDsPKLJ+H
JSov2U19K9jwiY4vPMUYnhuHpT5hB4N5O9+BoMHpomMr/tuu1u12UshaK4sadd8H
pfR8zKavqV8m/hZPHP3M8mzf0dYID4pl5sustHTbxA7KHNIALL8KX6EI+BMNdaP5
BvUTvWOPetZyCVte18BGzYFucOQZG4YeqQUkCygbVYljFdTF+4biiRzMuGkILEiY
VjdmQ5R85X5IfNxPSwEQyI9casXKRHFKWltPAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUG4PcMg+4HJ64kuWY4QHv094O4vQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0c0UGNNZy00SEo2NGt1
V1k0UUh2MDk0TzR2US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAgClXQv22MNB4oreinndMTfYKLrWnSg0g
2rH7tb3a/51f8JUDaFeu/ZpSnDhS5VvdZOw1XaeCWljODOSqr0cxIKeXeTbfL2wi
KIbYz4MwQ/zqb1hQcx2KqzfZIY1+v1DCxhZ/hmVgpIVM8AM2LgniseUtdf0VrY8A
bI/f/Zhdjr34OS8dtR0/DKEjE9sTWQ/Jh5wCQlq6Dm/+ujPLHEp63wUkdXyH7u6e
rmbmT43cpbLMd/EN6cXSrOQsVrRQamwt85Y+RXKZLL7QqvDHiAQ9kj+Ma2/s6Jay
O7RiRtBAspRzWbNk06QDHDz+Rk/umLpbW3y8uNFE0+sYskT0qTy0nw==
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:25 2025 by rpki-client