Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3Ws0BmRi0kZ6_4AXHK7eEB1C938.roa
File: 3Ws0BmRi0kZ6_4AXHK7eEB1C938.roa (raw, json)
Hash identifier: m58lKJNywUNenI/JDKYj2V9xh73e4BSm/aHrpC5Y6UE=
Subject key identifier: DD:6B:34:06:64:62:D2:46:7A:FF:80:17:1C:AE:DE:10:1D:42:F7:7F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4B47
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3Ws0BmRi0kZ6_4AXHK7eEB1C938.roa
Signing time: Sun 28 Apr 2024 22:53:30 +0000
ROA not before: Sun 28 Apr 2024 22:53:30 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19271 (0x4b47)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 22:53:30 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DD6B34066462D2467AFF80171CAEDE101D42F77F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:e7:0e:65:ba:8c:08:05:de:df:05:92:29:4f:
a8:77:cd:28:c9:9a:86:2e:b7:58:01:06:48:96:d8:
d2:8e:23:c1:b5:50:7c:7a:48:a0:1b:3a:1a:31:45:
da:ff:70:ba:27:8b:80:e7:e5:9b:fe:04:e5:1f:9c:
cc:25:42:e2:bb:97:2f:6b:30:77:31:e3:bc:1d:ce:
73:3f:a3:28:9e:a2:fd:3b:c4:50:cb:f1:54:b6:a0:
e9:76:e4:cd:e5:ad:94:07:89:88:65:8a:45:76:4a:
9d:a5:65:74:de:fe:82:51:2f:fb:78:17:83:b5:9b:
4f:7a:e5:3a:f3:6b:30:ac:03:c9:94:e7:45:a1:cd:
4a:1d:b5:12:3d:73:3c:b0:38:7d:88:90:90:92:a7:
7c:7f:53:97:1e:67:9a:c3:d4:08:5a:f9:f2:ef:97:
13:01:0e:76:76:58:db:23:bf:c5:c5:5a:10:38:8a:
e3:44:1e:9f:8a:3d:1e:41:1c:8e:83:76:ce:2d:1b:
8e:13:a0:70:53:7a:c1:7c:45:93:f2:4d:74:47:ad:
8a:c4:e3:4b:b0:14:0d:9e:40:79:dd:82:9a:19:ae:
f7:77:8f:37:0f:5f:40:b8:7f:b8:71:ab:c0:86:01:
48:54:11:59:61:82:8c:88:08:8b:de:33:94:0c:f1:
99:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:6B:34:06:64:62:D2:46:7A:FF:80:17:1C:AE:DE:10:1D:42:F7:7F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3Ws0BmRi0kZ6_4AXHK7eEB1C938.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
07:e1:06:68:64:5c:80:a1:4e:44:e6:00:7f:3d:4a:a3:b6:3d:
6f:6c:c9:49:6c:ca:24:27:44:af:4d:a4:00:45:7a:be:0e:dd:
dc:d6:04:54:6b:a1:58:9f:93:08:e5:24:92:2d:cf:a8:d7:9b:
01:7d:cb:df:03:8d:75:9c:30:1b:f0:20:cb:41:1c:a6:fb:51:
80:98:e9:d8:98:9b:cf:e0:5c:fc:c3:e8:6a:1d:63:2a:f3:c4:
1f:ab:4d:57:4c:91:36:43:0a:84:00:7b:7f:f6:e4:d6:bf:1b:
cd:af:6d:aa:d7:8e:05:a9:75:18:11:84:58:ba:72:58:e0:2d:
15:b3:f7:65:7d:43:ef:69:f2:b0:dd:5b:69:86:b7:a4:01:cf:
43:de:00:ad:e6:55:5c:5a:10:91:a8:63:9a:5c:37:7c:95:24:
9e:64:97:04:45:37:2a:cc:b3:c8:dc:44:34:27:2b:68:12:82:
2f:37:5e:21:b1:52:bd:ef:46:5f:da:12:c0:e6:84:ab:e4:fa:
98:7d:cb:d5:cb:7a:46:63:cd:06:d2:97:8c:51:c5:5a:e8:5a:
f1:71:d2:90:ca:18:ad:10:47:99:30:48:97:13:75:9c:3a:f9:
4b:ce:b1:80:63:c9:09:7e:19:6e:fa:c8:99:90:49:c4:2a:5e:
11:47:f6:f7
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICS0cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgy
MjUzMzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERENkIzNDA2NjQ2MkQy
NDY3QUZGODAxNzFDQUVERTEwMUQ0MkY3N0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCm5w5luowIBd7fBZIpT6h3zSjJmoYut1gBBkiW2NKOI8G1UHx6
SKAbOhoxRdr/cLoni4Dn5Zv+BOUfnMwlQuK7ly9rMHcx47wdznM/oyieov07xFDL
8VS2oOl25M3lrZQHiYhlikV2Sp2lZXTe/oJRL/t4F4O1m0965TrzazCsA8mU50Wh
zUodtRI9czywOH2IkJCSp3x/U5ceZ5rD1Aha+fLvlxMBDnZ2WNsjv8XFWhA4iuNE
Hp+KPR5BHI6Dds4tG44ToHBTesF8RZPyTXRHrYrE40uwFA2eQHndgpoZrvd3jzcP
X0C4f7hxq8CGAUhUEVlhgoyICIveM5QM8ZkNAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU3Ws0BmRi0kZ6/4AXHK7eEB1C938wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzNXczBCbVJpMGtaNl80
QVhISzdlRUIxQzkzOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAAfhBmhkXIChTkTmAH89SqO2PW9syUls
yiQnRK9NpABFer4O3dzWBFRroVifkwjlJJItz6jXmwF9y98DjXWcMBvwIMtBHKb7
UYCY6diYm8/gXPzD6GodYyrzxB+rTVdMkTZDCoQAe3/25Na/G82vbarXjgWpdRgR
hFi6cljgLRWz92V9Q+9p8rDdW2mGt6QBz0PeAK3mVVxaEJGoY5pcN3yVJJ5klwRF
NyrMs8jcRDQnK2gSgi83XiGxUr3vRl/aEsDmhKvk+ph9y9XLekZjzQbSl4xRxVro
WvFx0pDKGK0QR5kwSJcTdZw6+UvOsYBjyQl+GW76yJmQScQqXhFH9vc=
-----END CERTIFICATE-----
Generated at Sat May 17 21:21:48 2025 by rpki-client