Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RDdriJZQkm94HbQjVBN1PXi6rWk.roa
File: RDdriJZQkm94HbQjVBN1PXi6rWk.roa (raw, json)
Hash identifier: /XLlvwFjcbz1Aaq3L9Hcu1Spi8eL4W9ZYHkLhMPcmMg=
Subject key identifier: 44:37:6B:88:96:50:92:6F:78:1D:B4:23:54:13:75:3D:78:BA:AD:69
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34BF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RDdriJZQkm94HbQjVBN1PXi6rWk.roa
Signing time: Fri 29 Mar 2024 21:52:06 +0000
ROA not before: Fri 29 Mar 2024 21:52:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13503 (0x34bf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 21:52:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=44376B889650926F781DB4235413753D78BAAD69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:16:9a:bf:dd:50:b3:bd:ac:50:38:65:27:0d:
17:ec:1a:39:6d:a2:e5:d0:8b:22:04:bb:dc:45:65:
e5:f2:7d:7e:68:10:78:cb:63:05:65:8c:4a:35:4d:
7e:10:af:b5:cb:ef:47:31:b5:b9:a0:00:91:b3:c5:
a9:28:ad:ed:e5:bb:d4:44:c7:fd:d9:4f:b2:48:d0:
5d:d8:05:6c:d3:ed:e3:88:6d:4f:80:f9:27:4b:d4:
57:3c:40:ab:36:73:c4:db:1d:9d:ff:8a:d8:80:4f:
77:d0:e1:20:70:1d:fa:6b:6d:ba:45:94:f9:00:64:
7e:bd:84:2d:43:00:d1:1f:24:e1:55:ce:8c:d8:fd:
59:b2:82:5c:b6:66:c4:de:ee:77:50:25:73:15:9c:
36:fa:85:55:5a:74:79:be:28:29:46:ea:a0:17:b4:
65:ee:5f:a6:dd:39:13:39:ce:e0:24:a8:e7:55:56:
ff:37:e6:fe:c7:92:f4:8a:bc:aa:a4:94:85:82:fd:
39:73:e5:60:06:8f:43:64:f4:47:48:8b:e8:a6:5f:
61:86:58:6b:58:af:4c:48:d2:fc:00:29:d3:df:46:
a8:f0:83:00:80:23:6c:ac:c1:05:b7:95:ac:3b:b6:
a0:17:f2:0b:a7:4c:ff:25:3e:3b:46:56:a9:90:5d:
e5:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:37:6B:88:96:50:92:6F:78:1D:B4:23:54:13:75:3D:78:BA:AD:69
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RDdriJZQkm94HbQjVBN1PXi6rWk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
13:24:9a:e1:f7:1c:06:c5:cf:0e:84:06:d8:6f:ea:bb:c8:e7:
4a:27:99:28:f6:15:0b:ed:3a:ff:12:98:03:6e:a7:ad:07:d1:
5c:95:db:d3:d3:ab:f7:c6:74:30:de:5f:0b:d2:02:95:35:82:
1c:ff:f2:74:ab:6f:e7:15:bf:68:9b:dd:d4:01:6f:9b:2a:ee:
1d:8f:47:b4:27:83:f8:36:01:a6:12:c9:73:73:27:c5:17:1e:
88:b7:e8:04:7d:2d:5a:9d:89:99:37:35:f2:cd:3a:9a:5d:fb:
35:3f:92:5f:c7:ec:23:c7:03:a3:fd:67:1e:e6:8d:b3:cc:a7:
e8:4b:1d:39:dd:25:41:d7:2a:3b:de:38:f2:7d:cd:a8:ec:0e:
c9:54:a1:4b:d2:9d:e6:d6:9a:c6:aa:a3:01:63:50:48:80:64:
54:ad:d4:48:1b:9a:9b:13:8b:10:71:13:7d:d6:01:be:fc:6f:
73:89:f7:4f:e8:03:46:33:1c:52:49:7a:b3:d5:bd:01:cd:83:
3c:4f:bf:0c:d5:60:7b:e2:38:7f:b8:b8:f6:a9:3a:86:5d:6a:
86:50:36:d8:f4:54:2e:93:62:9a:92:ff:e5:1c:b4:bb:d9:9b:
79:cc:8f:53:a9:c1:60:fe:d0:75:45:07:9a:83:ef:b2:8f:58:
26:c3:2d:73
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNL8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjky
MTUyMDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ0Mzc2Qjg4OTY1MDky
NkY3ODFEQjQyMzU0MTM3NTNENzhCQUFENjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDgFpq/3VCzvaxQOGUnDRfsGjltouXQiyIEu9xFZeXyfX5oEHjL
YwVljEo1TX4Qr7XL70cxtbmgAJGzxakore3lu9REx/3ZT7JI0F3YBWzT7eOIbU+A
+SdL1Fc8QKs2c8TbHZ3/itiAT3fQ4SBwHfprbbpFlPkAZH69hC1DANEfJOFVzozY
/Vmygly2ZsTe7ndQJXMVnDb6hVVadHm+KClG6qAXtGXuX6bdORM5zuAkqOdVVv83
5v7HkvSKvKqklIWC/Tlz5WAGj0Nk9EdIi+imX2GGWGtYr0xI0vwAKdPfRqjwgwCA
I2yswQW3law7tqAX8gunTP8lPjtGVqmQXeWNAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQURDdriJZQkm94HbQjVBN1PXi6rWkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JEZHJpSlpRa205NEhi
UWpWQk4xUFhpNnJXay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABMkmuH3HAbFzw6EBthv6rvI50onmSj2
FQvtOv8SmANup60H0VyV29PTq/fGdDDeXwvSApU1ghz/8nSrb+cVv2ib3dQBb5sq
7h2PR7Qng/g2AaYSyXNzJ8UXHoi36AR9LVqdiZk3NfLNOppd+zU/kl/H7CPHA6P9
Zx7mjbPMp+hLHTndJUHXKjveOPJ9zajsDslUoUvSnebWmsaqowFjUEiAZFSt1Egb
mpsTixBxE33WAb78b3OJ90/oA0YzHFJJerPVvQHNgzxPvwzVYHviOH+4uPapOoZd
aoZQNtj0VC6TYpqS/+UctLvZm3nMj1OpwWD+0HVFB5qD77KPWCbDLXM=
-----END CERTIFICATE-----
Generated at Sun May 18 06:52:15 2025 by rpki-client