Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4-hdjrjfvHgm52yqgeTvb9tmcug.roa
File: 4-hdjrjfvHgm52yqgeTvb9tmcug.roa (raw, json)
Hash identifier: q1NJefLc9PonzgxL4EHXdp4mjxRyFIut6F+RSP7yNBY=
Subject key identifier: E3:E8:5D:8E:B8:DF:BC:78:26:E7:6C:AA:81:E4:EF:6F:DB:66:72:E8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4FFF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4-hdjrjfvHgm52yqgeTvb9tmcug.roa
Signing time: Sun 05 May 2024 05:53:49 +0000
ROA not before: Sun 05 May 2024 05:53:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20479 (0x4fff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 05:53:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E3E85D8EB8DFBC7826E76CAA81E4EF6FDB6672E8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:7d:fd:b3:a6:8b:39:b3:f2:79:1d:42:cf:62:
f4:65:d2:c4:45:aa:35:02:d6:74:43:a7:20:36:68:
b5:e2:18:95:f3:7a:7a:a8:d0:88:64:95:df:83:29:
e0:c6:cc:7a:00:c2:90:40:ca:c7:71:cc:b8:18:a5:
f1:10:80:8f:bd:cd:4e:35:b7:00:86:99:33:fe:60:
64:87:39:ce:d8:b5:3f:c9:76:90:ca:d1:7f:be:8a:
eb:ec:05:8f:5c:d6:7d:d8:ff:b8:6a:09:f6:63:db:
95:1f:a0:5b:17:d8:44:35:03:8f:b8:b4:d0:e6:73:
72:92:53:5a:8f:4f:62:dc:ae:81:64:f7:db:8d:ea:
bc:5c:df:c1:62:b3:c1:f1:fd:c5:aa:a8:5e:17:ca:
ac:74:99:8e:24:4c:7b:a7:6d:36:fb:03:90:4e:a5:
1c:62:a4:84:9d:0b:ba:be:1b:12:37:4f:e5:3b:c3:
a3:4b:fa:b4:5a:cf:e5:d1:f1:ac:ed:04:54:80:5f:
57:d5:54:9e:47:5d:6d:e8:94:5f:48:d4:e6:4a:b0:
17:c8:f7:cd:d8:5f:a0:a1:bc:08:4b:2e:f2:54:3d:
79:79:cd:69:24:38:1c:c5:9f:e0:23:ce:7a:f4:92:
33:f2:ff:4a:90:82:44:47:71:ff:7e:ef:13:57:2a:
95:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:E8:5D:8E:B8:DF:BC:78:26:E7:6C:AA:81:E4:EF:6F:DB:66:72:E8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4-hdjrjfvHgm52yqgeTvb9tmcug.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2b:ea:de:c4:29:b0:01:59:79:07:1a:c0:32:63:68:e3:11:36:
ad:a3:e4:7a:02:f8:e4:0a:1c:dd:0d:98:08:2a:70:f4:28:31:
98:1b:b2:19:91:57:f0:13:c4:ae:07:1b:26:ea:4d:88:81:12:
1c:3e:5b:61:50:1a:c1:78:dd:cf:c7:54:b0:f6:6f:4e:7e:84:
95:71:d1:a8:80:71:ea:b7:42:c7:aa:92:5a:9f:69:f5:bd:da:
e5:89:01:8f:d1:16:d6:aa:69:46:b5:ac:b4:2a:77:42:63:2b:
6e:a0:0c:c6:4f:72:34:98:23:d5:e0:1a:3b:5a:77:44:ea:d6:
3a:1c:a2:1a:98:2e:39:62:fd:ad:51:92:e7:47:e8:26:78:16:
f3:cd:ec:f4:c6:56:89:e9:6b:50:57:11:c4:2b:15:25:b4:79:
b3:e3:c6:88:ee:42:e5:d6:dd:f1:a9:46:f4:9d:52:81:49:7e:
a7:3f:4b:91:2b:1c:84:02:68:56:2a:b2:41:41:45:34:2d:1e:
07:e5:11:9f:bc:b2:c0:09:b1:92:11:3a:19:e8:c4:64:db:2c:
1e:f0:f8:a7:07:d4:3b:07:7d:00:d1:7c:1b:65:3d:22:6a:4e:
f0:ac:a6:43:8e:8b:7c:af:67:16:c5:4b:43:c2:96:5b:22:35:
f9:b9:d9:ff
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICT/8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUw
NTUzNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUzRTg1RDhFQjhERkJD
NzgyNkU3NkNBQTgxRTRFRjZGREI2NjcyRTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCcff2zpos5s/J5HULPYvRl0sRFqjUC1nRDpyA2aLXiGJXzenqo
0Ihkld+DKeDGzHoAwpBAysdxzLgYpfEQgI+9zU41twCGmTP+YGSHOc7YtT/JdpDK
0X++iuvsBY9c1n3Y/7hqCfZj25UfoFsX2EQ1A4+4tNDmc3KSU1qPT2LcroFk99uN
6rxc38Fis8Hx/cWqqF4Xyqx0mY4kTHunbTb7A5BOpRxipISdC7q+GxI3T+U7w6NL
+rRaz+XR8aztBFSAX1fVVJ5HXW3olF9I1OZKsBfI983YX6ChvAhLLvJUPXl5zWkk
OBzFn+Ajznr0kjPy/0qQgkRHcf9+7xNXKpXZAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU4+hdjrjfvHgm52yqgeTvb9tmcugwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzQtaGRqcmpmdkhnbTUy
eXFnZVR2Yjl0bWN1Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACvq3sQpsAFZeQcawDJjaOMRNq2j5HoC
+OQKHN0NmAgqcPQoMZgbshmRV/ATxK4HGybqTYiBEhw+W2FQGsF43c/HVLD2b05+
hJVx0aiAceq3QseqklqfafW92uWJAY/RFtaqaUa1rLQqd0JjK26gDMZPcjSYI9Xg
Gjtad0Tq1jocohqYLjli/a1RkudH6CZ4FvPN7PTGVonpa1BXEcQrFSW0ebPjxoju
QuXW3fGpRvSdUoFJfqc/S5ErHIQCaFYqskFBRTQtHgflEZ+8ssAJsZIROhnoxGTb
LB7w+KcH1DsHfQDRfBtlPSJqTvCspkOOi3yvZxbFS0PCllsiNfm52f8=
-----END CERTIFICATE-----
Generated at Sun May 18 12:24:21 2025 by rpki-client