Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/LnjvQRJuVUwmHZ8wL-c5BuFY_OA.roa
File: LnjvQRJuVUwmHZ8wL-c5BuFY_OA.roa (raw, json)
Hash identifier: osEDRbV3rFWDQ/RHZSEG7EFh+5MQOyvaHzlTAZ5gXfY=
Subject key identifier: 2E:78:EF:41:12:6E:55:4C:26:1D:9F:30:2F:E7:39:06:E1:58:FC:E0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5542
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LnjvQRJuVUwmHZ8wL-c5BuFY_OA.roa
Signing time: Sun 12 May 2024 06:24:05 +0000
ROA not before: Sun 12 May 2024 06:24:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21826 (0x5542)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 06:24:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2E78EF41126E554C261D9F302FE73906E158FCE0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:3a:e3:b1:3a:d8:7d:aa:38:10:c8:85:35:01:
59:7b:70:c3:03:e6:8e:26:4e:b6:35:12:35:5b:5e:
9f:5d:32:5e:95:34:01:08:b3:1c:a9:e7:9a:50:b8:
49:97:2d:b0:2e:2c:28:64:0f:10:c2:3a:ef:6c:74:
7e:6f:f9:f5:81:1f:69:1c:31:97:7f:e6:a8:d2:1e:
a2:2c:14:2b:b8:bd:80:d0:bd:62:2e:e3:34:13:0f:
c4:66:c6:be:08:29:48:d7:3f:80:5e:81:52:24:61:
f2:5a:15:f2:9b:98:e8:eb:7e:53:91:f3:33:b2:33:
89:39:43:39:d4:d6:45:f0:d5:b4:b7:92:a2:76:93:
95:b1:52:05:10:b5:99:f3:3a:25:a8:e1:bc:89:21:
e9:ab:72:3e:11:d7:3c:52:99:14:35:e6:f9:30:0a:
50:e1:28:ae:ce:51:2e:bf:7a:26:cc:8b:43:5a:83:
9c:d8:07:cf:37:a6:d4:18:d2:44:99:35:e4:b3:70:
a8:16:97:3b:91:d8:c6:f7:44:a1:b1:89:aa:ad:3a:
6d:9f:05:5e:e5:ad:39:66:08:b9:7e:ed:52:66:4e:
22:fd:9b:6e:af:0e:03:f0:7c:15:23:bb:ea:87:49:
e4:3d:1e:f2:e4:e9:67:79:91:02:55:03:d5:d7:06:
fa:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:78:EF:41:12:6E:55:4C:26:1D:9F:30:2F:E7:39:06:E1:58:FC:E0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LnjvQRJuVUwmHZ8wL-c5BuFY_OA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b7:d2:ac:5f:0b:1b:ee:c5:8f:f5:51:c8:56:c1:97:1a:8b:0e:
67:c5:ec:8a:b3:68:68:ca:0c:d9:39:4f:0e:ee:8c:9a:15:86:
35:ef:bb:b6:24:d6:3b:fe:97:03:70:61:c5:0c:9d:a0:88:1b:
93:01:ae:dd:a8:8e:45:b7:fe:80:ff:bd:f5:6d:e8:2a:ce:2e:
af:d2:ec:65:fb:7e:cb:07:d5:8b:80:e3:31:23:75:32:70:0b:
eb:86:15:85:93:d2:85:e6:1e:a3:b2:70:99:68:0c:a6:62:f3:
78:37:b8:18:f5:4c:74:12:87:15:ca:9e:04:af:75:9e:bc:88:
a3:b9:44:c7:68:13:e4:5f:76:e9:f9:12:17:39:66:04:6a:f1:
c7:d2:bc:9d:0f:f9:27:51:a7:37:ea:55:7f:df:94:0c:6f:34:
42:99:0f:2d:bb:2d:e3:be:f5:3a:8e:a7:c2:9e:08:d3:59:5c:
72:b2:0a:f9:dc:71:46:eb:4a:fb:b1:03:2f:fd:bd:db:92:9b:
bb:10:0c:31:22:b0:68:06:58:34:23:ce:44:d9:14:f8:a5:06:
62:6e:00:ab:c8:ee:ca:9e:98:fd:51:51:df:41:af:a4:d6:f5:
4d:1c:30:34:14:ce:02:6c:ff:d5:52:e9:31:7a:d0:b6:2e:65:
a0:86:05:25
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVUIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIw
NjI0MDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDJFNzhFRjQxMTI2RTU1
NEMyNjFEOUYzMDJGRTczOTA2RTE1OEZDRTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8OuOxOth9qjgQyIU1AVl7cMMD5o4mTrY1EjVbXp9dMl6VNAEI
sxyp55pQuEmXLbAuLChkDxDCOu9sdH5v+fWBH2kcMZd/5qjSHqIsFCu4vYDQvWIu
4zQTD8Rmxr4IKUjXP4BegVIkYfJaFfKbmOjrflOR8zOyM4k5QznU1kXw1bS3kqJ2
k5WxUgUQtZnzOiWo4byJIemrcj4R1zxSmRQ15vkwClDhKK7OUS6/eibMi0Nag5zY
B883ptQY0kSZNeSzcKgWlzuR2Mb3RKGxiaqtOm2fBV7lrTlmCLl+7VJmTiL9m26v
DgPwfBUju+qHSeQ9HvLk6Wd5kQJVA9XXBvqrAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQULnjvQRJuVUwmHZ8wL+c5BuFY/OAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0xuanZRUkp1VlV3bUha
OHdMLWM1QnVGWV9PQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAt9KsXwsb7sWP9VHIVsGXGosOZ8XsirNo
aMoM2TlPDu6MmhWGNe+7tiTWO/6XA3BhxQydoIgbkwGu3aiORbf+gP+99W3oKs4u
r9LsZft+ywfVi4DjMSN1MnAL64YVhZPSheYeo7JwmWgMpmLzeDe4GPVMdBKHFcqe
BK91nryIo7lEx2gT5F926fkSFzlmBGrxx9K8nQ/5J1GnN+pVf9+UDG80QpkPLbst
4771Oo6nwp4I01lccrIK+dxxRutK+7EDL/2925KbuxAMMSKwaAZYNCPORNkU+KUG
Ym4Aq8juyp6Y/VFR30GvpNb1TRwwNBTOAmz/1VLpMXrQti5loIYFJQ==
-----END CERTIFICATE-----
Generated at Sat Jun 21 14:35:38 2025 by rpki-client