Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/D3X1iuVfVPFd7ZAAsjlgVKCFG9Q.roa
File: D3X1iuVfVPFd7ZAAsjlgVKCFG9Q.roa (raw, json)
Hash identifier: NHwS7yI/3H8+TvcE2jPNG2uuJgOLw5+R1RiSsQcozeo=
Subject key identifier: 0F:75:F5:8A:E5:5F:54:F1:5D:ED:90:00:B2:39:60:54:A0:85:1B:D4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4AD3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/D3X1iuVfVPFd7ZAAsjlgVKCFG9Q.roa
Signing time: Sun 28 Apr 2024 08:23:26 +0000
ROA not before: Sun 28 Apr 2024 08:23:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19155 (0x4ad3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 08:23:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0F75F58AE55F54F15DED9000B2396054A0851BD4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:f9:61:94:48:9c:0f:d4:c4:7c:4a:59:6e:24:
b5:f7:2a:c6:e9:55:bf:3d:cb:e3:a6:04:0e:b2:01:
12:be:5d:84:34:0b:88:36:02:67:54:b5:fe:4b:28:
81:10:c1:0c:1f:c1:fa:94:11:8b:db:ae:79:35:c6:
9e:49:77:d3:cc:a2:fc:34:1e:25:1c:0f:59:fd:08:
08:6d:ff:85:04:0f:a1:70:75:2b:50:51:7b:1c:51:
f8:a6:35:1e:50:4d:6b:44:15:f7:02:fd:df:b6:d6:
8d:5f:c2:30:58:91:3c:61:98:39:45:04:78:75:17:
33:2a:ab:39:91:76:58:4c:14:03:8c:1f:42:c6:1b:
35:15:be:d5:b1:cc:13:1f:7d:a8:94:50:62:17:82:
a0:c1:0c:d2:15:54:18:20:ba:d1:45:c2:77:4f:42:
0e:8a:1c:85:21:44:80:d2:af:60:cb:a3:ec:9b:33:
2e:0a:25:22:93:01:ba:bf:47:27:82:0c:5d:d0:51:
72:bd:8c:08:06:90:25:ed:ca:66:80:81:d3:b3:5b:
1b:87:95:ed:a5:ae:b2:46:01:85:ab:82:a9:81:58:
fb:a4:2e:df:f5:a6:91:01:38:a4:9c:bf:7d:13:5d:
4c:0d:22:66:c2:47:7a:82:0c:12:a4:11:ff:88:99:
51:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:75:F5:8A:E5:5F:54:F1:5D:ED:90:00:B2:39:60:54:A0:85:1B:D4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/D3X1iuVfVPFd7ZAAsjlgVKCFG9Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
27:dc:e6:92:b7:2a:7d:5f:b1:8f:ae:2a:0d:0a:be:42:8c:db:
01:92:94:9d:56:57:8d:05:44:a1:4b:2f:6f:d2:c9:af:eb:40:
52:0b:c5:b3:d6:b5:01:05:27:14:25:61:a1:e6:e0:27:34:2d:
f8:eb:59:19:0d:e2:6a:d2:be:5b:a0:9f:aa:07:c1:95:79:3f:
75:06:ce:1e:d0:61:e5:15:e3:6d:fa:90:1c:7d:e2:c6:3e:95:
d8:b5:85:d2:3f:cf:34:ef:97:ca:1e:bd:69:97:13:2e:da:e5:
00:ce:1a:7e:2a:d8:2a:d7:5b:8b:90:a3:58:c3:c6:59:0f:c2:
23:27:31:7f:86:e6:e6:ce:56:c6:58:2a:f8:6b:81:21:48:4f:
26:bb:1d:6a:ae:d6:e3:fd:fd:46:da:74:4c:4f:92:be:4d:04:
12:1c:1e:8b:56:21:11:6a:88:7e:87:94:e1:49:13:61:f0:87:
e3:89:60:8c:1f:46:e3:6f:aa:d1:8d:fb:33:3f:21:21:82:21:
ec:ff:02:76:d1:e5:f0:07:28:14:e2:ad:a6:7a:60:0a:13:37:
49:60:46:e0:1c:e7:e1:d7:fe:7e:08:e3:ae:16:99:b0:a5:fd:
bb:2f:0b:10:c8:59:e9:64:77:f2:f0:77:90:1d:bb:69:65:ee:
fb:a9:87:b7
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICStMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgw
ODIzMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBGNzVGNThBRTU1RjU0
RjE1REVEOTAwMEIyMzk2MDU0QTA4NTFCRDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDV+WGUSJwP1MR8SlluJLX3KsbpVb89y+OmBA6yARK+XYQ0C4g2
AmdUtf5LKIEQwQwfwfqUEYvbrnk1xp5Jd9PMovw0HiUcD1n9CAht/4UED6FwdStQ
UXscUfimNR5QTWtEFfcC/d+21o1fwjBYkTxhmDlFBHh1FzMqqzmRdlhMFAOMH0LG
GzUVvtWxzBMffaiUUGIXgqDBDNIVVBggutFFwndPQg6KHIUhRIDSr2DLo+ybMy4K
JSKTAbq/RyeCDF3QUXK9jAgGkCXtymaAgdOzWxuHle2lrrJGAYWrgqmBWPukLt/1
ppEBOKScv30TXUwNImbCR3qCDBKkEf+ImVE3AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUD3X1iuVfVPFd7ZAAsjlgVKCFG9QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0QzWDFpdVZmVlBGZDda
QUFzamxnVktDRkc5US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACfc5pK3Kn1fsY+uKg0KvkKM2wGSlJ1W
V40FRKFLL2/Sya/rQFILxbPWtQEFJxQlYaHm4Cc0LfjrWRkN4mrSvlugn6oHwZV5
P3UGzh7QYeUV4236kBx94sY+ldi1hdI/zzTvl8oevWmXEy7a5QDOGn4q2CrXW4uQ
o1jDxlkPwiMnMX+G5ubOVsZYKvhrgSFITya7HWqu1uP9/UbadExPkr5NBBIcHotW
IRFqiH6HlOFJE2Hwh+OJYIwfRuNvqtGN+zM/ISGCIez/AnbR5fAHKBTiraZ6YAoT
N0lgRuAc5+HX/n4I464WmbCl/bsvCxDIWelkd/Lwd5Adu2ll7vuph7c=
-----END CERTIFICATE-----
Generated at Sat May 17 21:28:24 2025 by rpki-client