Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/P0C5xfc_jU4bJGb43gU-NrGisfM.roa
File: P0C5xfc_jU4bJGb43gU-NrGisfM.roa (raw, json)
Hash identifier: S4oZnVELaSPN0AXGDDtTzlTPH3eWaQdUFyFYks0HRu4=
Subject key identifier: 3F:40:B9:C5:F7:3F:8D:4E:1B:24:66:F8:DE:05:3E:36:B1:A2:B1:F3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 57A3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P0C5xfc_jU4bJGb43gU-NrGisfM.roa
Signing time: Wed 15 May 2024 10:24:11 +0000
ROA not before: Wed 15 May 2024 10:24:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22435 (0x57a3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 10:24:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3F40B9C5F73F8D4E1B2466F8DE053E36B1A2B1F3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:cf:c4:f0:3e:a3:3e:ed:23:e7:2f:5b:8e:28:
4f:b0:bf:3a:74:65:23:05:9f:11:06:9d:18:89:19:
d2:e2:57:8e:ce:ff:e2:a9:54:6d:bd:7d:0f:0f:8e:
f1:6a:4e:50:ae:de:2e:bc:5f:de:62:db:2e:2d:ed:
08:f5:13:ec:5b:76:e5:4d:0a:a9:67:27:d6:35:ed:
e3:d6:60:19:eb:85:bd:24:94:95:39:96:6d:39:20:
20:51:5b:a4:4b:1d:fb:fc:e8:cd:dd:b5:ad:51:35:
a3:b9:ee:92:0b:92:c6:7b:20:e9:54:9c:0c:83:96:
1d:05:06:da:7e:16:8e:c6:e3:ac:a4:65:3e:36:16:
3a:73:60:3d:2b:63:2c:59:a4:32:9a:a4:70:ca:4e:
44:5e:6a:a0:0c:5b:a9:b1:48:3f:89:23:b9:1a:e1:
f3:e3:55:06:57:13:d9:5d:88:7b:c8:12:6e:20:fb:
55:93:e7:bc:00:0a:2c:6c:b5:57:dd:6a:a5:91:b6:
b3:b4:72:cb:fb:40:59:71:46:5b:c2:90:dd:5a:91:
dc:26:dc:75:c3:47:7f:80:51:72:f4:73:9f:6f:6a:
30:53:1a:6e:be:6c:a0:7d:36:ac:c2:40:40:8c:96:
f6:f2:ae:9b:2d:6f:b4:a7:f7:39:57:0c:82:8f:a4:
d2:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:40:B9:C5:F7:3F:8D:4E:1B:24:66:F8:DE:05:3E:36:B1:A2:B1:F3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P0C5xfc_jU4bJGb43gU-NrGisfM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
ac:1a:5c:7b:bf:06:91:28:2a:78:b6:47:14:a6:f2:86:09:6e:
78:8a:13:1b:34:be:3f:a2:f0:f6:c8:0a:36:7c:4a:8f:47:f8:
33:bc:0c:4d:22:ea:76:5d:f9:d3:dc:b8:f6:cd:6d:2a:00:d8:
8d:c8:69:23:b2:6f:fc:35:6b:3c:91:dc:12:99:9f:3a:e3:95:
27:83:bd:29:79:5b:c9:d2:d6:62:6a:20:eb:d4:11:5b:80:d2:
24:0b:8e:7d:e2:b2:15:7e:80:bc:85:8c:1f:e6:57:a0:6d:13:
f0:a4:71:4d:02:dd:a7:a5:ad:e9:fe:0f:89:7a:dd:e4:62:e6:
31:e5:d9:3c:dd:5a:00:6d:77:e0:d5:36:f1:be:60:1a:e1:f9:
c3:08:4b:32:2b:c0:9e:6e:59:61:3a:9e:38:83:7d:dd:00:9e:
f4:b8:e6:a6:23:99:e5:48:10:86:8b:30:39:95:c3:ae:66:a1:
a7:ba:21:93:ec:d5:1a:1b:42:bf:1c:11:14:fd:01:11:d6:64:
51:49:1d:d4:8c:80:bd:81:ea:e8:80:0f:12:3c:c1:83:0e:72:
6d:43:71:06:41:c2:7d:c0:f5:3a:09:25:c9:68:29:f9:15:90:
7f:aa:7d:96:50:64:b2:03:99:8e:2f:38:02:80:96:f9:ae:1d:
5c:7a:c6:8e
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICV6MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTUx
MDI0MTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNGNDBCOUM1RjczRjhE
NEUxQjI0NjZGOERFMDUzRTM2QjFBMkIxRjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+z8TwPqM+7SPnL1uOKE+wvzp0ZSMFnxEGnRiJGdLiV47O/+Kp
VG29fQ8PjvFqTlCu3i68X95i2y4t7Qj1E+xbduVNCqlnJ9Y17ePWYBnrhb0klJU5
lm05ICBRW6RLHfv86M3dta1RNaO57pILksZ7IOlUnAyDlh0FBtp+Fo7G46ykZT42
FjpzYD0rYyxZpDKapHDKTkReaqAMW6mxSD+JI7ka4fPjVQZXE9ldiHvIEm4g+1WT
57wACixstVfdaqWRtrO0csv7QFlxRlvCkN1akdwm3HXDR3+AUXL0c59vajBTGm6+
bKB9NqzCQECMlvbyrpstb7Sn9zlXDIKPpNItAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUP0C5xfc/jU4bJGb43gU+NrGisfMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1AwQzV4ZmNfalU0YkpH
YjQzZ1UtTnJHaXNmTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKwaXHu/BpEoKni2RxSm8oYJbniKExs0
vj+i8PbICjZ8So9H+DO8DE0i6nZd+dPcuPbNbSoA2I3IaSOyb/w1azyR3BKZnzrj
lSeDvSl5W8nS1mJqIOvUEVuA0iQLjn3ishV+gLyFjB/mV6BtE/CkcU0C3aelren+
D4l63eRi5jHl2TzdWgBtd+DVNvG+YBrh+cMISzIrwJ5uWWE6njiDfd0AnvS45qYj
meVIEIaLMDmVw65moae6IZPs1RobQr8cERT9ARHWZFFJHdSMgL2B6uiADxI8wYMO
cm1DcQZBwn3A9ToJJcloKfkVkH+qfZZQZLIDmY4vOAKAlvmuHVx6xo4=
-----END CERTIFICATE-----
Generated at Sat May 17 19:56:07 2025 by rpki-client