Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/I0Kx_C7LSYTzBav5HwR8wBDlVsM.roa
File: I0Kx_C7LSYTzBav5HwR8wBDlVsM.roa (raw, json)
Hash identifier: lhCSTFIm/yE9lXFQSEv7poY4t60AqUN4vKjRMBInj64=
Subject key identifier: 23:42:B1:FC:2E:CB:49:84:F3:05:AB:F9:1F:04:7C:C0:10:E5:56:C3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4CD7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I0Kx_C7LSYTzBav5HwR8wBDlVsM.roa
Signing time: Wed 01 May 2024 00:53:34 +0000
ROA not before: Wed 01 May 2024 00:53:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19671 (0x4cd7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 1 00:53:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2342B1FC2ECB4984F305ABF91F047CC010E556C3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:01:74:ed:94:82:47:4a:9e:2a:df:a2:81:4b:
c5:3b:c5:7b:0d:bc:ae:07:5c:ef:27:cd:8d:d5:a7:
7e:ef:51:f7:f3:60:c4:eb:57:ab:46:c0:bf:31:d0:
52:de:58:0e:3a:f1:7c:7d:d2:e0:ac:5c:4e:b9:f2:
1b:37:77:5e:f4:54:f9:1f:34:7b:dc:c2:7a:79:2d:
9d:f6:af:8e:57:a2:39:78:e7:d5:ef:0d:56:96:62:
3a:90:f3:33:de:76:ea:d0:24:97:df:48:6e:c3:f9:
6c:ed:1d:fe:fb:b5:87:8e:5d:e8:a7:e3:d1:49:76:
cd:26:63:21:5d:3e:ec:06:7a:f5:dd:47:93:f9:5a:
7e:6f:57:40:b0:9f:d2:fa:cc:15:82:6f:e0:c7:79:
04:b8:79:74:f6:94:62:42:94:66:db:38:35:40:7d:
af:c3:85:f4:a6:e0:94:72:80:9a:e7:73:47:5a:d2:
76:dd:9c:cc:2f:1d:79:22:7e:d2:7c:24:d4:0e:88:
2a:3a:f2:22:e4:76:61:c3:1b:7f:e4:c6:99:1f:2e:
d2:33:27:e1:0a:ad:f7:56:fe:17:37:cc:04:1c:e9:
60:83:7e:2b:8f:2b:26:97:bf:ee:26:ab:47:a3:96:
61:0f:7f:bf:e5:4d:fd:a5:3b:8a:ea:b0:96:ae:94:
69:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:42:B1:FC:2E:CB:49:84:F3:05:AB:F9:1F:04:7C:C0:10:E5:56:C3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I0Kx_C7LSYTzBav5HwR8wBDlVsM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
b5:62:43:05:08:a5:19:eb:62:e8:b3:37:b6:69:21:13:98:fd:
ca:e7:bc:bd:af:08:30:fe:ec:84:2c:c4:94:df:d5:a9:df:3e:
6d:89:71:31:62:b9:76:b6:15:98:5b:16:e0:c7:a5:65:7a:8b:
a1:50:38:ff:44:34:f8:15:ad:22:72:c2:b1:28:7a:d9:e6:41:
3d:40:a2:b0:5c:87:73:ca:12:4a:6c:ad:b4:05:d4:5c:69:ac:
a4:cf:99:a8:ea:f1:1a:19:9d:1f:5a:76:db:25:59:60:3d:60:
ae:7b:3b:22:50:39:6f:33:9a:5d:95:3f:1d:1c:fc:4e:c2:75:
6c:45:5b:b7:bb:f8:32:c9:ae:ec:49:79:90:f8:f1:a3:e8:98:
37:86:e8:c2:04:e5:4d:83:6f:8e:a5:95:ee:d8:f8:58:83:7a:
e0:37:38:ee:00:ed:a1:ce:94:22:1a:56:b3:34:26:07:41:3d:
65:92:8a:6c:6e:c3:37:aa:b0:50:d9:9a:0a:c9:59:ff:ff:b2:
b6:3c:e0:f6:11:2a:ae:6a:64:b7:d5:57:99:a9:29:53:4c:ff:
1e:c3:84:22:f2:39:15:62:86:79:95:e6:de:03:e6:58:0d:73:
6f:83:dc:2a:1f:42:97:55:bd:16:9a:cc:0e:c8:7d:dd:50:f2:
36:9a:19:a2
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTNcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDEw
MDUzMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIzNDJCMUZDMkVDQjQ5
ODRGMzA1QUJGOTFGMDQ3Q0MwMTBFNTU2QzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6AXTtlIJHSp4q36KBS8U7xXsNvK4HXO8nzY3Vp37vUffzYMTr
V6tGwL8x0FLeWA468Xx90uCsXE658hs3d170VPkfNHvcwnp5LZ32r45Xojl459Xv
DVaWYjqQ8zPedurQJJffSG7D+WztHf77tYeOXein49FJds0mYyFdPuwGevXdR5P5
Wn5vV0Cwn9L6zBWCb+DHeQS4eXT2lGJClGbbODVAfa/DhfSm4JRygJrnc0da0nbd
nMwvHXkiftJ8JNQOiCo68iLkdmHDG3/kxpkfLtIzJ+EKrfdW/hc3zAQc6WCDfiuP
KyaXv+4mq0ejlmEPf7/lTf2lO4rqsJaulGkzAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUI0Kx/C7LSYTzBav5HwR8wBDlVsMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0kwS3hfQzdMU1lUekJh
djVId1I4d0JEbFZzTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALViQwUIpRnrYuizN7ZpIROY/crnvL2v
CDD+7IQsxJTf1anfPm2JcTFiuXa2FZhbFuDHpWV6i6FQOP9ENPgVrSJywrEoetnm
QT1AorBch3PKEkpsrbQF1FxprKTPmajq8RoZnR9adtslWWA9YK57OyJQOW8zml2V
Px0c/E7CdWxFW7e7+DLJruxJeZD48aPomDeG6MIE5U2Db46lle7Y+FiDeuA3OO4A
7aHOlCIaVrM0JgdBPWWSimxuwzeqsFDZmgrJWf//srY84PYRKq5qZLfVV5mpKVNM
/x7DhCLyORVihnmV5t4D5lgNc2+D3CofQpdVvRaazA7Ifd1Q8jaaGaI=
-----END CERTIFICATE-----
Generated at Sun May 18 04:48:49 2025 by rpki-client