Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NdLnIvOj6x8jYxZGJWIUajhirh8.roa
File: NdLnIvOj6x8jYxZGJWIUajhirh8.roa (raw, json)
Hash identifier: Wj1ofu9mBez/VC0WISorFKxJFr25CHIhdXArkUDXua0=
Subject key identifier: 35:D2:E7:22:F3:A3:EB:1F:23:63:16:46:25:62:14:6A:38:62:AE:1F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4FE3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NdLnIvOj6x8jYxZGJWIUajhirh8.roa
Signing time: Sun 05 May 2024 02:23:49 +0000
ROA not before: Sun 05 May 2024 02:23:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20451 (0x4fe3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 02:23:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=35D2E722F3A3EB1F236316462562146A3862AE1F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:b5:8b:a5:9d:64:cf:eb:2e:27:dc:84:e0:c7:
69:e5:e9:c5:f6:44:04:1f:b6:57:e0:80:cc:2d:fa:
93:c2:dc:a6:53:af:83:0f:25:b4:a6:7f:27:08:ba:
61:82:af:8f:5d:94:d6:19:0c:c6:d9:2b:5a:38:b3:
36:9c:13:68:e7:da:5f:85:a5:60:28:44:66:2b:2f:
18:12:ff:be:42:ca:48:3a:4f:09:19:0d:66:c1:c7:
1d:d7:d4:8a:f3:7e:f6:41:7c:71:a7:f1:94:6d:d2:
24:fe:9c:5c:99:50:f6:15:cd:a0:af:ac:e7:cb:4e:
ce:d5:fc:09:a1:f3:a6:81:be:1a:56:1d:af:3f:82:
90:71:bc:0b:bb:28:03:25:e9:08:65:29:db:09:cc:
5d:40:3b:2d:c4:24:90:04:69:ce:28:bf:a7:6f:31:
c7:28:5f:57:41:5b:31:db:3f:e8:5a:7b:8d:5a:1b:
01:56:06:58:78:67:02:08:d0:6f:ce:be:3a:1f:71:
f8:2f:8a:f4:68:ae:77:df:1e:e4:df:dd:24:0c:64:
31:be:0a:27:fd:bf:25:3d:18:61:67:81:7a:30:ca:
b1:5c:39:6e:f8:8e:17:62:5d:e0:0c:01:1d:e9:4c:
c0:f3:1c:77:97:47:2e:b6:b8:85:f2:7f:b0:1b:77:
7c:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:D2:E7:22:F3:A3:EB:1F:23:63:16:46:25:62:14:6A:38:62:AE:1F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NdLnIvOj6x8jYxZGJWIUajhirh8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
5f:7b:c7:54:b9:a9:73:58:04:93:7c:9b:7d:97:18:7c:f0:aa:
0b:b1:dc:f2:7d:ea:7e:13:b0:09:16:e5:32:3f:1f:90:73:c8:
85:81:b7:4c:a5:08:ec:29:fc:f0:5d:99:34:5a:4c:d1:9b:cc:
13:0f:06:4f:31:84:43:19:5e:65:30:0e:cd:84:36:89:fc:18:
7d:ab:7d:1d:e8:80:aa:30:6b:06:d0:9a:f5:8d:ec:c1:e5:22:
76:f7:a8:33:bf:1b:dc:82:8c:8f:ce:18:b4:d7:40:da:1b:b0:
20:05:f5:64:8d:9d:71:0b:47:2f:cd:0c:7a:f1:d6:48:0c:f1:
58:6b:be:1e:21:24:d4:52:7e:da:20:f2:8b:5e:9c:03:0b:03:
44:b9:9d:2d:e6:fb:8b:fb:5c:fd:d3:5c:38:2e:7a:42:5f:0a:
40:55:7c:75:dd:76:86:53:69:26:2e:aa:c6:2a:5c:cf:88:38:
db:6e:be:29:48:9a:b2:a5:90:9f:7b:4a:78:6f:1d:db:75:87:
24:95:a9:ea:5d:5a:c7:52:6a:01:25:0d:aa:61:4a:e3:21:7d:
c0:91:ae:08:50:ad:3b:2b:56:78:28:5d:79:ba:95:c7:e5:e7:
50:0c:5e:03:7b:37:6e:74:b3:ce:cf:69:f4:35:65:57:c0:9a:
f8:e4:fd:37
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICT+MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUw
MjIzNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM1RDJFNzIyRjNBM0VC
MUYyMzYzMTY0NjI1NjIxNDZBMzg2MkFFMUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTtYulnWTP6y4n3ITgx2nl6cX2RAQftlfggMwt+pPC3KZTr4MP
JbSmfycIumGCr49dlNYZDMbZK1o4szacE2jn2l+FpWAoRGYrLxgS/75Cykg6TwkZ
DWbBxx3X1IrzfvZBfHGn8ZRt0iT+nFyZUPYVzaCvrOfLTs7V/Amh86aBvhpWHa8/
gpBxvAu7KAMl6QhlKdsJzF1AOy3EJJAEac4ov6dvMccoX1dBWzHbP+hae41aGwFW
Blh4ZwII0G/OvjofcfgvivRornffHuTf3SQMZDG+Cif9vyU9GGFngXowyrFcOW74
jhdiXeAMAR3pTMDzHHeXRy62uIXyf7Abd3wBAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUNdLnIvOj6x8jYxZGJWIUajhirh8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05kTG5Jdk9qNng4all4
WkdKV0lVYWpoaXJoOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAF97x1S5qXNYBJN8m32XGHzwqgux3PJ9
6n4TsAkW5TI/H5BzyIWBt0ylCOwp/PBdmTRaTNGbzBMPBk8xhEMZXmUwDs2ENon8
GH2rfR3ogKowawbQmvWN7MHlInb3qDO/G9yCjI/OGLTXQNobsCAF9WSNnXELRy/N
DHrx1kgM8Vhrvh4hJNRSftog8otenAMLA0S5nS3m+4v7XP3TXDguekJfCkBVfHXd
doZTaSYuqsYqXM+IONtuvilImrKlkJ97SnhvHdt1hySVqepdWsdSagElDaphSuMh
fcCRrghQrTsrVngoXXm6lcfl51AMXgN7N250s87PafQ1ZVfAmvjk/Tc=
-----END CERTIFICATE-----
Generated at Sat May 17 21:28:07 2025 by rpki-client