Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4V2zKxRUDDjYWKkkcKDP5FAwT0U.roa
File: 4V2zKxRUDDjYWKkkcKDP5FAwT0U.roa (raw, json)
Hash identifier: PTjZVCxsi/YMep1cVtQOZZtqCRhgtnf0Mt4Lyrm04UY=
Subject key identifier: E1:5D:B3:2B:14:54:0C:38:D8:58:A9:24:70:A0:CF:E4:50:30:4F:45
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A77
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4V2zKxRUDDjYWKkkcKDP5FAwT0U.roa
Signing time: Sat 27 Apr 2024 20:53:25 +0000
ROA not before: Sat 27 Apr 2024 20:53:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19063 (0x4a77)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 20:53:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E15DB32B14540C38D858A92470A0CFE450304F45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:ac:80:ac:bf:d5:a8:bf:7c:af:62:4b:b9:be:
c4:8b:23:c8:6d:af:2f:c2:03:d2:c2:36:63:e0:56:
f3:ed:06:1d:9e:ab:5b:c6:4b:9e:3c:ae:6a:f6:d1:
6f:a9:c7:9a:12:3e:3a:79:15:7f:a4:5c:10:93:10:
51:2a:49:7d:49:ab:b6:5d:c5:a0:f6:43:48:9f:8e:
8e:8b:88:51:76:67:ad:f1:df:aa:1f:46:bf:1c:4c:
24:7d:54:97:d4:03:a4:68:9d:ec:8f:77:9f:a1:72:
97:61:07:f0:71:0f:f2:1c:b5:df:98:a0:6d:8c:3b:
fc:70:57:59:76:83:47:6c:3e:e4:b4:0f:7a:b2:f2:
a9:ae:f3:de:a3:ce:a3:94:82:dd:5b:98:dc:0a:22:
7e:d2:87:7e:22:e7:87:8e:ef:f7:68:28:2f:3e:35:
74:3d:c5:33:8b:f5:9a:90:db:fa:52:b3:45:53:00:
07:c3:07:a9:e1:ab:11:29:69:ff:c5:e9:0d:46:1b:
57:f6:41:67:11:14:88:0e:fe:05:b0:fc:ba:fd:38:
cf:22:7d:d1:32:1d:97:96:b5:e6:6d:a3:73:0c:96:
1b:6c:4d:c0:a9:0b:1e:5a:fd:86:e2:5d:e4:9a:aa:
18:c8:93:a9:42:25:61:55:e6:87:d4:3f:41:a5:ad:
45:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:5D:B3:2B:14:54:0C:38:D8:58:A9:24:70:A0:CF:E4:50:30:4F:45
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4V2zKxRUDDjYWKkkcKDP5FAwT0U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
b5:6c:1e:97:02:1b:3e:dc:41:48:64:5d:fc:75:4d:c8:a6:a3:
64:b5:67:11:6a:00:85:5f:99:76:91:4b:dd:5f:a9:0a:db:53:
7e:aa:09:95:5f:3b:9e:e6:d4:0b:34:89:43:4c:93:a2:a0:d6:
19:55:12:f7:73:a4:00:e4:38:c4:4d:d3:38:66:94:66:c3:57:
e1:f0:4c:01:ad:85:27:27:10:57:f9:ab:51:4b:6c:00:54:b3:
fb:c6:25:32:30:13:5e:b4:83:07:c9:e5:4b:07:5b:b9:b7:cf:
8e:cb:df:5c:e2:b4:3f:ad:6b:23:5c:c6:42:3d:2a:14:4a:6c:
4f:af:47:59:e9:fe:0d:e9:20:61:2b:ab:ce:85:c8:2e:d5:94:
fd:a1:0e:8d:e6:ef:3c:1b:e5:46:a6:ca:32:41:58:b7:74:f3:
11:7c:df:40:ad:b7:98:2b:e9:f4:b6:f4:f4:2f:f1:cf:99:05:
25:ab:80:19:3f:4b:c3:77:29:e9:af:ec:d1:36:35:00:c5:64:
94:79:4f:e0:a2:5f:55:93:a3:7e:a7:e6:8b:bb:30:66:05:6a:
a4:c3:5c:3a:aa:2c:5d:73:71:2d:09:51:86:08:22:cd:0b:88:
9d:ee:f8:9c:65:c1:e8:a9:9e:b2:aa:4e:42:15:4d:05:c4:a6:
21:a1:7e:c3
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICSncwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcy
MDUzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUxNURCMzJCMTQ1NDBD
MzhEODU4QTkyNDcwQTBDRkU0NTAzMDRGNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCkrICsv9Wov3yvYku5vsSLI8htry/CA9LCNmPgVvPtBh2eq1vG
S548rmr20W+px5oSPjp5FX+kXBCTEFEqSX1Jq7ZdxaD2Q0ifjo6LiFF2Z63x36of
Rr8cTCR9VJfUA6RoneyPd5+hcpdhB/BxD/Ictd+YoG2MO/xwV1l2g0dsPuS0D3qy
8qmu896jzqOUgt1bmNwKIn7Sh34i54eO7/doKC8+NXQ9xTOL9ZqQ2/pSs0VTAAfD
B6nhqxEpaf/F6Q1GG1f2QWcRFIgO/gWw/Lr9OM8ifdEyHZeWteZto3MMlhtsTcCp
Cx5a/YbiXeSaqhjIk6lCJWFV5ofUP0GlrUX5AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU4V2zKxRUDDjYWKkkcKDP5FAwT0UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRWMnpLeFJVRERqWVdL
a2tjS0RQNUZBd1QwVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALVsHpcCGz7cQUhkXfx1Tcimo2S1ZxFq
AIVfmXaRS91fqQrbU36qCZVfO57m1As0iUNMk6Kg1hlVEvdzpADkOMRN0zhmlGbD
V+HwTAGthScnEFf5q1FLbABUs/vGJTIwE160gwfJ5UsHW7m3z47L31zitD+tayNc
xkI9KhRKbE+vR1np/g3pIGErq86FyC7VlP2hDo3m7zwb5UamyjJBWLd08xF830Ct
t5gr6fS29PQv8c+ZBSWrgBk/S8N3Kemv7NE2NQDFZJR5T+CiX1WTo36n5ou7MGYF
aqTDXDqqLF1zcS0JUYYIIs0LiJ3u+JxlweipnrKqTkIVTQXEpiGhfsM=
-----END CERTIFICATE-----
Generated at Sun May 18 04:50:53 2025 by rpki-client