Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dMjWkTV4UNTFkUeFF51O3vHK5P0.roa
File: dMjWkTV4UNTFkUeFF51O3vHK5P0.roa (raw, json)
Hash identifier: jKAS7SlDc+YRfZk2SR3Z1jD5eKgGgK3XadCVySDAS0Y=
Subject key identifier: 74:C8:D6:91:35:78:50:D4:C5:91:47:85:17:9D:4E:DE:F1:CA:E4:FD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3DAB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dMjWkTV4UNTFkUeFF51O3vHK5P0.roa
Signing time: Wed 10 Apr 2024 19:22:43 +0000
ROA not before: Wed 10 Apr 2024 19:22:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15787 (0x3dab)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 19:22:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=74C8D691357850D4C5914785179D4EDEF1CAE4FD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:39:82:3c:fe:a0:1c:4f:15:f0:98:d6:90:84:
d1:a0:e7:17:dc:b1:5f:af:e4:f9:ff:b5:30:be:1d:
ce:8a:87:f7:e4:39:56:d3:ac:9f:9f:30:26:d3:db:
8e:48:d2:dd:76:c9:86:bc:c8:12:3d:68:10:bc:01:
c0:0d:0d:32:00:d9:06:61:fe:00:18:91:41:89:07:
5c:92:0e:85:10:0c:cb:b5:8f:5c:10:17:25:bd:e9:
d0:80:73:ec:02:a0:4f:1c:3e:fc:a3:3c:55:32:a6:
f0:04:a6:fc:30:a0:ac:3c:e2:61:a6:da:61:d5:95:
94:e9:eb:d7:1d:0d:0b:97:3c:9b:02:3b:15:31:1d:
77:0a:51:66:d2:e9:ea:80:43:39:8e:ef:2d:31:77:
73:86:7d:3a:d9:42:14:fc:f2:19:ba:33:2a:8d:4d:
36:d3:a7:c4:b5:b6:70:84:dc:3a:f0:3a:1c:1a:dc:
3f:a7:62:a7:63:a4:1c:85:3b:00:d3:94:13:65:f0:
61:49:dd:8c:16:ac:71:16:2e:d5:ae:47:09:17:e8:
95:b0:4a:0a:e4:d8:5c:60:5e:44:ee:c6:8a:c0:34:
dd:f5:0e:c9:f5:88:83:31:71:d4:92:1c:9f:83:3e:
23:ff:85:d2:d3:a9:6d:ec:ce:e7:f4:70:94:93:bd:
ca:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:C8:D6:91:35:78:50:D4:C5:91:47:85:17:9D:4E:DE:F1:CA:E4:FD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dMjWkTV4UNTFkUeFF51O3vHK5P0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
1a:84:5e:81:61:7a:79:79:e4:74:d3:41:36:fa:37:90:13:af:
4f:04:b5:91:73:de:a2:3d:64:0c:cd:8b:93:5c:69:7e:f1:72:
40:8a:8e:e5:c1:d5:b6:32:03:f6:61:8d:ab:f7:e4:e5:10:c9:
8f:41:35:f0:23:93:99:13:21:b3:cb:3e:4d:1e:75:66:61:53:
2a:e2:2d:27:9f:c5:c1:02:c9:10:05:2e:0c:73:9c:dc:26:16:
34:5b:db:3a:cc:45:81:ab:96:9e:22:29:68:1e:03:d2:53:b6:
c1:4a:a9:f5:62:4f:36:e9:00:eb:23:0e:cb:3a:1a:a3:f8:cc:
15:bb:ce:b4:5e:de:de:7a:e0:ba:bb:3d:16:50:e9:5b:ca:dc:
c8:a5:d8:f3:ee:cf:72:ae:94:76:b5:a4:18:85:2e:df:3c:33:
26:79:19:e0:ed:1e:ae:7e:79:3b:66:41:aa:07:7c:91:12:65:
6d:e9:11:ca:31:fc:f5:01:c6:1f:d9:07:4a:e5:a7:94:9c:db:
d9:b8:54:27:6f:ad:db:06:ad:03:2a:57:4a:53:76:5b:38:42:
86:fb:13:7e:e2:75:d6:7e:c9:c2:5f:e3:65:66:01:69:78:78:
a0:f6:ec:32:70:9d:4c:75:ab:e3:4b:48:b2:ff:6f:fe:ed:c2:
fd:51:d2:e3
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPaswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAx
OTIyNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc0QzhENjkxMzU3ODUw
RDRDNTkxNDc4NTE3OUQ0RURFRjFDQUU0RkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEOYI8/qAcTxXwmNaQhNGg5xfcsV+v5Pn/tTC+Hc6Kh/fkOVbT
rJ+fMCbT245I0t12yYa8yBI9aBC8AcANDTIA2QZh/gAYkUGJB1ySDoUQDMu1j1wQ
FyW96dCAc+wCoE8cPvyjPFUypvAEpvwwoKw84mGm2mHVlZTp69cdDQuXPJsCOxUx
HXcKUWbS6eqAQzmO7y0xd3OGfTrZQhT88hm6MyqNTTbTp8S1tnCE3DrwOhwa3D+n
YqdjpByFOwDTlBNl8GFJ3YwWrHEWLtWuRwkX6JWwSgrk2FxgXkTuxorANN31Dsn1
iIMxcdSSHJ+DPiP/hdLTqW3szuf0cJSTvcq7AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUdMjWkTV4UNTFkUeFF51O3vHK5P0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RNaldrVFY0VU5URmtV
ZUZGNTFPM3ZISzVQMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABqEXoFhenl55HTTQTb6N5ATr08EtZFz
3qI9ZAzNi5NcaX7xckCKjuXB1bYyA/Zhjav35OUQyY9BNfAjk5kTIbPLPk0edWZh
UyriLSefxcECyRAFLgxznNwmFjRb2zrMRYGrlp4iKWgeA9JTtsFKqfViTzbpAOsj
Dss6GqP4zBW7zrRe3t564Lq7PRZQ6VvK3Mil2PPuz3KulHa1pBiFLt88MyZ5GeDt
Hq5+eTtmQaoHfJESZW3pEcox/PUBxh/ZB0rlp5Sc29m4VCdvrdsGrQMqV0pTdls4
Qob7E37iddZ+ycJf42VmAWl4eKD27DJwnUx1q+NLSLL/b/7twv1R0uM=
-----END CERTIFICATE-----
Generated at Sat May 17 21:30:26 2025 by rpki-client