Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_rWwM49SLTTakdM8qt9xcypHlKQ.roa
File: _rWwM49SLTTakdM8qt9xcypHlKQ.roa (raw, json)
Hash identifier: ODyXqX84KxniUG433UWlgdvY6l9BIX7IqZXqQ90s+cI=
Subject key identifier: FE:B5:B0:33:8F:52:2D:34:DA:91:D3:3C:AA:DF:71:73:2A:47:94:A4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4063
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_rWwM49SLTTakdM8qt9xcypHlKQ.roa
Signing time: Sun 14 Apr 2024 10:22:58 +0000
ROA not before: Sun 14 Apr 2024 10:22:58 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16483 (0x4063)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 10:22:58 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FEB5B0338F522D34DA91D33CAADF71732A4794A4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:f8:ab:a0:05:22:76:52:84:21:43:f9:63:56:
c7:39:6d:c0:11:df:8e:64:9f:5d:5c:ae:89:d4:83:
e9:b9:e2:84:95:45:ff:77:32:33:53:f4:c7:4c:eb:
a2:0c:93:de:57:25:2b:32:91:df:b7:17:ee:a7:e7:
f9:ce:95:28:44:19:3b:98:c1:99:df:b6:99:64:fc:
a7:b2:07:76:68:c2:3c:c8:2f:bd:5a:f6:66:16:5b:
38:38:67:6e:f9:7f:72:48:33:82:49:90:c8:72:ca:
71:d2:f9:9f:aa:df:cd:79:02:e8:2f:55:8b:07:13:
ae:3b:5c:72:69:89:2b:f3:4c:be:48:d2:d0:88:a1:
da:5b:2b:d7:40:76:4f:b1:bc:95:ac:9e:e8:53:97:
5b:df:93:42:e6:d8:7d:99:14:eb:2a:c0:e6:d1:ed:
96:d8:cd:3e:62:b4:bb:84:75:b3:95:df:f7:ec:af:
43:1b:f8:c5:b0:bf:d3:93:a1:63:b8:4c:9f:cd:a3:
59:45:55:85:5d:a7:61:7c:42:11:82:18:87:57:d4:
de:dc:05:b3:6d:cb:33:12:53:40:32:3a:38:fa:e1:
24:63:78:17:1e:4f:08:00:c3:aa:60:5d:29:c8:4f:
4b:92:c0:ce:a3:94:a5:7c:8b:ff:8f:d0:58:34:6f:
10:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:B5:B0:33:8F:52:2D:34:DA:91:D3:3C:AA:DF:71:73:2A:47:94:A4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_rWwM49SLTTakdM8qt9xcypHlKQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
25:f3:d6:04:ba:61:d2:50:38:0d:85:65:7f:91:a3:d1:2b:ee:
60:fd:22:9f:32:9d:f8:12:92:cf:a6:45:8c:86:f1:7c:2d:1a:
30:f7:73:a1:09:79:2e:8b:06:b7:3f:e1:b6:cb:09:b3:02:65:
0b:8c:f1:35:10:4d:45:56:a4:17:13:8a:3c:6f:3c:10:aa:47:
90:c3:80:86:3d:54:e1:6a:87:18:7b:c1:fd:3b:25:0f:57:7e:
b4:a7:05:c7:c9:26:d2:a2:37:1e:3c:62:89:a4:03:8c:9e:be:
99:02:57:21:bd:6e:9e:cf:e0:00:25:da:47:9b:0c:5b:55:85:
a5:65:bd:0e:7b:8d:5e:cf:32:fa:7f:e1:ab:c2:b1:92:fe:8d:
fb:89:0f:d5:cd:de:19:d6:ce:21:ba:06:6b:9f:6c:6b:6a:3f:
76:4c:a8:7b:63:1a:b5:c6:4d:d9:44:08:e2:cc:e1:e0:20:ab:
71:24:50:78:04:82:6b:d5:5b:12:ce:09:21:87:e9:76:5c:04:
dc:fd:46:dc:47:8d:46:7e:07:c8:60:c1:e8:d9:bb:b7:36:04:
c9:e1:50:11:98:00:e8:72:88:f5:fc:df:12:64:19:85:ab:11:
c9:20:9d:07:65:48:77:bb:c5:5e:cf:1d:e0:4e:05:6b:32:80:
9b:8c:6c:37
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICQGMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQx
MDIyNThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZFQjVCMDMzOEY1MjJE
MzREQTkxRDMzQ0FBREY3MTczMkE0Nzk0QTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDO+KugBSJ2UoQhQ/ljVsc5bcAR345kn11cronUg+m54oSVRf93
MjNT9MdM66IMk95XJSsykd+3F+6n5/nOlShEGTuYwZnftplk/KeyB3ZowjzIL71a
9mYWWzg4Z275f3JIM4JJkMhyynHS+Z+q3815AugvVYsHE647XHJpiSvzTL5I0tCI
odpbK9dAdk+xvJWsnuhTl1vfk0Lm2H2ZFOsqwObR7ZbYzT5itLuEdbOV3/fsr0Mb
+MWwv9OToWO4TJ/No1lFVYVdp2F8QhGCGIdX1N7cBbNtyzMSU0AyOjj64SRjeBce
TwgAw6pgXSnIT0uSwM6jlKV8i/+P0Fg0bxDPAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU/rWwM49SLTTakdM8qt9xcypHlKQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19yV3dNNDlTTFRUYWtk
TThxdDl4Y3lwSGxLUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACXz1gS6YdJQOA2FZX+Ro9Er7mD9Ip8y
nfgSks+mRYyG8XwtGjD3c6EJeS6LBrc/4bbLCbMCZQuM8TUQTUVWpBcTijxvPBCq
R5DDgIY9VOFqhxh7wf07JQ9XfrSnBcfJJtKiNx48YomkA4yevpkCVyG9bp7P4AAl
2kebDFtVhaVlvQ57jV7PMvp/4avCsZL+jfuJD9XN3hnWziG6BmufbGtqP3ZMqHtj
GrXGTdlECOLM4eAgq3EkUHgEgmvVWxLOCSGH6XZcBNz9RtxHjUZ+B8hgwejZu7c2
BMnhUBGYAOhyiPX83xJkGYWrEckgnQdlSHe7xV7PHeBOBWsygJuMbDc=
-----END CERTIFICATE-----
Generated at Mon May 19 09:18:22 2025 by rpki-client