Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Oz2r4nyVOtIJqeX_o14xMLJ9_5E.roa
File: Oz2r4nyVOtIJqeX_o14xMLJ9_5E.roa (raw, json)
Hash identifier: RT0BD/ZSVfJb/0/B8y91Tiq/tLWcwBySjMUlMftABPg=
Subject key identifier: 3B:3D:AB:E2:7C:95:3A:D2:09:A9:E5:FF:A3:5E:31:30:B2:7D:FF:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3BBB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Oz2r4nyVOtIJqeX_o14xMLJ9_5E.roa
Signing time: Mon 08 Apr 2024 05:22:35 +0000
ROA not before: Mon 08 Apr 2024 05:22:35 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15291 (0x3bbb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 05:22:35 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3B3DABE27C953AD209A9E5FFA35E3130B27DFF91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:cd:fd:fe:39:68:08:e1:f5:0f:c3:4e:82:bc:
63:e4:8d:c1:2e:bc:9d:4e:17:e4:b4:3e:c5:a4:00:
11:32:d9:27:f1:67:1a:8e:01:99:16:65:83:aa:6b:
a4:79:7c:03:0e:e2:c5:5d:81:2f:09:6f:d3:fa:d6:
b7:42:4a:32:11:79:59:40:1b:eb:5e:a8:be:31:60:
d1:93:53:56:95:4c:f1:f3:f5:32:d2:56:a5:07:50:
7e:af:66:1a:14:22:94:c9:28:ae:85:5b:9c:49:c8:
5c:28:87:c0:8e:1f:74:91:2f:60:33:21:eb:b4:8a:
19:be:55:b6:c0:2b:9b:f8:89:55:18:80:f5:a9:50:
3f:fe:c4:5f:e3:79:44:44:d5:b4:b6:04:90:84:01:
e7:9a:f0:b5:31:e0:5e:b8:24:87:69:b1:c5:f1:97:
9f:59:fe:aa:ad:0a:71:c5:7d:b8:a7:c1:bf:d3:a1:
f9:66:a3:11:6b:5f:84:1a:8a:68:ee:9b:4d:dc:35:
aa:3d:05:9b:cb:35:d5:68:0f:db:84:eb:d4:64:2c:
45:a6:2d:d3:fb:9a:41:52:89:12:7d:4d:60:3e:4a:
49:81:b4:35:24:a7:3e:61:08:d9:e8:35:22:e7:53:
05:91:8d:fb:d3:c7:e5:56:08:3e:b9:0c:c3:25:5b:
fb:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:3D:AB:E2:7C:95:3A:D2:09:A9:E5:FF:A3:5E:31:30:B2:7D:FF:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Oz2r4nyVOtIJqeX_o14xMLJ9_5E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
b2:68:d4:29:63:fe:55:f8:6f:5b:69:b6:c5:7c:3d:86:a4:10:
4b:e4:58:b3:44:d0:c3:b7:ab:4b:bf:2a:46:76:75:96:a3:cf:
a7:0d:ab:41:a5:b1:77:bc:05:2f:c2:8a:2e:fd:06:f3:79:68:
20:16:7a:e6:e6:bb:f9:fc:59:9a:58:a5:7e:de:b0:99:ef:6d:
b7:5a:25:11:75:1b:01:16:87:40:7f:db:28:bb:3e:63:62:b1:
4c:84:33:53:e1:9e:c0:df:83:45:75:22:00:50:22:53:7f:07:
9d:13:1b:e0:85:da:08:aa:f4:fa:8a:b9:ee:93:a6:d3:dd:23:
f0:12:08:36:69:cc:36:ee:8e:d7:f7:80:90:ae:82:1e:63:95:
0f:a1:a8:1c:85:8f:86:f8:35:c0:b7:c3:6e:3d:c1:20:f9:a4:
af:64:49:bc:95:29:f3:bb:8f:c9:e3:a8:80:d0:0e:6b:42:3e:
4c:74:7a:44:b9:bf:b7:2e:1f:76:7d:41:62:03:6a:eb:60:be:
96:ba:fc:91:84:1c:2b:98:1b:a8:98:11:99:5a:f9:5f:09:b7:
80:21:dc:18:b7:e1:5d:68:ec:a9:81:15:67:01:fd:2a:f0:d6:
ff:4d:07:7a:57:95:1f:c5:ba:d0:30:d2:5b:97:7f:e2:6e:4d:
e5:ff:37:9f
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICO7swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgw
NTIyMzVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNCM0RBQkUyN0M5NTNB
RDIwOUE5RTVGRkEzNUUzMTMwQjI3REZGOTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSzf3+OWgI4fUPw06CvGPkjcEuvJ1OF+S0PsWkABEy2SfxZxqO
AZkWZYOqa6R5fAMO4sVdgS8Jb9P61rdCSjIReVlAG+teqL4xYNGTU1aVTPHz9TLS
VqUHUH6vZhoUIpTJKK6FW5xJyFwoh8COH3SRL2AzIeu0ihm+VbbAK5v4iVUYgPWp
UD/+xF/jeURE1bS2BJCEAeea8LUx4F64JIdpscXxl59Z/qqtCnHFfbinwb/Toflm
oxFrX4Qaimjum03cNao9BZvLNdVoD9uE69RkLEWmLdP7mkFSiRJ9TWA+SkmBtDUk
pz5hCNnoNSLnUwWRjfvTx+VWCD65DMMlW/vFAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUOz2r4nyVOtIJqeX/o14xMLJ9/5EwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L096MnI0bnlWT3RJSnFl
WF9vMTR4TUxKOV81RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALJo1Clj/lX4b1tptsV8PYakEEvkWLNE
0MO3q0u/KkZ2dZajz6cNq0GlsXe8BS/Cii79BvN5aCAWeubmu/n8WZpYpX7esJnv
bbdaJRF1GwEWh0B/2yi7PmNisUyEM1PhnsDfg0V1IgBQIlN/B50TG+CF2giq9PqK
ue6TptPdI/ASCDZpzDbujtf3gJCugh5jlQ+hqByFj4b4NcC3w249wSD5pK9kSbyV
KfO7j8njqIDQDmtCPkx0ekS5v7cuH3Z9QWIDautgvpa6/JGEHCuYG6iYEZla+V8J
t4Ah3Bi34V1o7KmBFWcB/Srw1v9NB3pXlR/FutAw0luXf+JuTeX/N58=
-----END CERTIFICATE-----
Generated at Sat May 17 19:46:50 2025 by rpki-client