Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/o-5Y44yyPvVwXRwM4ZgWX9ffAig.roa
File: o-5Y44yyPvVwXRwM4ZgWX9ffAig.roa (raw, json)
Hash identifier: 7rm1LB9t0at/yqqKV70B4a2vK8ay8Pz5nCKBKtF6RZo=
Subject key identifier: A3:EE:58:E3:8C:B2:3E:F5:70:5D:1C:0C:E1:98:16:5F:D7:DF:02:28
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C52
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/o-5Y44yyPvVwXRwM4ZgWX9ffAig.roa
Signing time: Tue 09 Apr 2024 00:23:02 +0000
ROA not before: Tue 09 Apr 2024 00:23:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15442 (0x3c52)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 00:23:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=A3EE58E38CB23EF5705D1C0CE198165FD7DF0228
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:84:5f:64:97:6b:05:cd:5e:54:a3:d1:9f:39:
b2:9e:5f:94:e7:56:57:89:be:8f:e5:da:68:12:f2:
5f:03:a0:59:56:38:03:87:77:b5:76:f1:2c:ab:99:
64:9c:e0:da:cb:32:56:35:ce:a3:b4:fb:b2:3d:4b:
4f:6c:97:fa:ea:5d:f8:62:57:aa:fe:1e:48:bd:c9:
c1:13:a5:58:c6:0a:c8:e4:d8:37:d0:b5:ec:44:30:
07:d2:a6:7c:a1:e4:44:20:42:97:ce:0f:cf:07:23:
88:cf:de:8b:96:e3:92:7b:8e:3d:b4:a0:96:4b:f8:
07:14:00:2b:de:7a:64:7a:eb:97:99:f5:0c:d2:a2:
4d:ae:ea:d7:b6:17:38:a8:4b:4d:02:7e:dd:ba:07:
00:31:f1:4f:48:3b:63:78:f6:a9:5e:f8:72:3c:07:
aa:d3:2e:9b:76:8f:c9:c8:58:24:97:11:7b:3b:f3:
f2:6b:27:ab:d4:1b:2f:5a:2a:94:24:09:11:5e:5f:
65:8d:04:9f:33:68:e2:a8:e2:dd:29:e0:db:a7:9b:
92:57:b2:e1:71:5a:fe:06:2a:49:8b:df:b0:b8:b2:
54:0e:3e:4c:b3:9c:f4:db:0e:ac:4a:aa:2e:2e:61:
13:66:5f:a6:9b:58:0a:4e:f7:70:d7:b1:aa:b1:e4:
e1:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:EE:58:E3:8C:B2:3E:F5:70:5D:1C:0C:E1:98:16:5F:D7:DF:02:28
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/o-5Y44yyPvVwXRwM4ZgWX9ffAig.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
13:6b:51:27:bf:bf:90:43:5c:f4:04:a5:e0:71:df:a1:ea:1d:
0c:bb:36:d1:ea:ae:4b:7d:6a:1f:66:69:e2:fd:bb:1e:f0:72:
3b:ea:bf:ca:cc:cb:93:60:0f:8e:42:af:7c:02:98:de:80:9f:
de:1e:ff:4b:52:31:29:e3:27:ad:37:b4:1d:b0:6f:68:4e:4f:
d7:53:ba:9a:b7:f8:7e:58:b3:92:f3:ce:9e:56:c6:f0:82:8e:
0f:73:f0:12:9f:bd:ad:64:eb:e8:d9:49:d3:3e:63:a0:75:42:
43:40:1d:cd:be:c6:b5:01:d4:9a:11:dd:bf:ca:70:a4:40:67:
45:14:cd:aa:f2:b1:ea:ed:b3:89:e0:3f:3a:2d:08:df:c4:f3:
c3:54:de:10:74:2b:72:0f:ab:1c:90:0a:80:f6:ef:33:b0:4a:
63:d9:8a:8c:b5:a5:f5:49:2f:a3:4d:25:ae:43:b2:38:f1:ac:
e3:ff:13:62:72:5a:0b:5d:28:4d:a7:a5:a3:ac:b8:73:fc:fe:
a6:82:9e:f4:ee:76:75:aa:f3:d5:6b:75:43:fd:e5:7a:9a:8a:
f9:cb:08:60:fc:52:96:bd:28:15:ea:e8:8c:de:89:aa:cf:47:
2e:ac:db:84:9c:3f:3a:64:e6:92:12:f8:cf:77:b4:f5:f6:2f:
80:31:fe:3b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICPFIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkw
MDIzMDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEEzRUU1OEUzOENCMjNF
RjU3MDVEMUMwQ0UxOTgxNjVGRDdERjAyMjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDahF9kl2sFzV5Uo9GfObKeX5TnVleJvo/l2mgS8l8DoFlWOAOH
d7V28SyrmWSc4NrLMlY1zqO0+7I9S09sl/rqXfhiV6r+Hki9ycETpVjGCsjk2DfQ
texEMAfSpnyh5EQgQpfOD88HI4jP3ouW45J7jj20oJZL+AcUACveemR665eZ9QzS
ok2u6te2FzioS00Cft26BwAx8U9IO2N49qle+HI8B6rTLpt2j8nIWCSXEXs78/Jr
J6vUGy9aKpQkCRFeX2WNBJ8zaOKo4t0p4Nunm5JXsuFxWv4GKkmL37C4slQOPkyz
nPTbDqxKqi4uYRNmX6abWApO93DXsaqx5OFzAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUo+5Y44yyPvVwXRwM4ZgWX9ffAigwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L28tNVk0NHl5UHZWd1hS
d000WmdXWDlmZkFpZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAE2tRJ7+/kENc9ASl4HHfoeodDLs20equ
S31qH2Zp4v27HvByO+q/yszLk2APjkKvfAKY3oCf3h7/S1IxKeMnrTe0HbBvaE5P
11O6mrf4flizkvPOnlbG8IKOD3PwEp+9rWTr6NlJ0z5joHVCQ0Adzb7GtQHUmhHd
v8pwpEBnRRTNqvKx6u2zieA/Oi0I38Tzw1TeEHQrcg+rHJAKgPbvM7BKY9mKjLWl
9Ukvo00lrkOyOPGs4/8TYnJaC10oTaelo6y4c/z+poKe9O52darz1Wt1Q/3lepqK
+csIYPxSlr0oFerojN6Jqs9HLqzbhJw/OmTmkhL4z3e09fYvgDH+Ow==
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:14:13 2025 by rpki-client