Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/81ZJtf4O3jdxrhGH7Qx1v6ywzxQ.roa
File: 81ZJtf4O3jdxrhGH7Qx1v6ywzxQ.roa (raw, json)
Hash identifier: hXtPpzhh9Gb6KO+d5S2zxOoRWQTONajYdr6MMbX7iTY=
Subject key identifier: F3:56:49:B5:FE:0E:DE:37:71:AE:11:87:ED:0C:75:BF:AC:B0:CF:14
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35D3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/81ZJtf4O3jdxrhGH7Qx1v6ywzxQ.roa
Signing time: Sun 31 Mar 2024 08:22:13 +0000
ROA not before: Sun 31 Mar 2024 08:22:13 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13779 (0x35d3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 08:22:13 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F35649B5FE0EDE3771AE1187ED0C75BFACB0CF14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:ea:c0:05:d8:1f:37:a9:f4:ea:ec:9f:42:f4:
b1:39:db:b8:6b:ae:b4:18:d3:93:a8:8c:49:8f:d3:
61:c6:9f:6e:12:fe:60:57:02:6b:57:07:c5:dd:85:
cd:07:9a:20:33:e5:e3:97:1d:69:43:3e:70:98:35:
74:d9:6e:d1:7b:01:70:e7:8a:f0:7a:97:1b:ae:08:
a9:29:26:58:74:38:82:fc:9c:d3:5c:5b:45:32:e0:
0d:e4:a5:dd:e0:a4:18:d2:9b:d9:df:00:14:9d:bb:
97:f0:c1:90:4c:16:31:ba:26:52:a2:29:9a:50:e5:
73:30:3d:d2:95:55:2a:da:15:7c:93:ba:c4:02:87:
d7:c3:d8:76:11:6c:20:39:7b:96:a5:b0:2b:62:47:
68:f9:5a:30:7b:d2:aa:96:7b:9e:87:33:17:e5:7f:
2b:a8:6e:d0:1d:b3:a7:2c:1e:55:46:df:29:28:69:
43:3c:71:f7:d8:a7:52:ea:6c:80:f4:77:12:6c:eb:
96:86:c9:29:a4:32:a2:10:9d:70:42:8e:f4:8d:0e:
2e:a7:02:77:cf:53:2f:3c:0b:11:5b:eb:f4:c4:42:
54:d5:ab:23:ea:3c:8a:34:99:59:6a:9c:7e:a4:73:
b0:e3:51:1f:6f:2e:26:b2:9e:92:de:cd:a6:bb:cb:
f3:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:56:49:B5:FE:0E:DE:37:71:AE:11:87:ED:0C:75:BF:AC:B0:CF:14
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/81ZJtf4O3jdxrhGH7Qx1v6ywzxQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
49:fb:c2:a8:58:04:5f:22:c3:73:9c:07:28:09:be:d5:9e:f7:
1b:98:fc:13:cc:48:e1:f7:69:de:2b:c7:a8:27:87:58:11:09:
b3:09:be:ed:5f:19:ad:f2:5b:22:f7:2f:a5:b9:d3:a0:d8:05:
42:40:24:d1:c2:3b:30:42:3c:4e:d3:f6:9e:07:e3:8f:78:e8:
9c:86:f4:91:a3:ac:6d:7c:24:b3:d3:9a:85:f7:24:ba:50:dc:
90:39:95:4e:b4:8d:cc:03:df:2c:13:11:c1:47:3d:85:92:a9:
d4:92:28:65:e3:e6:80:bb:19:29:7d:a4:f2:e4:b6:c5:29:f2:
96:dc:de:55:4a:6f:10:b8:9d:cc:6c:3c:d9:6a:a2:c1:10:fe:
99:5e:af:92:5e:cf:a3:fb:c3:3c:49:3c:5d:77:a2:c3:44:43:
ef:e7:f0:23:1f:11:a6:0c:32:c6:fb:65:5c:39:ee:b9:44:ee:
aa:9b:8b:d8:96:db:af:bd:73:ec:b8:f8:82:a9:35:04:63:1f:
7a:83:9b:86:a5:61:60:63:b1:20:1a:ec:75:66:fe:4b:67:27:
3d:ad:1f:bf:d7:68:06:04:cb:42:84:93:82:71:79:db:a6:9e:
15:8c:03:b7:47:a7:be:af:b9:bd:85:c6:10:81:d1:62:ca:85:
b8:f1:e1:6d
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNdMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
ODIyMTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEYzNTY0OUI1RkUwRURF
Mzc3MUFFMTE4N0VEMEM3NUJGQUNCMENGMTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDg6sAF2B83qfTq7J9C9LE527hrrrQY05OojEmP02HGn24S/mBX
AmtXB8Xdhc0HmiAz5eOXHWlDPnCYNXTZbtF7AXDnivB6lxuuCKkpJlh0OIL8nNNc
W0Uy4A3kpd3gpBjSm9nfABSdu5fwwZBMFjG6JlKiKZpQ5XMwPdKVVSraFXyTusQC
h9fD2HYRbCA5e5alsCtiR2j5WjB70qqWe56HMxflfyuobtAds6csHlVG3ykoaUM8
cffYp1LqbID0dxJs65aGySmkMqIQnXBCjvSNDi6nAnfPUy88CxFb6/TEQlTVqyPq
PIo0mVlqnH6kc7DjUR9vLiaynpLezaa7y/MnAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU81ZJtf4O3jdxrhGH7Qx1v6ywzxQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzgxWkp0ZjRPM2pkeHJo
R0g3UXgxdjZ5d3p4US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAEn7wqhYBF8iw3OcBygJvtWe9xuY/BPM
SOH3ad4rx6gnh1gRCbMJvu1fGa3yWyL3L6W506DYBUJAJNHCOzBCPE7T9p4H4494
6JyG9JGjrG18JLPTmoX3JLpQ3JA5lU60jcwD3ywTEcFHPYWSqdSSKGXj5oC7GSl9
pPLktsUp8pbc3lVKbxC4ncxsPNlqosEQ/pler5Jez6P7wzxJPF13osNEQ+/n8CMf
EaYMMsb7ZVw57rlE7qqbi9iW26+9c+y4+IKpNQRjH3qDm4alYWBjsSAa7HVm/ktn
Jz2tH7/XaAYEy0KEk4JxedumnhWMA7dHp76vub2FxhCB0WLKhbjx4W0=
-----END CERTIFICATE-----
Generated at Sun May 18 03:17:47 2025 by rpki-client