Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-8RaQDP3MpZrnVvrPZHR1CXEtFE.roa
File: -8RaQDP3MpZrnVvrPZHR1CXEtFE.roa (raw, json)
Hash identifier: ChaLnkWCJam+cd5JHg08AeyBa9Q7luj1bo4wcukNCE0=
Subject key identifier: FB:C4:5A:40:33:F7:32:96:6B:9D:5B:EB:3D:91:D1:D4:25:C4:B4:51
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 555B
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-8RaQDP3MpZrnVvrPZHR1CXEtFE.roa
Signing time: Sun 12 May 2024 09:24:04 +0000
ROA not before: Sun 12 May 2024 09:24:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21851 (0x555b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 09:24:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FBC45A4033F732966B9D5BEB3D91D1D425C4B451
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:72:77:ec:fb:4c:74:ec:fc:b4:89:67:f4:a8:
b6:25:ae:98:6c:29:9f:60:77:65:68:11:b7:c3:2f:
67:48:cf:c4:26:1f:99:43:62:ff:d1:0b:a3:3a:df:
03:6a:06:2c:f6:38:fa:c1:ff:1d:78:22:90:dc:02:
6e:e3:33:5f:48:ee:d7:63:75:61:16:bd:68:2c:94:
f8:e1:bb:44:4f:9f:21:02:45:37:84:e2:7b:02:ac:
01:1f:aa:cb:d3:a0:c4:23:5c:32:4a:a6:ba:3a:61:
2c:f9:fe:ae:59:5a:50:ea:cb:1e:38:b4:9c:41:12:
f2:47:d2:84:0a:5e:11:56:26:8a:4f:84:b4:80:ea:
4a:db:19:b3:ab:7c:97:0b:67:10:62:62:59:4a:b5:
57:f0:0c:6c:c9:8a:8c:11:72:8d:2e:69:4d:4b:40:
41:06:09:b3:d2:0b:75:3a:f3:30:00:ed:13:de:48:
dd:de:e8:4e:42:53:e0:96:29:ec:27:a9:be:d4:1f:
d6:ec:2c:cd:ad:b9:65:18:c1:4f:ce:7e:9c:4c:1a:
36:c7:1e:6a:e8:32:d8:26:f5:80:d2:07:e1:58:e9:
2c:96:49:a9:1d:56:15:ba:65:13:74:e4:75:88:a1:
4f:59:21:40:85:0e:9e:b7:1d:70:ca:5d:da:fe:9d:
1b:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:C4:5A:40:33:F7:32:96:6B:9D:5B:EB:3D:91:D1:D4:25:C4:B4:51
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-8RaQDP3MpZrnVvrPZHR1CXEtFE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
28:50:d2:0f:44:63:4f:ce:60:f0:0d:08:f7:39:21:17:67:08:
27:cf:b3:b9:a4:21:ba:6e:f8:d8:f7:f3:6f:52:59:2e:81:ca:
3b:e8:59:f9:d8:1c:7b:f4:ef:18:0d:97:70:c2:b4:ae:ab:62:
44:13:01:80:15:fd:8b:e1:06:3f:35:fb:56:e0:ea:bf:4a:69:
2a:73:65:82:98:e1:c1:b6:18:d5:1d:4e:e3:bd:9c:7e:38:d6:
22:d4:06:86:09:ee:5a:1a:e5:9b:d1:4c:c7:11:ec:d2:8a:1f:
4c:00:94:e1:b3:a2:17:11:d8:d9:d4:c5:eb:8c:33:34:c4:42:
35:f1:66:e6:c5:ed:1e:dd:42:5a:b5:ab:99:8c:40:ad:7b:3d:
09:81:61:ab:7a:d9:c4:3a:6d:e5:a1:83:50:b3:b8:a8:fc:1d:
9d:3d:53:f2:a7:ae:8b:eb:e8:19:06:3c:33:4b:fc:54:f5:d1:
00:2b:31:ea:18:87:2c:84:91:f5:b2:a6:ee:d9:4b:e9:11:50:
6c:49:cb:ca:7a:5c:ea:69:f3:2b:0c:ca:26:7b:b2:a2:a4:f7:
d8:44:6e:3f:0f:a9:2c:4e:1f:5b:57:22:cf:e8:55:39:86:90:
5b:a9:04:7e:f2:a3:97:22:49:5e:55:dd:9e:89:98:df:ab:53:
0f:d4:4b:dc
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVVswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIw
OTI0MDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZCQzQ1QTQwMzNGNzMy
OTY2QjlENUJFQjNEOTFEMUQ0MjVDNEI0NTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8cnfs+0x07Py0iWf0qLYlrphsKZ9gd2VoEbfDL2dIz8QmH5lD
Yv/RC6M63wNqBiz2OPrB/x14IpDcAm7jM19I7tdjdWEWvWgslPjhu0RPnyECRTeE
4nsCrAEfqsvToMQjXDJKpro6YSz5/q5ZWlDqyx44tJxBEvJH0oQKXhFWJopPhLSA
6krbGbOrfJcLZxBiYllKtVfwDGzJiowRco0uaU1LQEEGCbPSC3U68zAA7RPeSN3e
6E5CU+CWKewnqb7UH9bsLM2tuWUYwU/OfpxMGjbHHmroMtgm9YDSB+FY6SyWSakd
VhW6ZRN05HWIoU9ZIUCFDp63HXDKXdr+nRuVAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU+8RaQDP3MpZrnVvrPZHR1CXEtFEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly04UmFRRFAzTXBacm5W
dnJQWkhSMUNYRXRGRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAChQ0g9EY0/OYPANCPc5IRdnCCfPs7mk
Ibpu+Nj3829SWS6ByjvoWfnYHHv07xgNl3DCtK6rYkQTAYAV/YvhBj81+1bg6r9K
aSpzZYKY4cG2GNUdTuO9nH441iLUBoYJ7loa5ZvRTMcR7NKKH0wAlOGzohcR2NnU
xeuMMzTEQjXxZubF7R7dQlq1q5mMQK17PQmBYat62cQ6beWhg1CzuKj8HZ09U/Kn
rovr6BkGPDNL/FT10QArMeoYhyyEkfWypu7ZS+kRUGxJy8p6XOpp8ysMyiZ7sqKk
99hEbj8PqSxOH1tXIs/oVTmGkFupBH7yo5ciSV5V3Z6JmN+rUw/US9w=
-----END CERTIFICATE-----
Generated at Sun Jun 22 07:50:26 2025 by rpki-client