Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/35VTFtXR0fb9wi6jhtA_ckl_xW4.roa
File: 35VTFtXR0fb9wi6jhtA_ckl_xW4.roa (raw, json)
Hash identifier: P7Oi/dZ9g9Pmsb1zv2odHQ7ZHUnwodjQ/PkJ6ymRIBE=
Subject key identifier: DF:95:53:16:D5:D1:D1:F6:FD:C2:2E:A3:86:D0:3F:72:49:7F:C5:6E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5813
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/35VTFtXR0fb9wi6jhtA_ckl_xW4.roa
Signing time: Thu 16 May 2024 00:24:15 +0000
ROA not before: Thu 16 May 2024 00:24:15 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22547 (0x5813)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 00:24:15 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DF955316D5D1D1F6FDC22EA386D03F72497FC56E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:c7:4b:39:6b:53:f8:31:30:73:cc:c3:6f:07:
7b:c1:8b:01:37:8d:c2:b0:9d:92:53:bf:c0:cf:d3:
1d:1e:b4:e8:79:dc:5d:af:95:5e:17:f8:90:cb:53:
31:60:f5:e4:b8:40:a2:25:1e:d2:60:c5:6f:40:41:
ab:59:c1:91:00:09:d5:fe:9f:c0:a4:13:25:f5:fb:
46:c0:95:3c:0e:aa:30:54:19:7f:77:60:49:d8:b5:
c1:0d:27:fa:90:27:af:38:13:67:1b:7e:8e:f9:f6:
1b:6b:87:9d:fc:18:16:d2:a0:5f:11:44:0e:6d:32:
0d:da:47:f9:8d:89:1a:c7:01:b9:80:ca:15:5d:e6:
3a:a2:e2:e4:20:d3:84:7c:d9:04:74:6c:d8:ad:43:
ea:30:9a:a5:60:9e:a6:a8:19:46:45:22:1c:75:a3:
28:f3:1d:55:80:c2:76:fe:1f:42:1d:ef:84:76:ed:
3b:44:d6:32:3c:6f:0e:90:a8:78:90:ff:1a:cc:ce:
71:7d:84:55:0b:87:8a:21:86:6c:5a:45:aa:c1:df:
99:5a:07:0c:74:6f:43:60:03:d4:64:a6:40:9b:c5:
d7:01:cb:c9:d0:c5:a8:1e:50:41:d9:72:99:4e:49:
28:66:b6:a8:46:ab:4c:0f:2a:b7:10:92:48:ae:9e:
29:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:95:53:16:D5:D1:D1:F6:FD:C2:2E:A3:86:D0:3F:72:49:7F:C5:6E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/35VTFtXR0fb9wi6jhtA_ckl_xW4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
60:1a:ae:8f:cc:78:f6:33:ab:76:f2:41:57:63:d1:40:37:85:
bf:4f:a7:94:2e:ed:74:78:8d:e2:41:59:dd:79:d0:3f:50:59:
1a:1e:df:70:02:24:19:65:bc:d8:b3:17:9c:70:63:cb:73:9a:
19:c7:2e:88:74:f9:69:96:09:89:51:de:b2:66:dd:01:95:a0:
bb:3e:3b:de:8a:9b:6c:84:7d:ed:ba:19:3c:66:36:b1:98:53:
60:d5:0a:e3:28:cc:2d:7e:01:9e:bc:06:80:e6:9e:ff:83:b8:
97:e8:cf:4f:c0:03:60:e2:f4:ca:74:f0:ac:cf:dd:56:16:1a:
ab:08:b7:8a:f3:20:b6:45:ca:ed:00:1e:05:35:44:cb:d0:da:
4e:45:3c:dd:a9:d6:21:6f:c7:bd:1b:c1:41:9e:5d:41:ea:5d:
4e:42:f6:1d:73:2a:13:e3:8d:03:94:e2:f2:c1:25:f7:77:21:
5a:b6:e8:ce:8a:a6:2f:91:e7:99:b5:29:92:6f:1d:11:f8:6f:
d1:78:09:a2:67:32:00:64:b3:01:93:e9:ed:d6:bf:e8:4f:07:
f1:74:b3:fa:d2:38:f6:64:70:6f:2e:bd:da:fa:85:70:09:0b:
22:32:f4:d8:4a:b9:f9:b2:1c:c5:61:04:60:eb:58:cf:7d:79:
75:e1:e8:73
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICWBMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTYw
MDI0MTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERGOTU1MzE2RDVEMUQx
RjZGREMyMkVBMzg2RDAzRjcyNDk3RkM1NkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFx0s5a1P4MTBzzMNvB3vBiwE3jcKwnZJTv8DP0x0etOh53F2v
lV4X+JDLUzFg9eS4QKIlHtJgxW9AQatZwZEACdX+n8CkEyX1+0bAlTwOqjBUGX93
YEnYtcENJ/qQJ684E2cbfo759htrh538GBbSoF8RRA5tMg3aR/mNiRrHAbmAyhVd
5jqi4uQg04R82QR0bNitQ+owmqVgnqaoGUZFIhx1oyjzHVWAwnb+H0Id74R27TtE
1jI8bw6QqHiQ/xrMznF9hFULh4ohhmxaRarB35laBwx0b0NgA9RkpkCbxdcBy8nQ
xageUEHZcplOSShmtqhGq0wPKrcQkkiunik1AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU35VTFtXR0fb9wi6jhtA/ckl/xW4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzM1VlRGdFhSMGZiOXdp
NmpodEFfY2tsX3hXNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGAaro/MePYzq3byQVdj0UA3hb9Pp5Qu
7XR4jeJBWd150D9QWRoe33ACJBllvNizF5xwY8tzmhnHLoh0+WmWCYlR3rJm3QGV
oLs+O96Km2yEfe26GTxmNrGYU2DVCuMozC1+AZ68BoDmnv+DuJfoz0/AA2Di9Mp0
8KzP3VYWGqsIt4rzILZFyu0AHgU1RMvQ2k5FPN2p1iFvx70bwUGeXUHqXU5C9h1z
KhPjjQOU4vLBJfd3IVq26M6Kpi+R55m1KZJvHRH4b9F4CaJnMgBkswGT6e3Wv+hP
B/F0s/rSOPZkcG8uvdr6hXAJCyIy9NhKufmyHMVhBGDrWM99eXXh6HM=
-----END CERTIFICATE-----
Generated at Sat May 17 19:42:21 2025 by rpki-client