Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tn3A6N3dC-4m0HrVKo293BrDtjY.roa
File: tn3A6N3dC-4m0HrVKo293BrDtjY.roa (raw, json)
Hash identifier: XB4FGSceYDjS2Q25Vfg7gUpmHl7npK/zGCQ1WOl37fw=
Subject key identifier: B6:7D:C0:E8:DD:DD:0B:EE:26:D0:7A:D5:2A:8D:BD:DC:1A:C3:B6:36
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5193
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tn3A6N3dC-4m0HrVKo293BrDtjY.roa
Signing time: Tue 07 May 2024 08:24:01 +0000
ROA not before: Tue 07 May 2024 08:24:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20883 (0x5193)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 08:24:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B67DC0E8DDDD0BEE26D07AD52A8DBDDC1AC3B636
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:db:df:9f:1f:6d:5c:6e:15:52:21:66:8e:01:
19:41:f3:7d:a2:ca:7d:35:eb:16:19:27:89:be:92:
ba:f5:28:15:c2:ab:61:a3:8b:fd:67:8a:c7:c2:be:
57:28:83:a0:2c:56:e4:3a:7c:59:75:8f:d4:38:5b:
02:5e:ad:18:67:59:fb:4e:1e:08:d8:11:a0:66:ff:
8f:29:dc:57:6e:39:1c:3c:d2:f7:a8:51:df:9c:55:
7d:9a:bd:bc:c5:f6:bb:a9:68:9d:66:60:84:26:de:
56:10:fe:c6:81:b8:08:e2:b1:c5:0d:33:32:0f:ad:
5e:f2:12:3a:b4:7d:0c:50:96:1b:64:e8:16:b1:97:
01:0d:63:a4:81:0b:8a:75:d4:53:b7:cc:9e:71:ac:
cd:b9:21:47:92:33:6a:fc:ff:41:03:87:b1:86:13:
e5:c8:27:46:8f:9c:ac:06:86:d9:ed:3a:25:48:a0:
27:57:1e:b6:57:1d:be:0d:c6:cf:31:7c:6c:47:cb:
dd:80:79:78:2a:d3:da:c7:2d:84:0c:c7:ba:fb:e7:
81:7b:90:20:f0:2a:74:9c:65:3e:c0:9b:52:35:47:
42:91:97:84:ec:63:e5:cd:38:25:a4:0f:e3:cb:c2:
01:85:84:22:5c:ee:11:0c:7a:73:57:db:c3:cb:e9:
92:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:7D:C0:E8:DD:DD:0B:EE:26:D0:7A:D5:2A:8D:BD:DC:1A:C3:B6:36
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tn3A6N3dC-4m0HrVKo293BrDtjY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
7b:42:32:70:0e:a7:54:77:c2:fe:72:8d:4a:60:cf:e1:e1:58:
74:48:90:3a:63:05:e6:35:38:1c:20:95:4e:f8:49:71:43:ee:
64:67:ca:81:18:62:30:41:ab:2f:e7:02:a0:42:ad:ec:a1:fc:
b5:42:7d:f4:fb:fc:a1:6a:16:63:fd:c7:7d:14:7b:95:f0:6b:
1f:a7:cd:4a:0b:a4:e0:75:c2:4c:f4:3b:d5:e1:f7:43:38:f4:
40:57:22:bc:b8:c4:16:cf:9d:26:0a:ce:ec:6b:c9:46:e2:27:
32:63:a4:53:d7:ec:66:51:1f:48:c7:5e:25:48:e7:23:17:0f:
a6:84:40:d2:03:a1:af:32:2c:8c:f4:33:a2:a0:3b:67:19:cf:
4c:10:81:60:4e:52:5a:aa:d9:a4:28:03:99:46:cb:1e:37:04:
cc:35:1e:06:b9:33:7f:2d:3e:0d:56:30:ec:d3:40:26:22:1f:
c5:84:10:00:79:1e:e1:07:a7:7b:51:4d:f9:92:33:83:e3:13:
43:eb:68:35:9a:85:dd:c3:91:23:d7:52:bb:e5:c5:16:93:c9:
84:a3:5a:11:94:a1:a8:c2:ca:6d:8c:82:c7:c5:14:6a:0c:4d:
de:e6:13:ab:95:8e:1f:07:97:b8:d7:56:ea:1e:41:e7:a8:e7:
cf:bb:45:0e
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICUZMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcw
ODI0MDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEI2N0RDMEU4RERERDBC
RUUyNkQwN0FENTJBOERCRERDMUFDM0I2MzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCg29+fH21cbhVSIWaOARlB832iyn016xYZJ4m+krr1KBXCq2Gj
i/1nisfCvlcog6AsVuQ6fFl1j9Q4WwJerRhnWftOHgjYEaBm/48p3FduORw80veo
Ud+cVX2avbzF9rupaJ1mYIQm3lYQ/saBuAjiscUNMzIPrV7yEjq0fQxQlhtk6Bax
lwENY6SBC4p11FO3zJ5xrM25IUeSM2r8/0EDh7GGE+XIJ0aPnKwGhtntOiVIoCdX
HrZXHb4Nxs8xfGxHy92AeXgq09rHLYQMx7r754F7kCDwKnScZT7Am1I1R0KRl4Ts
Y+XNOCWkD+PLwgGFhCJc7hEMenNX28PL6ZL/AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUtn3A6N3dC+4m0HrVKo293BrDtjYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RuM0E2TjNkQy00bTBI
clZLbzI5M0JyRHRqWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHtCMnAOp1R3wv5yjUpgz+HhWHRIkDpj
BeY1OBwglU74SXFD7mRnyoEYYjBBqy/nAqBCreyh/LVCffT7/KFqFmP9x30Ue5Xw
ax+nzUoLpOB1wkz0O9Xh90M49EBXIry4xBbPnSYKzuxryUbiJzJjpFPX7GZRH0jH
XiVI5yMXD6aEQNIDoa8yLIz0M6KgO2cZz0wQgWBOUlqq2aQoA5lGyx43BMw1Hga5
M38tPg1WMOzTQCYiH8WEEAB5HuEHp3tRTfmSM4PjE0PraDWahd3DkSPXUrvlxRaT
yYSjWhGUoajCym2MgsfFFGoMTd7mE6uVjh8Hl7jXVuoeQeeo58+7RQ4=
-----END CERTIFICATE-----
Generated at Sat May 17 22:41:25 2025 by rpki-client