Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Om8KxDc8bTatS7cFs9XcZULKPKs.roa
File: Om8KxDc8bTatS7cFs9XcZULKPKs.roa (raw, json)
Hash identifier: JOMm9d4kq/+En+h7PnWbDFqcD3jFqc82sJ4HQ80nPzY=
Subject key identifier: 3A:6F:0A:C4:37:3C:6D:36:AD:4B:B7:05:B3:D5:DC:65:42:CA:3C:AB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57F6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Om8KxDc8bTatS7cFs9XcZULKPKs.roa
Signing time: Wed 15 May 2024 20:54:14 +0000
ROA not before: Wed 15 May 2024 20:54:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22518 (0x57f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 20:54:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3A6F0AC4373C6D36AD4BB705B3D5DC6542CA3CAB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:25:16:c2:13:d9:7e:6b:57:db:c3:a4:33:e4:
16:4f:8b:47:c8:2f:bf:14:e7:60:00:8c:cc:a1:05:
9f:e6:0c:29:a5:96:bc:50:0a:a1:da:fd:1f:8b:19:
d1:f1:f1:5c:9b:1c:4b:a6:19:4d:af:d4:85:8c:b1:
5e:48:84:44:e6:08:70:36:87:9a:68:65:99:bd:7a:
7f:fd:54:f5:f0:a6:3e:15:b4:b8:b9:f5:7e:84:07:
57:d0:e7:27:0e:01:63:43:20:df:71:34:67:07:51:
02:85:5b:ad:f5:06:61:34:57:b7:a6:ae:9f:7d:12:
c8:fb:1b:75:5a:42:c4:95:7c:1f:0b:92:f2:d0:aa:
e6:25:c7:e0:5e:d7:c6:bc:9a:d3:1a:81:19:db:2c:
f1:8e:78:a2:80:6d:98:ac:c9:81:ea:bf:8c:36:5b:
92:82:55:af:19:49:57:d2:19:d2:bb:de:57:71:0b:
48:c8:7a:34:ee:6e:10:0b:e7:f0:b8:1c:ba:6d:b6:
68:fa:1b:70:70:60:6d:a5:8c:83:40:9e:41:eb:20:
30:af:61:87:06:dc:90:2b:8d:92:78:a1:2b:5a:77:
03:9f:a9:75:9c:8e:fc:83:b1:76:3e:bd:ff:fd:b3:
83:b3:28:40:25:44:79:4f:79:68:ec:83:9d:f9:1d:
8a:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:6F:0A:C4:37:3C:6D:36:AD:4B:B7:05:B3:D5:DC:65:42:CA:3C:AB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Om8KxDc8bTatS7cFs9XcZULKPKs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
85:96:67:49:82:08:24:4f:7d:58:a4:54:1c:9b:54:7c:00:77:
d8:c1:5c:f5:7f:04:7c:ca:3f:09:15:92:be:2f:57:fb:dc:17:
45:02:7f:ce:fe:c7:d8:c0:e3:12:5c:bc:70:3f:ef:75:9d:fe:
a7:7d:fe:dc:10:61:f5:04:62:7d:7b:1b:6e:39:d1:28:cb:5f:
16:eb:c1:87:63:c4:4b:93:16:6a:17:1b:b9:08:e3:56:80:95:
f5:d0:95:dd:5b:4a:5b:90:1f:26:01:5b:3a:57:7d:e0:bd:b6:
04:62:3f:39:6b:06:75:37:ea:93:cb:bb:03:ee:c1:cf:63:5a:
91:17:45:19:8f:79:da:24:a3:b3:ae:d4:ae:5a:79:8a:82:ca:
62:3a:67:44:95:da:f5:6c:a1:45:f0:e1:68:9e:05:84:98:c2:
f2:48:ad:04:c6:f4:a7:1f:29:9e:dd:9a:45:b4:7c:fa:f8:8a:
f8:65:b1:8a:45:c1:a4:41:84:0c:d7:72:65:2a:5b:24:55:eb:
35:d4:c3:42:b1:15:41:bc:85:2c:fc:bf:bb:d6:75:32:71:f1:
4c:ea:14:00:91:ae:ea:94:ce:0f:9e:d3:58:00:ee:c0:e4:b9:
e6:36:3a:5f:c4:3a:0f:f9:9f:7d:10:3c:9a:68:b6:cd:2f:0b:
ea:7b:e0:11
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICV/YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUy
MDU0MTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNBNkYwQUM0MzczQzZE
MzZBRDRCQjcwNUIzRDVEQzY1NDJDQTNDQUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3JRbCE9l+a1fbw6Qz5BZPi0fIL78U52AAjMyhBZ/mDCmllrxQ
CqHa/R+LGdHx8VybHEumGU2v1IWMsV5IhETmCHA2h5poZZm9en/9VPXwpj4VtLi5
9X6EB1fQ5ycOAWNDIN9xNGcHUQKFW631BmE0V7emrp99Esj7G3VaQsSVfB8LkvLQ
quYlx+Be18a8mtMagRnbLPGOeKKAbZisyYHqv4w2W5KCVa8ZSVfSGdK73ldxC0jI
ejTubhAL5/C4HLpttmj6G3BwYG2ljINAnkHrIDCvYYcG3JArjZJ4oStadwOfqXWc
jvyDsXY+vf/9s4OzKEAlRHlPeWjsg535HYrFAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUOm8KxDc8bTatS7cFs9XcZULKPKswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09tOEt4RGM4YlRhdFM3
Y0ZzOVhjWlVMS1BLcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAhZZnSYIIJE99WKRUHJtUfAB32MFc9X8E
fMo/CRWSvi9X+9wXRQJ/zv7H2MDjEly8cD/vdZ3+p33+3BBh9QRifXsbbjnRKMtf
FuvBh2PES5MWahcbuQjjVoCV9dCV3VtKW5AfJgFbOld94L22BGI/OWsGdTfqk8u7
A+7Bz2NakRdFGY952iSjs67Urlp5ioLKYjpnRJXa9WyhRfDhaJ4FhJjC8kitBMb0
px8pnt2aRbR8+viK+GWxikXBpEGEDNdyZSpbJFXrNdTDQrEVQbyFLPy/u9Z1MnHx
TOoUAJGu6pTOD57TWADuwOS55jY6X8Q6D/mffRA8mmi2zS8L6nvgEQ==
-----END CERTIFICATE-----
Generated at Sun May 18 01:49:10 2025 by rpki-client