Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/daTzJe7xcXfm3pk28QbXveRnLQ8.roa
File: daTzJe7xcXfm3pk28QbXveRnLQ8.roa (raw, json)
Hash identifier: 3RKfhn2/ccvJiRiTsd0XGjwbnOcXcdkQOVdOa5aggs4=
Subject key identifier: 75:A4:F3:25:EE:F1:71:77:E6:DE:99:36:F1:06:D7:BD:E4:67:2D:0F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E9F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/daTzJe7xcXfm3pk28QbXveRnLQ8.roa
Signing time: Fri 03 May 2024 09:53:46 +0000
ROA not before: Fri 03 May 2024 09:53:46 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20127 (0x4e9f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 09:53:46 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=75A4F325EEF17177E6DE9936F106D7BDE4672D0F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:b1:23:d1:95:0a:46:ea:63:1b:71:03:dd:52:
f5:68:fe:1d:9d:18:42:14:a1:0a:2f:7c:7c:32:5c:
96:da:90:9b:b8:31:bb:17:ce:9d:e4:e1:f6:a6:c5:
26:e7:f2:01:ef:6c:4c:b4:00:eb:1b:4e:69:20:b8:
f2:6e:f3:5a:04:31:1a:50:ce:02:c7:3c:e5:69:d7:
db:e7:92:e1:7e:d7:07:78:2c:e7:95:f4:8b:55:b7:
f6:c2:6a:75:59:5b:e0:92:eb:6c:5e:d6:35:15:1b:
ff:a6:70:2e:08:81:3b:68:b2:ee:ab:e1:00:ca:ce:
11:f2:84:b6:01:28:1f:fa:31:86:05:8c:96:4e:74:
7a:78:87:93:bb:a3:c4:f2:39:ff:d3:fd:87:91:90:
0c:a5:e9:fe:39:33:59:77:d9:91:ad:0a:20:8c:12:
52:90:3f:5d:f9:3a:dd:0b:bb:99:88:aa:0c:82:41:
a5:b2:a8:3e:23:bf:69:f7:72:85:32:6f:11:dd:16:
bc:72:77:e4:86:ff:86:0e:9c:0e:e0:cb:7b:33:cf:
a8:71:90:b8:8e:88:cf:62:6f:2d:42:be:65:07:d6:
7f:bb:6a:4a:f7:56:de:e7:61:73:d2:63:23:43:49:
98:49:d3:73:cb:cf:b0:d9:d7:5b:a0:63:88:c3:62:
8d:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:A4:F3:25:EE:F1:71:77:E6:DE:99:36:F1:06:D7:BD:E4:67:2D:0F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/daTzJe7xcXfm3pk28QbXveRnLQ8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3b:bb:4a:14:37:a1:a9:89:89:e7:98:cd:dc:13:3c:ca:97:da:
6e:14:22:7b:12:9e:33:6c:52:15:db:4c:17:83:84:3e:9d:6a:
32:4d:ed:ac:bf:50:17:a8:ee:e0:a4:28:8b:36:c3:dd:ca:68:
70:b2:76:d4:e8:2e:60:bd:18:8e:c1:e0:e7:06:2f:35:5d:be:
6f:87:24:c0:c4:8c:29:23:bc:4e:d3:7a:db:be:3a:dd:7b:5d:
36:1d:40:e4:d3:48:46:92:cb:9b:f3:63:08:b1:3e:d9:2a:be:
72:10:98:ae:ec:03:16:88:b2:5c:b7:63:7d:87:59:8e:0c:5c:
86:49:db:30:0e:85:f4:9f:c4:95:bd:7a:43:61:47:39:95:1d:
16:70:e2:14:cf:5b:4a:43:37:58:48:70:89:e4:a5:57:48:e4:
ae:ba:61:88:f1:62:3a:3b:f3:26:8c:76:bc:eb:e9:85:fd:e6:
59:92:ef:f1:e9:a3:e5:25:91:5c:26:dd:22:37:d2:4f:84:8f:
57:db:9e:f3:de:00:94:0d:a9:5b:97:3a:04:9a:2e:0a:69:d0:
2d:f7:a3:ed:da:a0:04:fb:b6:f4:13:41:e0:59:4d:17:49:1a:
fd:06:c9:07:d3:ea:86:04:6e:cc:ca:6f:3c:f9:4b:cc:12:6b:
a2:6a:d8:28
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTp8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMw
OTUzNDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDc1QTRGMzI1RUVGMTcx
NzdFNkRFOTkzNkYxMDZEN0JERTQ2NzJEMEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCUsSPRlQpG6mMbcQPdUvVo/h2dGEIUoQovfHwyXJbakJu4MbsX
zp3k4famxSbn8gHvbEy0AOsbTmkguPJu81oEMRpQzgLHPOVp19vnkuF+1wd4LOeV
9ItVt/bCanVZW+CS62xe1jUVG/+mcC4IgTtosu6r4QDKzhHyhLYBKB/6MYYFjJZO
dHp4h5O7o8TyOf/T/YeRkAyl6f45M1l32ZGtCiCMElKQP135Ot0Lu5mIqgyCQaWy
qD4jv2n3coUybxHdFrxyd+SG/4YOnA7gy3szz6hxkLiOiM9iby1CvmUH1n+7akr3
Vt7nYXPSYyNDSZhJ03PLz7DZ11ugY4jDYo3JAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUdaTzJe7xcXfm3pk28QbXveRnLQ8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RhVHpKZTd4Y1hmbTNw
azI4UWJYdmVSbkxROC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADu7ShQ3oamJieeYzdwTPMqX2m4UInsS
njNsUhXbTBeDhD6dajJN7ay/UBeo7uCkKIs2w93KaHCydtToLmC9GI7B4OcGLzVd
vm+HJMDEjCkjvE7Tetu+Ot17XTYdQOTTSEaSy5vzYwixPtkqvnIQmK7sAxaIsly3
Y32HWY4MXIZJ2zAOhfSfxJW9ekNhRzmVHRZw4hTPW0pDN1hIcInkpVdI5K66YYjx
Yjo78yaMdrzr6YX95lmS7/Hpo+UlkVwm3SI30k+Ej1fbnvPeAJQNqVuXOgSaLgpp
0C33o+3aoAT7tvQTQeBZTRdJGv0GyQfT6oYEbszKbzz5S8wSa6Jq2Cg=
-----END CERTIFICATE-----
Generated at Sun May 18 23:58:59 2025 by rpki-client