Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/at9o77pkXALMitEK7A5cDszy0Hg.roa
File: at9o77pkXALMitEK7A5cDszy0Hg.roa (raw, json)
Hash identifier: 0HAyUThStM5eLTwMFjMYNNt1jFSlsRm4yi99Rmfy5k4=
Subject key identifier: 6A:DF:68:EF:BA:64:5C:02:CC:8A:D1:0A:EC:0E:5C:0E:CC:F2:D0:78
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4BBE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/at9o77pkXALMitEK7A5cDszy0Hg.roa
Signing time: Mon 29 Apr 2024 13:53:51 +0000
ROA not before: Mon 29 Apr 2024 13:53:51 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19390 (0x4bbe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 13:53:51 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6ADF68EFBA645C02CC8AD10AEC0E5C0ECCF2D078
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:02:93:ce:5b:79:66:11:7f:7b:27:6d:3f:3b:
01:14:d4:1c:bd:94:fd:f2:7e:86:1a:94:5e:ac:bc:
81:42:24:12:b6:48:d1:70:cb:9b:a3:58:ae:1a:3e:
d7:76:8f:64:31:e2:2b:25:ab:e9:4e:98:e3:27:f1:
a7:0e:f8:e3:63:36:9d:8d:6f:c0:67:1b:e6:20:3e:
e8:d2:21:4b:b8:9c:0f:0e:da:eb:3d:6b:4c:c0:2a:
f7:95:6f:dd:d8:25:7a:34:e7:8b:c5:7e:6f:52:e0:
7a:da:b9:6e:52:5e:12:e8:16:be:fa:48:c1:41:ef:
16:af:9c:95:22:c6:2a:27:6a:22:c6:c6:73:a0:b2:
48:24:53:e4:3b:02:a9:d9:2c:74:2f:c9:37:09:04:
74:5a:73:e8:37:25:f3:30:d9:b2:5c:ab:12:12:52:
67:49:0d:a0:bc:f5:a4:2d:26:2f:f1:fa:a1:fb:5d:
21:c2:e6:2d:ca:bb:ef:52:8d:41:b6:01:3e:86:cf:
9d:4b:ab:ee:5e:bc:8b:00:8f:48:5b:c8:f8:70:86:
f7:de:1c:1f:50:a6:36:5e:32:0c:f1:99:5d:98:6d:
82:06:a4:c9:b2:fb:15:15:d0:6f:31:ed:b4:24:3d:
0c:77:fb:c9:1f:0e:bb:a2:d5:05:73:88:20:ae:d0:
73:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:DF:68:EF:BA:64:5C:02:CC:8A:D1:0A:EC:0E:5C:0E:CC:F2:D0:78
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/at9o77pkXALMitEK7A5cDszy0Hg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
21:55:2b:04:f8:fc:03:a8:6f:fd:59:a0:ab:df:2a:6e:ca:d9:
2a:e2:e8:63:26:4c:2b:6a:8f:1d:90:d7:d9:b8:87:e4:61:2c:
39:76:c4:d1:24:2e:87:b4:0b:0a:65:67:ee:ff:47:e5:8d:04:
42:8a:c8:13:01:e7:ef:38:8a:8e:2f:bb:2a:23:00:5e:c6:27:
c7:b0:ad:c8:47:37:ab:c5:a4:04:26:70:e9:ea:e0:79:78:c7:
21:03:72:80:4d:42:eb:e0:49:71:01:f5:a3:43:0b:25:b5:c3:
26:7f:d0:4a:58:82:f2:e7:be:4b:55:2e:c6:c7:87:b2:7e:94:
4b:8a:66:17:37:bf:c7:8d:bf:f5:ed:04:c9:0c:3d:74:b3:d6:
99:ab:bd:cd:21:44:75:5c:07:52:32:3f:64:65:c8:05:52:9a:
46:6f:d7:71:a3:7f:57:22:53:86:ef:01:bc:53:ec:d1:be:87:
69:48:8f:c5:8c:01:72:eb:85:25:85:32:b1:c0:55:15:f8:43:
ea:8d:62:46:ee:c7:18:b2:e0:bf:9f:7b:43:19:d7:4c:4d:0a:
fd:39:9e:60:38:c3:50:e3:33:2e:e2:c5:8c:32:d5:fa:a5:17:
fe:a3:3b:5e:9f:33:48:0b:6c:81:36:aa:65:93:54:b0:2b:ae:
4a:4d:2a:be
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICS74wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkx
MzUzNTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZBREY2OEVGQkE2NDVD
MDJDQzhBRDEwQUVDMEU1QzBFQ0NGMkQwNzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAApPOW3lmEX97J20/OwEU1By9lP3yfoYalF6svIFCJBK2SNFw
y5ujWK4aPtd2j2Qx4islq+lOmOMn8acO+ONjNp2Nb8BnG+YgPujSIUu4nA8O2us9
a0zAKveVb93YJXo054vFfm9S4HrauW5SXhLoFr76SMFB7xavnJUixionaiLGxnOg
skgkU+Q7AqnZLHQvyTcJBHRac+g3JfMw2bJcqxISUmdJDaC89aQtJi/x+qH7XSHC
5i3Ku+9SjUG2AT6Gz51Lq+5evIsAj0hbyPhwhvfeHB9QpjZeMgzxmV2YbYIGpMmy
+xUV0G8x7bQkPQx3+8kfDrui1QVziCCu0HM/AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUat9o77pkXALMitEK7A5cDszy0HgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2F0OW83N3BrWEFMTWl0
RUs3QTVjRHN6eTBIZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAIVUrBPj8A6hv/Vmgq98qbsrZKuLoYyZM
K2qPHZDX2biH5GEsOXbE0SQuh7QLCmVn7v9H5Y0EQorIEwHn7ziKji+7KiMAXsYn
x7CtyEc3q8WkBCZw6ergeXjHIQNygE1C6+BJcQH1o0MLJbXDJn/QSliC8ue+S1Uu
xseHsn6US4pmFze/x42/9e0EyQw9dLPWmau9zSFEdVwHUjI/ZGXIBVKaRm/XcaN/
VyJThu8BvFPs0b6HaUiPxYwBcuuFJYUyscBVFfhD6o1iRu7HGLLgv597QxnXTE0K
/TmeYDjDUOMzLuLFjDLV+qUX/qM7Xp8zSAtsgTaqZZNUsCuuSk0qvg==
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:30 2025 by rpki-client