Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OGmitZa0OHVz-Sg0cg0nT8rQHfw.roa
File: OGmitZa0OHVz-Sg0cg0nT8rQHfw.roa (raw, json)
Hash identifier: WWbglN6cLmI36IRcoY30V3KezxHDWo0vRO5h7vq2j3I=
Subject key identifier: 38:69:A2:B5:96:B4:38:75:73:F9:28:34:72:0D:27:4F:CA:D0:1D:FC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 493A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OGmitZa0OHVz-Sg0cg0nT8rQHfw.roa
Signing time: Fri 26 Apr 2024 05:23:20 +0000
ROA not before: Fri 26 Apr 2024 05:23:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18746 (0x493a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 26 05:23:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3869A2B596B4387573F92834720D274FCAD01DFC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:6f:84:fe:e7:dd:e2:99:d3:46:6a:a6:a1:1c:
4b:98:57:2d:c8:de:d3:6a:aa:18:69:92:74:a4:b4:
22:1f:0e:32:b8:9f:95:cf:60:34:16:c4:1d:0e:09:
7a:c3:4c:7f:6e:9d:65:07:59:e6:53:ef:74:91:80:
af:0a:03:61:63:40:6b:37:9e:a5:75:d0:fd:c4:12:
80:7c:98:2d:6c:1e:42:03:f3:4f:ca:f5:35:97:2b:
f6:5e:11:6e:8e:4e:9d:67:3a:e3:14:33:2a:8f:0b:
8f:ef:ee:99:b4:11:bf:6e:e4:0a:56:66:ce:75:4e:
0c:1f:df:00:33:66:ae:2e:a8:ba:a2:05:01:64:4a:
aa:99:33:65:bc:be:dc:f9:63:6a:6c:97:6f:eb:32:
db:c3:dc:e9:a8:d2:95:c4:ac:92:ad:dd:f6:8c:0c:
7a:75:30:38:62:03:aa:10:2d:cf:6e:d7:1b:64:8f:
4d:9c:99:0b:84:30:33:0d:3b:b8:58:d2:05:57:31:
0a:1f:5c:7b:47:17:67:5f:ba:1c:85:3b:98:a6:f5:
bb:ff:2a:eb:cd:4e:b2:f9:0c:61:a3:a0:f6:a0:bf:
45:a4:fe:ce:27:46:83:0d:7b:19:59:ba:37:39:6e:
d4:e8:15:37:a5:87:87:dc:e2:0a:a6:3d:74:5b:86:
f9:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:69:A2:B5:96:B4:38:75:73:F9:28:34:72:0D:27:4F:CA:D0:1D:FC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OGmitZa0OHVz-Sg0cg0nT8rQHfw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
02:0d:0d:77:93:63:00:e9:59:94:3d:d2:64:ec:7b:3f:3c:87:
a3:5d:3f:4d:90:0a:08:c8:de:db:0a:07:f0:c1:cf:48:7f:0e:
2f:31:3f:5d:35:50:43:3a:16:52:b1:26:ca:4f:73:b9:0e:dc:
be:c7:48:60:ed:a0:f5:1e:19:54:86:de:bb:29:08:69:5a:6d:
cb:d0:4d:52:07:5b:f7:c1:ca:74:c2:57:5e:63:64:63:68:f9:
ec:70:70:2d:1e:74:e9:76:bb:fb:38:04:26:4f:eb:5a:91:70:
6d:cf:fb:58:65:7b:2b:f3:47:f9:d7:1d:86:4f:91:a2:58:da:
d4:44:bd:52:64:6b:1a:8f:9b:21:86:a3:e1:75:65:d1:38:58:
bc:d9:1d:88:99:df:3b:84:ba:de:58:e9:35:22:91:6e:e4:c7:
68:e5:7f:78:06:28:20:5d:70:18:06:d0:01:b3:f8:aa:a0:fd:
4d:ca:3f:71:cf:81:e5:e6:b0:76:b0:2f:bd:bc:fd:60:9f:2b:
34:e7:71:5c:09:46:b8:86:82:92:99:bb:ed:26:62:16:59:1f:
c4:f8:48:e7:5f:20:11:76:2c:5e:84:07:ce:62:bf:28:0e:13:
b4:f5:4d:33:dd:42:70:50:59:61:64:aa:15:e6:e4:bc:cc:c3:
54:a3:18:a4
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICSTowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjYw
NTIzMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM4NjlBMkI1OTZCNDM4
NzU3M0Y5MjgzNDcyMEQyNzRGQ0FEMDFERkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDb4T+593imdNGaqahHEuYVy3I3tNqqhhpknSktCIfDjK4n5XP
YDQWxB0OCXrDTH9unWUHWeZT73SRgK8KA2FjQGs3nqV10P3EEoB8mC1sHkID80/K
9TWXK/ZeEW6OTp1nOuMUMyqPC4/v7pm0Eb9u5ApWZs51Tgwf3wAzZq4uqLqiBQFk
SqqZM2W8vtz5Y2psl2/rMtvD3Omo0pXErJKt3faMDHp1MDhiA6oQLc9u1xtkj02c
mQuEMDMNO7hY0gVXMQofXHtHF2dfuhyFO5im9bv/KuvNTrL5DGGjoPagv0Wk/s4n
RoMNexlZujc5btToFTelh4fc4gqmPXRbhvnLAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUOGmitZa0OHVz+Sg0cg0nT8rQHfwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09HbWl0WmEwT0hWei1T
ZzBjZzBuVDhyUUhmdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAAg0Nd5NjAOlZlD3SZOx7PzyHo10/TZAK
CMje2woH8MHPSH8OLzE/XTVQQzoWUrEmyk9zuQ7cvsdIYO2g9R4ZVIbeuykIaVpt
y9BNUgdb98HKdMJXXmNkY2j57HBwLR506Xa7+zgEJk/rWpFwbc/7WGV7K/NH+dcd
hk+Rolja1ES9UmRrGo+bIYaj4XVl0ThYvNkdiJnfO4S63ljpNSKRbuTHaOV/eAYo
IF1wGAbQAbP4qqD9Tco/cc+B5eawdrAvvbz9YJ8rNOdxXAlGuIaCkpm77SZiFlkf
xPhI518gEXYsXoQHzmK/KA4TtPVNM91CcFBZYWSqFebkvMzDVKMYpA==
-----END CERTIFICATE-----
Generated at Sun May 18 04:50:03 2025 by rpki-client