Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NIhju8NXnAiuK1k3s9cqiQdXkic.roa
File: NIhju8NXnAiuK1k3s9cqiQdXkic.roa (raw, json)
Hash identifier: 1AFqI0ZVDEopNFEMZkWwUzCoE4EhiB7qGho8MRijcCs=
Subject key identifier: 34:88:63:BB:C3:57:9C:08:AE:2B:59:37:B3:D7:2A:89:07:57:92:27
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4FD3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NIhju8NXnAiuK1k3s9cqiQdXkic.roa
Signing time: Sun 05 May 2024 00:23:53 +0000
ROA not before: Sun 05 May 2024 00:23:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20435 (0x4fd3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 00:23:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=348863BBC3579C08AE2B5937B3D72A8907579227
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:cd:63:a3:3e:be:9b:a2:a4:b1:ec:f8:19:8b:
2a:7e:a7:45:ec:0c:96:d6:80:0d:13:42:bc:22:90:
fd:68:0f:37:c7:09:2c:21:61:b9:5a:34:f2:b9:4e:
e0:18:88:58:78:e5:58:6d:6a:5c:15:f3:26:43:f2:
eb:ea:a2:c4:08:ea:72:e8:93:b8:8f:60:74:4d:9c:
3f:ae:3c:9a:68:04:fb:b6:8a:f6:1e:45:60:28:10:
2c:3c:b5:12:b8:69:4d:6a:70:bb:6b:f3:40:d9:e8:
ed:ee:c9:b4:d4:f3:ae:22:17:64:59:1d:55:e7:21:
87:5b:b3:d4:5a:f3:d0:db:ea:27:c9:ee:be:b5:0f:
db:fd:e7:1a:f5:11:e4:d2:0b:78:63:c4:27:9f:d9:
94:36:9c:f3:77:a3:22:ad:97:16:99:35:4b:35:cd:
50:e2:10:2c:42:a7:db:33:a3:81:ce:09:d3:a1:14:
c1:c2:ee:ea:7d:82:2a:27:50:1d:6a:4b:09:1e:be:
66:c4:3b:f3:17:bd:09:e8:92:f3:86:eb:2d:5a:06:
fa:f0:4d:19:34:64:97:88:cb:e9:2d:83:cb:c8:ad:
45:2c:1a:f7:4b:36:07:9b:4b:19:2b:a4:d0:10:74:
d8:42:3f:95:a8:0b:49:99:af:91:61:ac:70:18:a9:
22:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:88:63:BB:C3:57:9C:08:AE:2B:59:37:B3:D7:2A:89:07:57:92:27
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NIhju8NXnAiuK1k3s9cqiQdXkic.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
ae:97:61:27:74:81:4d:af:82:65:11:6e:a7:90:f7:68:8a:59:
65:e1:8a:5f:f6:d7:07:58:6b:ec:67:e7:57:d9:de:22:ac:62:
dd:b4:c5:db:3a:43:da:1e:6b:96:8e:8b:4f:3f:b4:7c:c0:56:
bc:c4:51:7b:fa:24:ae:ad:a6:c2:23:88:f3:62:99:e7:9a:60:
c5:0c:00:ff:6a:20:df:df:e2:34:be:2d:fe:e9:ab:b7:1a:44:
3c:aa:0c:ea:df:15:5b:38:06:e9:ba:96:d3:5c:b4:7e:5a:e8:
d3:ec:6c:5d:a0:e6:ef:62:bd:d1:47:2b:b5:51:d6:5f:36:bf:
32:d3:e5:72:b5:02:a7:e1:fa:9f:ff:78:fa:a6:9a:43:5f:8c:
bd:0a:1e:3e:f3:35:6f:69:23:e2:39:0f:78:73:99:97:bf:56:
d2:47:6c:c6:53:fc:0d:ac:1a:22:fe:fe:be:90:ae:02:c2:68:
d9:56:d3:de:74:24:17:ae:6f:a0:09:ca:8c:7a:e4:08:e2:b8:
c4:ef:f6:8e:a7:82:b4:48:a0:0e:d3:15:a8:f5:ed:b0:62:8d:
7e:a3:d9:a6:69:33:8e:af:6a:cc:f9:a2:4f:01:f0:87:52:14:
cf:b7:14:67:79:5e:57:ff:69:83:e8:ee:bc:59:88:d3:8d:03:
53:73:9b:bd
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICT9MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUw
MDIzNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM0ODg2M0JCQzM1NzlD
MDhBRTJCNTkzN0IzRDcyQTg5MDc1NzkyMjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmzWOjPr6boqSx7PgZiyp+p0XsDJbWgA0TQrwikP1oDzfHCSwh
YblaNPK5TuAYiFh45VhtalwV8yZD8uvqosQI6nLok7iPYHRNnD+uPJpoBPu2ivYe
RWAoECw8tRK4aU1qcLtr80DZ6O3uybTU864iF2RZHVXnIYdbs9Ra89Db6ifJ7r61
D9v95xr1EeTSC3hjxCef2ZQ2nPN3oyKtlxaZNUs1zVDiECxCp9szo4HOCdOhFMHC
7up9gionUB1qSwkevmbEO/MXvQnokvOG6y1aBvrwTRk0ZJeIy+ktg8vIrUUsGvdL
NgebSxkrpNAQdNhCP5WoC0mZr5FhrHAYqSJnAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUNIhju8NXnAiuK1k3s9cqiQdXkicwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05JaGp1OE5YbkFpdUsx
azNzOWNxaVFkWGtpYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAK6XYSd0gU2vgmURbqeQ92iKWWXhil/2
1wdYa+xn51fZ3iKsYt20xds6Q9oea5aOi08/tHzAVrzEUXv6JK6tpsIjiPNimeea
YMUMAP9qIN/f4jS+Lf7pq7caRDyqDOrfFVs4Bum6ltNctH5a6NPsbF2g5u9ivdFH
K7VR1l82vzLT5XK1Aqfh+p//ePqmmkNfjL0KHj7zNW9pI+I5D3hzmZe/VtJHbMZT
/A2sGiL+/r6QrgLCaNlW0950JBeub6AJyox65AjiuMTv9o6ngrRIoA7TFaj17bBi
jX6j2aZpM46vasz5ok8B8IdSFM+3FGd5Xlf/aYPo7rxZiNONA1Nzm70=
-----END CERTIFICATE-----
Generated at Sat May 17 22:54:41 2025 by rpki-client