Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/O5z2AKKU8Ksaxmds7QUZx4_FyEc.roa
File: O5z2AKKU8Ksaxmds7QUZx4_FyEc.roa (raw, json)
Hash identifier: YovFwuetgjlVy6dAOKTeU/0lIfIRcx6QMCkQFtzvl0U=
Subject key identifier: 3B:9C:F6:00:A2:94:F0:AB:1A:C6:67:6C:ED:05:19:C7:8F:C5:C8:47
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4107
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/O5z2AKKU8Ksaxmds7QUZx4_FyEc.roa
Signing time: Mon 15 Apr 2024 06:54:30 +0000
ROA not before: Mon 15 Apr 2024 06:54:30 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16647 (0x4107)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 06:54:30 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3B9CF600A294F0AB1AC6676CED0519C78FC5C847
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:62:0c:31:1b:fb:6f:07:c5:d6:0d:76:bc:33:
e1:ef:62:f1:8f:dc:6e:3c:27:9a:a1:f9:c0:0e:8d:
b7:6b:3a:31:f9:38:3d:88:8d:e7:59:67:36:6b:36:
ff:89:77:8f:51:9a:d5:79:4a:cb:2f:57:bb:a8:27:
7a:77:bd:9b:6c:33:15:f9:6d:e9:c0:a3:03:05:0e:
81:a8:78:5b:a9:09:a2:28:54:f9:98:0d:02:13:73:
51:76:2f:42:25:ab:84:48:8c:09:19:f3:eb:ca:ba:
42:57:6e:25:59:0d:25:8c:92:2c:a4:b6:c4:75:74:
43:f8:a6:a6:12:b7:fa:24:cf:cf:b9:9b:6b:75:3b:
a4:37:50:08:ef:24:2d:a9:b9:79:10:e8:4a:c6:e4:
a8:22:8f:cd:90:d1:55:3c:eb:83:68:3e:00:74:96:
be:2d:e1:dd:3a:67:08:98:9a:90:82:4a:8b:ba:40:
b3:ab:73:ed:2b:76:ca:68:4c:be:fa:fa:f3:42:54:
76:91:6c:66:02:fa:5a:14:2a:4c:7b:87:d7:54:f0:
66:cc:84:5a:ab:b9:b4:99:ef:e7:1a:67:ea:27:af:
ca:f9:7d:54:87:c3:aa:0e:45:99:11:86:a0:25:35:
a3:0f:9f:71:da:d1:6e:03:93:0b:cd:d4:94:b2:58:
7b:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:9C:F6:00:A2:94:F0:AB:1A:C6:67:6C:ED:05:19:C7:8F:C5:C8:47
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/O5z2AKKU8Ksaxmds7QUZx4_FyEc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
5f:98:73:44:f3:5b:87:dc:d8:60:f9:48:84:95:2e:6f:f7:cb:
03:e6:fd:fe:81:7b:7e:fd:6f:8f:f6:ad:08:2b:bf:f4:cf:9a:
df:b0:66:e3:54:c9:20:98:80:e7:62:de:c5:2f:57:80:e0:ce:
09:dd:7e:cc:a7:a1:0c:43:7d:fb:4c:ab:ed:26:b8:ba:a5:46:
41:d8:31:9d:73:a8:e5:8e:68:ea:a4:a0:de:50:a8:ba:39:9d:
85:5c:a8:0d:b0:49:23:97:37:47:10:cf:d5:64:24:4c:ea:7d:
2e:4e:95:19:69:e4:bf:bf:b0:2d:88:a1:cd:2c:fb:52:6e:c4:
55:2b:39:77:16:70:03:21:97:52:e2:b9:af:81:15:1e:c5:5a:
a5:07:c4:11:f9:26:d2:2f:24:18:d8:3e:7c:a7:e9:58:49:ae:
e7:5f:0d:36:bf:b1:d6:4e:2a:4e:8d:d0:cc:b8:7f:6b:ac:51:
ff:64:a1:93:da:09:b0:e1:e5:3c:83:a9:6a:f9:dd:52:2d:85:
84:14:41:b4:3c:bb:ab:3c:f4:de:5c:cc:41:2c:3d:b3:eb:5b:
9a:f2:5b:6b:42:f9:e8:9d:69:f7:be:7f:ff:81:e6:24:e0:8f:
92:23:c7:a3:c2:b8:c8:1f:46:f5:83:a6:e5:ae:2c:e3:f6:6d:
04:d6:a0:91
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQQcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUw
NjU0MzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNCOUNGNjAwQTI5NEYw
QUIxQUM2Njc2Q0VEMDUxOUM3OEZDNUM4NDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLYgwxG/tvB8XWDXa8M+HvYvGP3G48J5qh+cAOjbdrOjH5OD2I
jedZZzZrNv+Jd49RmtV5SssvV7uoJ3p3vZtsMxX5benAowMFDoGoeFupCaIoVPmY
DQITc1F2L0Ilq4RIjAkZ8+vKukJXbiVZDSWMkiyktsR1dEP4pqYSt/okz8+5m2t1
O6Q3UAjvJC2puXkQ6ErG5Kgij82Q0VU864NoPgB0lr4t4d06ZwiYmpCCSou6QLOr
c+0rdspoTL76+vNCVHaRbGYC+loUKkx7h9dU8GbMhFqrubSZ7+caZ+onr8r5fVSH
w6oORZkRhqAlNaMPn3Ha0W4DkwvN1JSyWHtRAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUO5z2AKKU8Ksaxmds7QUZx4/FyEcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L081ejJBS0tVOEtzYXht
ZHM3UVVaeDRfRnlFYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAF+Yc0TzW4fc2GD5SISVLm/3ywPm/f6B
e379b4/2rQgrv/TPmt+wZuNUySCYgOdi3sUvV4DgzgndfsynoQxDfftMq+0muLql
RkHYMZ1zqOWOaOqkoN5QqLo5nYVcqA2wSSOXN0cQz9VkJEzqfS5OlRlp5L+/sC2I
oc0s+1JuxFUrOXcWcAMhl1Liua+BFR7FWqUHxBH5JtIvJBjYPnyn6VhJrudfDTa/
sdZOKk6N0My4f2usUf9koZPaCbDh5TyDqWr53VIthYQUQbQ8u6s89N5czEEsPbPr
W5ryW2tC+eidafe+f/+B5iTgj5Ijx6PCuMgfRvWDpuWuLOP2bQTWoJE=
-----END CERTIFICATE-----
Generated at Sun May 18 23:59:07 2025 by rpki-client