Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/IK1NQNLUk2EN4PMJkd3-axrpbDY.roa
File: IK1NQNLUk2EN4PMJkd3-axrpbDY.roa (raw, json)
Hash identifier: NWixxh1Tscn7n/yxoGYpWv4SCELmyuq90eETacVb5mU=
Subject key identifier: 20:AD:4D:40:D2:D4:93:61:0D:E0:F3:09:91:DD:FE:6B:1A:E9:6C:36
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3C73
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IK1NQNLUk2EN4PMJkd3-axrpbDY.roa
Signing time: Tue 09 Apr 2024 04:22:35 +0000
ROA not before: Tue 09 Apr 2024 04:22:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15475 (0x3c73)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 04:22:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=20AD4D40D2D493610DE0F30991DDFE6B1AE96C36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:a6:c8:fa:74:e7:bc:a5:7b:dd:40:25:85:39:
de:26:10:4d:7b:88:4c:91:f5:ff:b1:d1:aa:ad:86:
e9:65:3e:07:49:7a:96:5e:f6:9c:1e:3a:32:8c:37:
04:a8:ec:96:90:ef:cd:2b:69:03:a8:12:d4:a8:6e:
49:aa:b5:9b:d2:be:ce:37:e9:ae:53:26:7d:2a:b5:
cf:9f:ae:84:df:91:e9:f0:d5:1e:04:2a:74:6e:3a:
f6:e1:61:aa:4f:21:2b:26:66:99:46:5e:4f:1b:d2:
a3:3d:dc:47:cf:cf:dd:86:a6:65:7c:0f:81:39:2a:
30:db:96:ac:7e:46:fc:ab:9a:fe:00:96:df:e1:88:
a1:7d:58:ac:f3:e1:d3:bd:a0:62:75:c3:c9:cc:66:
f1:0c:dc:e3:c9:bb:5a:10:6d:65:fe:f6:31:cf:7e:
f9:72:74:88:bf:88:7b:a4:0a:fc:25:16:6b:b8:ed:
72:5e:a3:99:b3:f4:8b:6e:d7:a5:11:54:96:f1:77:
10:d2:17:ff:3e:cf:42:0c:8d:d6:ec:4b:c9:7b:1d:
59:4f:e0:c8:4b:93:d8:b0:ca:e5:39:de:61:5a:f2:
2f:72:94:56:25:a0:e8:26:cb:93:27:d4:3a:d3:00:
01:a3:c1:b7:08:da:65:b8:22:5f:49:c2:1f:2b:12:
49:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:AD:4D:40:D2:D4:93:61:0D:E0:F3:09:91:DD:FE:6B:1A:E9:6C:36
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IK1NQNLUk2EN4PMJkd3-axrpbDY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
aa:d5:5e:d8:9c:9b:f9:e5:19:78:4a:4f:bf:2c:90:0a:f8:3e:
47:d8:94:21:3b:70:01:db:95:73:a6:25:bc:18:e3:54:0a:2f:
32:09:e2:69:66:3e:24:80:80:7c:50:a1:2b:c9:e6:d2:ba:97:
20:b5:0e:69:34:bf:59:57:22:05:98:f0:58:19:a5:73:97:9d:
2b:a3:24:9e:b2:d0:48:54:42:5e:4f:cb:d2:c8:04:4c:ba:af:
5e:85:89:38:bb:e8:05:ac:55:8f:81:94:ec:bc:21:d9:06:75:
b6:c9:7a:42:79:b9:7e:ce:34:aa:a5:cd:89:93:6f:01:f7:c8:
f0:10:40:56:3c:f0:78:96:9f:59:53:e7:db:89:49:a9:f5:2b:
cb:70:35:4b:e8:78:1c:bb:d2:b6:9c:cf:eb:d7:dd:32:42:4a:
f0:d8:d6:0b:5d:73:a9:a0:7b:42:8e:ec:cb:2e:70:fb:fd:28:
fa:9d:ff:4d:96:f4:60:91:a4:fc:9f:c4:5f:3c:c0:ed:0f:e1:
89:b1:a2:69:6d:b1:ac:63:24:f0:5a:26:7d:9d:ac:4b:9d:b9:
55:cd:23:49:94:16:07:76:b5:39:0c:4b:2b:01:ce:1e:9e:59:
65:48:2a:6f:34:4c:38:d5:eb:04:35:70:17:24:6f:3c:4e:ef:
e6:26:86:05
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPHMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkw
NDIyMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIwQUQ0RDQwRDJENDkz
NjEwREUwRjMwOTkxRERGRTZCMUFFOTZDMzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6psj6dOe8pXvdQCWFOd4mEE17iEyR9f+x0aqthullPgdJepZe
9pweOjKMNwSo7JaQ780raQOoEtSobkmqtZvSvs436a5TJn0qtc+froTfkenw1R4E
KnRuOvbhYapPISsmZplGXk8b0qM93EfPz92GpmV8D4E5KjDblqx+Rvyrmv4Alt/h
iKF9WKzz4dO9oGJ1w8nMZvEM3OPJu1oQbWX+9jHPfvlydIi/iHukCvwlFmu47XJe
o5mz9Itu16URVJbxdxDSF/8+z0IMjdbsS8l7HVlP4MhLk9iwyuU53mFa8i9ylFYl
oOgmy5Mn1DrTAAGjwbcI2mW4Il9Jwh8rEknZAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUIK1NQNLUk2EN4PMJkd3+axrpbDYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0lLMU5RTkxVazJFTjRQ
TUprZDMtYXhycGJEWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKrVXticm/nlGXhKT78skAr4PkfYlCE7
cAHblXOmJbwY41QKLzIJ4mlmPiSAgHxQoSvJ5tK6lyC1Dmk0v1lXIgWY8FgZpXOX
nSujJJ6y0EhUQl5Py9LIBEy6r16FiTi76AWsVY+BlOy8IdkGdbbJekJ5uX7ONKql
zYmTbwH3yPAQQFY88HiWn1lT59uJSan1K8twNUvoeBy70racz+vX3TJCSvDY1gtd
c6mge0KO7MsucPv9KPqd/02W9GCRpPyfxF88wO0P4YmxomltsaxjJPBaJn2drEud
uVXNI0mUFgd2tTkMSysBzh6eWWVIKm80TDjV6wQ1cBckbzxO7+YmhgU=
-----END CERTIFICATE-----
Generated at Sun May 18 02:00:38 2025 by rpki-client