Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/S1lVgH9iwyENDFQPLUWML6d20z8.roa
File: S1lVgH9iwyENDFQPLUWML6d20z8.roa (raw, json)
Hash identifier: xYlPXNd4XWrohuZ7/vKxVqbxy0LBA2rYWonZUfI3WVE=
Subject key identifier: 4B:59:55:80:7F:62:C3:21:0D:0C:54:0F:2D:45:8C:2F:A7:76:D3:3F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3FCF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S1lVgH9iwyENDFQPLUWML6d20z8.roa
Signing time: Sat 13 Apr 2024 15:52:49 +0000
ROA not before: Sat 13 Apr 2024 15:52:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16335 (0x3fcf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 15:52:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4B5955807F62C3210D0C540F2D458C2FA776D33F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:20:fa:bc:4b:cd:79:ba:27:e6:00:bf:94:e6:
d0:c4:5e:77:7a:c5:7e:aa:8f:95:5a:d5:a5:02:3c:
59:84:3c:15:4d:48:a9:c1:c7:de:47:64:94:e5:1a:
6b:2c:11:28:e5:be:92:9f:6f:87:66:25:10:7c:a6:
cb:ba:a5:d8:cc:db:9c:8b:67:d9:19:12:19:d1:0b:
b7:71:45:e4:4e:1e:ea:59:04:35:95:1d:ca:9d:52:
23:04:46:46:d7:d4:54:cd:9e:6f:a9:9a:4a:2f:ca:
03:00:b9:c5:00:8b:88:1d:59:c1:85:ab:1d:d7:49:
80:41:69:ca:1e:dd:de:89:0d:41:13:83:db:c1:02:
56:f8:21:c4:1b:90:d5:cf:16:91:5b:51:41:61:ac:
0c:86:44:81:9f:fd:4f:a3:17:a7:be:92:28:7f:73:
95:4e:39:8c:4c:b7:00:65:7c:45:25:46:c9:77:a1:
ef:eb:28:3a:86:a2:38:55:3f:50:3f:88:e6:84:c3:
fc:b9:30:f7:99:25:f0:54:1f:30:b7:2f:af:81:bc:
e1:8a:21:a2:80:40:90:fe:57:29:e8:57:20:cf:d5:
cc:01:65:68:1a:93:ce:4e:78:c1:d9:d0:af:5a:73:
1f:f3:a6:44:91:f5:bd:a7:97:22:74:a4:7c:c6:3f:
ed:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:59:55:80:7F:62:C3:21:0D:0C:54:0F:2D:45:8C:2F:A7:76:D3:3F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S1lVgH9iwyENDFQPLUWML6d20z8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
b5:c0:f4:c6:5e:ca:ea:af:9d:c3:4a:e5:6c:ae:13:6c:9b:4d:
ba:bd:57:e4:57:8f:73:58:1e:25:43:d1:fd:b4:f8:b3:3f:4b:
79:7d:03:3f:dd:14:58:58:6a:46:41:8e:fd:cc:4b:c0:db:4f:
bf:38:c7:bb:e8:09:5a:2f:2e:3e:4b:20:2c:3b:d1:01:3b:c5:
b0:bf:f0:8a:f1:51:11:cb:57:db:d1:a9:94:1c:bc:ce:7c:3e:
bf:b7:01:a3:0e:05:c0:63:be:04:96:7e:fa:8c:d5:78:54:8d:
f7:1c:3e:f4:05:4c:6e:c1:f6:d9:86:c8:c2:4d:1c:9a:e4:b1:
be:6e:50:52:c9:ca:7e:11:25:16:63:78:f8:72:ae:77:f3:fd:
58:70:1b:ee:70:7b:00:62:aa:c9:cc:de:fa:8c:ab:ad:27:e0:
81:6b:f9:a1:d5:35:18:b6:62:c7:94:b2:29:01:0c:1c:85:99:
1a:24:a5:ee:f7:66:5f:38:47:01:9e:e3:cb:ae:55:8f:c2:8f:
6f:f8:a4:72:05:e6:cd:4b:c5:67:c6:1d:05:f7:33:7f:d1:dc:
f6:f2:b7:b3:6b:28:85:fd:31:23:72:2c:ac:2a:99:9d:12:8c:
c5:8f:99:13:7a:2e:74:e4:b1:79:e5:47:f1:de:25:50:9c:6d:
1a:e4:c6:c3
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICP88wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMx
NTUyNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRCNTk1NTgwN0Y2MkMz
MjEwRDBDNTQwRjJENDU4QzJGQTc3NkQzM0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCiIPq8S815uifmAL+U5tDEXnd6xX6qj5Va1aUCPFmEPBVNSKnB
x95HZJTlGmssESjlvpKfb4dmJRB8psu6pdjM25yLZ9kZEhnRC7dxReROHupZBDWV
HcqdUiMERkbX1FTNnm+pmkovygMAucUAi4gdWcGFqx3XSYBBacoe3d6JDUETg9vB
Alb4IcQbkNXPFpFbUUFhrAyGRIGf/U+jF6e+kih/c5VOOYxMtwBlfEUlRsl3oe/r
KDqGojhVP1A/iOaEw/y5MPeZJfBUHzC3L6+BvOGKIaKAQJD+VynoVyDP1cwBZWga
k85OeMHZ0K9acx/zpkSR9b2nlyJ0pHzGP+3JAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUS1lVgH9iwyENDFQPLUWML6d20z8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1MxbFZnSDlpd3lFTkRG
UVBMVVdNTDZkMjB6OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBALXA9MZeyuqvncNK5WyuE2ybTbq9V+RX
j3NYHiVD0f20+LM/S3l9Az/dFFhYakZBjv3MS8DbT784x7voCVovLj5LICw70QE7
xbC/8IrxURHLV9vRqZQcvM58Pr+3AaMOBcBjvgSWfvqM1XhUjfccPvQFTG7B9tmG
yMJNHJrksb5uUFLJyn4RJRZjePhyrnfz/VhwG+5wewBiqsnM3vqMq60n4IFr+aHV
NRi2YseUsikBDByFmRokpe73Zl84RwGe48uuVY/Cj2/4pHIF5s1LxWfGHQX3M3/R
3Pbyt7NrKIX9MSNyLKwqmZ0SjMWPmRN6LnTksXnlR/HeJVCcbRrkxsM=
-----END CERTIFICATE-----
Generated at Sat May 17 19:52:20 2025 by rpki-client