Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/A4kGBfSvo2cu6t4HHqV5RS4IjSM.roa
File: A4kGBfSvo2cu6t4HHqV5RS4IjSM.roa (raw, json)
Hash identifier: 3n07wv6KWqGrzwYqrNdxVJBJ1T+fSYtK0mo8CBtUC8I=
Subject key identifier: 03:89:06:05:F4:AF:A3:67:2E:EA:DE:07:1E:A5:79:45:2E:08:8D:23
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 567B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/A4kGBfSvo2cu6t4HHqV5RS4IjSM.roa
Signing time: Mon 13 May 2024 21:24:06 +0000
ROA not before: Mon 13 May 2024 21:24:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22139 (0x567b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 21:24:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=03890605F4AFA3672EEADE071EA579452E088D23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:9e:84:56:31:0f:90:23:25:b3:4f:b6:4a:1c:
12:9d:b7:55:0b:84:01:27:a5:22:29:06:c3:b7:a5:
01:c8:2e:43:f2:d4:43:82:51:d7:2b:e9:87:aa:7f:
39:a1:78:ce:00:2a:92:ba:e0:cf:f2:a9:62:33:85:
d4:0f:f4:58:a6:13:67:6a:24:de:77:98:f9:0a:cb:
5f:26:b6:7d:63:cb:ea:bb:69:55:28:02:c2:8b:3c:
5f:7e:a1:4e:dd:17:51:c3:ba:97:5e:5e:b7:4d:76:
72:3f:8b:6d:a1:ce:ee:da:67:f6:a2:ab:55:80:cb:
dc:39:27:64:27:ad:2f:b9:15:bd:30:de:00:19:ec:
63:45:24:cd:0d:5f:d7:dc:f4:f0:02:e7:ab:d4:4a:
5a:4f:91:d4:a8:64:0c:df:26:07:ea:ec:8b:02:d8:
f1:46:28:46:99:64:74:04:b0:be:37:2b:97:d7:68:
f2:21:b7:82:a0:c4:dd:a2:80:70:67:22:f6:e3:15:
a1:e7:c4:3d:f1:71:4f:be:7d:7b:4b:d4:5f:73:eb:
e1:65:46:9c:78:41:93:00:0b:ed:cd:0d:73:1f:7d:
57:b5:9b:82:6a:a7:54:c8:b6:21:92:d5:f3:c2:55:
eb:a3:d4:2d:7e:c5:90:84:40:db:00:1f:2d:aa:ac:
2d:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:89:06:05:F4:AF:A3:67:2E:EA:DE:07:1E:A5:79:45:2E:08:8D:23
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/A4kGBfSvo2cu6t4HHqV5RS4IjSM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
88:c4:56:4f:e8:5c:ae:b9:62:74:40:cc:11:a2:5c:ec:34:7e:
a1:15:40:37:2f:a8:05:56:cd:d5:0d:02:f9:35:56:5e:bc:fc:
c4:3e:1c:ec:eb:d8:b9:5b:6c:6c:96:fa:87:5a:3a:95:cb:dc:
96:37:c6:e4:32:c4:ca:00:41:b2:77:1e:db:de:2f:f3:28:60:
01:51:3d:44:01:be:0f:f0:e1:1b:51:62:2e:c7:5c:7f:3b:b5:
c8:34:b9:e1:7a:2f:73:1c:7b:26:a2:62:19:a8:6e:d6:ba:52:
ca:ea:17:45:9f:22:ec:5d:31:23:64:40:6a:14:37:b1:26:39:
5b:ba:54:5d:d2:52:dc:ca:84:4a:2d:e7:40:c2:f0:f6:d1:66:
13:e1:9c:a1:4a:51:7f:f0:f2:4c:3c:85:24:a9:d8:6a:29:12:
aa:e5:08:26:3e:71:ec:e4:4f:23:1a:40:7f:7f:b9:4d:eb:b7:
4a:0e:c6:c6:61:8c:44:91:20:d0:2d:3e:74:b9:80:bc:d5:f9:
98:de:fe:00:dc:c5:9b:0e:6b:44:e3:7e:bd:05:80:ea:31:64:
65:c3:14:3d:0b:bf:bb:e4:44:97:3e:da:90:6f:e8:d4:57:49:
06:87:2b:e1:b3:a8:bf:e2:83:32:cf:9c:e8:22:00:e3:b7:69:
3e:b3:09:59
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVnswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMy
MTI0MDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAzODkwNjA1RjRBRkEz
NjcyRUVBREUwNzFFQTU3OTQ1MkUwODhEMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQConoRWMQ+QIyWzT7ZKHBKdt1ULhAEnpSIpBsO3pQHILkPy1EOC
Udcr6YeqfzmheM4AKpK64M/yqWIzhdQP9FimE2dqJN53mPkKy18mtn1jy+q7aVUo
AsKLPF9+oU7dF1HDupdeXrdNdnI/i22hzu7aZ/aiq1WAy9w5J2QnrS+5Fb0w3gAZ
7GNFJM0NX9fc9PAC56vUSlpPkdSoZAzfJgfq7IsC2PFGKEaZZHQEsL43K5fXaPIh
t4KgxN2igHBnIvbjFaHnxD3xcU++fXtL1F9z6+FlRpx4QZMAC+3NDXMffVe1m4Jq
p1TItiGS1fPCVeuj1C1+xZCEQNsAHy2qrC2lAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUA4kGBfSvo2cu6t4HHqV5RS4IjSMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0E0a0dCZlN2bzJjdTZ0
NEhIcVY1UlM0SWpTTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAIjEVk/oXK65YnRAzBGiXOw0fqEVQDcv
qAVWzdUNAvk1Vl68/MQ+HOzr2LlbbGyW+odaOpXL3JY3xuQyxMoAQbJ3HtveL/Mo
YAFRPUQBvg/w4RtRYi7HXH87tcg0ueF6L3MceyaiYhmobta6UsrqF0WfIuxdMSNk
QGoUN7EmOVu6VF3SUtzKhEot50DC8PbRZhPhnKFKUX/w8kw8hSSp2GopEqrlCCY+
cezkTyMaQH9/uU3rt0oOxsZhjESRINAtPnS5gLzV+Zje/gDcxZsOa0Tjfr0FgOox
ZGXDFD0Lv7vkRJc+2pBv6NRXSQaHK+GzqL/igzLPnOgiAOO3aT6zCVk=
-----END CERTIFICATE-----
Generated at Sun May 18 09:10:32 2025 by rpki-client