Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OXN1iuIovBmr8twSwsLxwl90J1U.roa
File: OXN1iuIovBmr8twSwsLxwl90J1U.roa (raw, json)
Hash identifier: U4kVPMC7wdEgGcFBikOFxfz7rKLtixMiA7P+dV6WV4Y=
Subject key identifier: 39:73:75:8A:E2:28:BC:19:AB:F2:DC:12:C2:C2:F1:C2:5F:74:27:55
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5536
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OXN1iuIovBmr8twSwsLxwl90J1U.roa
Signing time: Sun 12 May 2024 04:54:10 +0000
ROA not before: Sun 12 May 2024 04:54:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21814 (0x5536)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 04:54:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3973758AE228BC19ABF2DC12C2C2F1C25F742755
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:71:04:e7:d5:6a:08:05:fc:7f:db:cc:78:77:
3e:0f:a5:ac:58:0f:00:fd:7d:bf:6f:42:43:77:3a:
09:7e:aa:66:fa:4e:23:91:ce:a0:70:7c:e4:f0:45:
b5:db:8e:4d:6a:69:07:df:1d:76:67:2b:db:12:f5:
08:41:07:1d:01:5e:8b:a4:7c:8d:19:c3:fd:83:6d:
e6:f2:19:ac:b3:9d:76:f4:6d:e5:4a:bd:8a:33:61:
c8:83:f8:d1:f9:1c:bf:96:48:bd:ab:8c:45:d2:28:
51:74:83:8a:30:ca:69:0c:33:63:e4:ca:98:4b:51:
82:e5:71:c3:21:7b:5c:2e:04:f2:f5:72:5e:55:12:
89:81:90:d7:e9:9a:3d:00:76:32:a7:f8:57:cb:c3:
65:53:f8:32:59:ac:36:88:94:ab:34:e2:0b:40:b1:
3b:50:18:e8:b0:22:58:9c:bf:10:8e:cd:e0:2a:ae:
06:78:3c:ed:85:79:75:88:b4:d9:7f:da:0a:81:2d:
15:81:62:19:45:ee:3d:e1:9c:ea:e2:1d:b2:cc:be:
d6:f4:f0:f0:61:6a:55:ac:95:b5:e3:55:e7:18:5a:
7c:60:e6:74:7f:d7:e5:3e:4b:28:a9:66:a9:71:8f:
a3:9f:3b:0c:3c:01:aa:46:55:48:62:01:c0:4d:db:
d1:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:73:75:8A:E2:28:BC:19:AB:F2:DC:12:C2:C2:F1:C2:5F:74:27:55
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OXN1iuIovBmr8twSwsLxwl90J1U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
94:40:2a:29:22:4f:ad:29:4d:e0:fe:a3:99:8a:ab:81:91:a8:
ab:20:23:01:46:86:ac:39:a9:e3:92:28:e7:62:95:c3:f7:d2:
23:ca:58:63:ad:5c:10:90:ed:9b:c7:fc:d4:09:a1:43:e3:21:
1e:43:4e:ab:65:64:fb:bf:6c:54:ac:d9:e9:75:f3:5b:e0:3a:
a0:53:56:69:d4:2e:f1:8b:7f:f1:0f:8e:7d:34:a2:a7:12:18:
d7:bb:ef:2e:ac:99:d4:d7:37:c9:a6:56:07:85:ad:ed:64:22:
61:ee:d1:36:92:f3:90:f5:ed:fc:4c:ab:9c:1d:55:3d:3f:6a:
ee:f1:27:f5:ea:e6:98:a2:35:3c:ee:79:d1:12:0e:3e:d2:e8:
01:e3:7d:38:be:41:dd:95:73:16:c9:32:23:3a:7f:b0:8f:32:
b9:93:4a:88:34:b0:41:d5:b8:9f:1b:64:07:84:4a:a3:97:9b:
e7:e0:84:e2:f6:25:76:b6:c4:79:6c:17:c5:29:c4:fd:67:8a:
fd:8b:84:33:11:ed:06:01:fe:3b:27:11:23:7e:8b:30:7b:39:
c1:2f:12:c8:03:ea:c0:d5:39:bc:49:04:88:4b:e4:2a:9c:4a:
5b:8a:2f:5d:03:6d:b4:bd:93:25:a2:1a:13:dc:66:2d:d7:1c:
67:bc:46:fe
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVTYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIw
NDU0MTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM5NzM3NThBRTIyOEJD
MTlBQkYyREMxMkMyQzJGMUMyNUY3NDI3NTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCcQTn1WoIBfx/28x4dz4PpaxYDwD9fb9vQkN3Ogl+qmb6TiOR
zqBwfOTwRbXbjk1qaQffHXZnK9sS9QhBBx0BXoukfI0Zw/2DbebyGayznXb0beVK
vYozYciD+NH5HL+WSL2rjEXSKFF0g4owymkMM2PkyphLUYLlccMhe1wuBPL1cl5V
EomBkNfpmj0AdjKn+FfLw2VT+DJZrDaIlKs04gtAsTtQGOiwIlicvxCOzeAqrgZ4
PO2FeXWItNl/2gqBLRWBYhlF7j3hnOriHbLMvtb08PBhalWslbXjVecYWnxg5nR/
1+U+SyipZqlxj6OfOww8AapGVUhiAcBN29F7AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUOXN1iuIovBmr8twSwsLxwl90J1UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09YTjFpdUlvdkJtcjh0
d1N3c0x4d2w5MEoxVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAlEAqKSJPrSlN4P6jmYqrgZGoqyAjAUaG
rDmp45Io52KVw/fSI8pYY61cEJDtm8f81AmhQ+MhHkNOq2Vk+79sVKzZ6XXzW+A6
oFNWadQu8Yt/8Q+OfTSipxIY17vvLqyZ1Nc3yaZWB4Wt7WQiYe7RNpLzkPXt/Eyr
nB1VPT9q7vEn9ermmKI1PO550RIOPtLoAeN9OL5B3ZVzFskyIzp/sI8yuZNKiDSw
QdW4nxtkB4RKo5eb5+CE4vYldrbEeWwXxSnE/WeK/YuEMxHtBgH+OycRI36LMHs5
wS8SyAPqwNU5vEkEiEvkKpxKW4ovXQNttL2TJaIaE9xmLdccZ7xG/g==
-----END CERTIFICATE-----
Generated at Sat May 17 22:14:57 2025 by rpki-client