Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rcv1kazjNfmf9Kt0EASHAYHc3do.roa
File: rcv1kazjNfmf9Kt0EASHAYHc3do.roa (raw, json)
Hash identifier: LjoWwpl0hXONAsU9wZb+oY14tD8Ox1J2aZEGwYqPyq4=
Subject key identifier: AD:CB:F5:91:AC:E3:35:F9:9F:F4:AB:74:10:04:87:01:81:DC:DD:DA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3D2B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rcv1kazjNfmf9Kt0EASHAYHc3do.roa
Signing time: Wed 10 Apr 2024 03:22:41 +0000
ROA not before: Wed 10 Apr 2024 03:22:41 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15659 (0x3d2b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 03:22:41 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=ADCBF591ACE335F99FF4AB741004870181DCDDDA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:bd:81:6a:c6:a0:3a:b1:5e:b0:45:1c:d8:86:
56:57:fe:e9:16:e2:ec:13:31:ca:a1:a1:a1:42:04:
69:3b:7e:44:83:ac:7b:e4:97:2c:3a:0d:3c:19:1b:
08:be:d7:b8:4b:82:c0:18:62:a2:9f:36:1b:23:be:
97:aa:b5:bd:d7:c1:cc:80:25:c3:f1:a6:52:d8:e7:
33:bd:27:ce:0f:6e:af:dd:ee:23:03:a5:3b:d8:de:
bb:96:7e:99:e6:c2:3b:7a:17:a0:c9:3e:a1:f7:fa:
ed:91:35:50:e2:aa:3d:ee:f5:80:2c:55:64:41:c0:
7d:c5:bc:c9:5b:da:b4:f2:d0:a8:d0:83:9f:1e:f8:
99:7e:42:42:a3:82:65:f1:32:89:ef:fa:6e:45:6a:
a4:43:d7:76:f5:c3:80:43:7f:5b:47:2c:43:e2:9b:
82:aa:4c:94:87:07:5c:de:e8:21:46:60:89:75:e5:
1f:f5:5d:b1:2c:11:2b:65:b1:69:21:d2:0c:5b:b9:
a6:d9:d7:04:fe:4a:cf:01:91:92:db:19:12:6c:93:
d0:b8:8e:fa:21:8a:31:d1:f2:86:a0:ab:37:c1:a9:
d7:1c:a0:3b:a5:1d:57:c6:69:ea:07:45:0a:c7:8e:
7e:53:fd:e4:c5:e2:d3:8c:75:e0:4b:36:1f:00:3b:
b7:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:CB:F5:91:AC:E3:35:F9:9F:F4:AB:74:10:04:87:01:81:DC:DD:DA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rcv1kazjNfmf9Kt0EASHAYHc3do.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
18:df:20:f9:f9:72:00:06:7f:d8:af:d3:61:05:d8:de:d4:fa:
62:e0:b6:9a:46:6e:0d:a1:a3:8b:07:8d:9c:3c:cb:6e:5d:ba:
44:d0:f4:66:cf:78:8f:57:81:a0:ce:84:9a:0e:9e:ca:47:bb:
3b:b3:43:96:7f:a1:72:0b:4f:4b:14:a3:8c:75:16:57:dd:18:
1c:5a:1a:f1:a0:9a:fa:d4:49:c3:dd:54:3b:60:a6:dd:f7:fb:
37:da:08:cb:1e:ea:19:f1:c0:9c:f6:77:39:67:69:bf:26:c5:
b1:6a:a8:c7:3e:84:a4:12:31:0c:65:eb:ae:c0:9b:cf:d1:e1:
0e:59:1a:bf:8d:54:d6:31:91:d2:d2:51:99:59:ad:72:ef:5e:
75:8a:91:92:b5:65:b4:45:2a:fe:2f:12:31:41:e7:6d:34:82:
2c:08:d8:45:bd:0b:27:e2:53:f9:d7:7a:fb:02:73:39:33:e1:
d2:73:08:4d:77:83:66:63:2a:3f:27:ea:d5:af:b6:ad:2a:e6:
f6:8a:c7:95:fb:c3:05:d8:04:55:f7:db:69:44:42:38:6f:33:
77:1b:58:09:c3:2f:5f:bf:b3:6d:07:c9:e7:7f:48:c5:5c:c6:
eb:ee:d0:d6:d1:d6:3b:e9:eb:49:c4:1e:e1:dc:cb:fd:36:b7:
46:85:a4:89
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPSswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAw
MzIyNDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEFEQ0JGNTkxQUNFMzM1
Rjk5RkY0QUI3NDEwMDQ4NzAxODFEQ0REREEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBvYFqxqA6sV6wRRzYhlZX/ukW4uwTMcqhoaFCBGk7fkSDrHvk
lyw6DTwZGwi+17hLgsAYYqKfNhsjvpeqtb3XwcyAJcPxplLY5zO9J84Pbq/d7iMD
pTvY3ruWfpnmwjt6F6DJPqH3+u2RNVDiqj3u9YAsVWRBwH3FvMlb2rTy0KjQg58e
+Jl+QkKjgmXxMonv+m5FaqRD13b1w4BDf1tHLEPim4KqTJSHB1ze6CFGYIl15R/1
XbEsEStlsWkh0gxbuabZ1wT+Ss8BkZLbGRJsk9C4jvohijHR8oagqzfBqdccoDul
HVfGaeoHRQrHjn5T/eTF4tOMdeBLNh8AO7cTAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUrcv1kazjNfmf9Kt0EASHAYHc3dowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JjdjFrYXpqTmZtZjlL
dDBFQVNIQVlIYzNkby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABjfIPn5cgAGf9iv02EF2N7U+mLgtppG
bg2ho4sHjZw8y25dukTQ9GbPeI9XgaDOhJoOnspHuzuzQ5Z/oXILT0sUo4x1Flfd
GBxaGvGgmvrUScPdVDtgpt33+zfaCMse6hnxwJz2dzlnab8mxbFqqMc+hKQSMQxl
667Am8/R4Q5ZGr+NVNYxkdLSUZlZrXLvXnWKkZK1ZbRFKv4vEjFB5200giwI2EW9
CyfiU/nXevsCczkz4dJzCE13g2ZjKj8n6tWvtq0q5vaKx5X7wwXYBFX322lEQjhv
M3cbWAnDL1+/s20Hyed/SMVcxuvu0NbR1jvp60nEHuHcy/02t0aFpIk=
-----END CERTIFICATE-----
Generated at Sat May 17 19:38:47 2025 by rpki-client