Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4PwhnqL8_4C1jdkwgNsxDqUgUv0.roa
File: 4PwhnqL8_4C1jdkwgNsxDqUgUv0.roa (raw, json)
Hash identifier: F9MUl8Mvf60zCRUPNw+afizx+GRGAr5L8TLl/8XtsJ8=
Subject key identifier: E0:FC:21:9E:A2:FC:FF:80:B5:8D:D9:30:80:DB:31:0E:A5:20:52:FD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3A63
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4PwhnqL8_4C1jdkwgNsxDqUgUv0.roa
Signing time: Sat 06 Apr 2024 10:22:28 +0000
ROA not before: Sat 06 Apr 2024 10:22:28 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14947 (0x3a63)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 6 10:22:28 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E0FC219EA2FCFF80B58DD93080DB310EA52052FD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:41:5e:13:8a:42:7e:d5:31:68:7d:73:51:16:
85:bb:36:13:85:dc:e3:6f:25:a4:d5:85:f1:1f:7f:
cb:a3:a7:e2:90:7d:6a:8e:f5:0b:47:24:44:45:f4:
15:f4:26:f6:fa:b7:b2:13:1e:61:b8:30:25:e0:eb:
31:30:59:9c:2a:ad:42:34:35:4d:1b:97:e3:85:3a:
26:bf:11:dd:df:5a:d3:b5:e5:12:68:98:74:fd:99:
be:45:45:ef:80:4a:63:fe:ec:d0:2c:87:0e:62:13:
c5:1f:87:05:8f:81:73:3d:0c:be:3b:cb:c6:b6:be:
37:3e:5a:f6:eb:3a:f8:42:7c:e1:b7:f3:13:c5:44:
ce:ce:b1:60:f5:a0:bb:47:cf:3a:ac:45:26:ca:dd:
96:e7:d9:90:a6:6d:71:f5:34:aa:bc:58:fe:54:38:
1b:79:df:0f:67:23:55:a2:fa:da:14:5a:6d:40:49:
a4:12:d6:15:fb:ae:9f:5b:99:8d:69:a4:b3:b3:91:
6f:81:a5:18:5d:f3:13:c5:c7:f5:5c:06:38:34:65:
93:e8:97:7e:06:60:47:31:7d:4d:2e:03:e9:1a:53:
29:4b:7f:a3:84:51:cc:cc:05:56:07:18:8e:b8:47:
52:c0:0f:5d:36:c2:d9:cb:77:82:40:04:4f:ad:74:
7b:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:FC:21:9E:A2:FC:FF:80:B5:8D:D9:30:80:DB:31:0E:A5:20:52:FD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4PwhnqL8_4C1jdkwgNsxDqUgUv0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
84:cb:f9:95:42:6f:a8:17:21:09:69:bd:9b:6d:b5:03:0d:df:
d6:69:fd:69:ab:a7:4d:75:48:d2:8a:69:bb:d3:51:a4:30:ef:
e9:fb:de:a8:c9:a9:bf:ac:3e:10:0f:85:eb:e9:b3:e6:e1:6a:
55:5b:1d:23:bb:f3:c6:9e:54:ee:3f:ca:16:3e:ae:05:c1:3b:
79:d5:5c:01:0a:7b:9e:12:24:d4:71:ab:e5:5c:90:b0:25:ce:
58:26:d8:2d:b6:bf:69:e4:22:d4:e3:bf:9b:6f:e5:35:11:49:
17:4a:aa:8a:7d:ce:0e:48:55:3a:b6:7e:48:6d:31:a0:9d:7c:
e9:54:3a:b9:66:1c:68:30:af:5a:44:14:3c:c4:fd:45:a7:a0:
90:43:f8:e8:8c:c6:11:fa:e1:36:2c:91:c9:cf:74:9d:01:11:
02:d8:a2:8d:2d:15:b4:16:ac:88:b1:36:5c:d7:6c:a1:db:bf:
51:03:9d:11:75:7d:19:64:17:ea:3d:5e:50:b9:6e:76:86:ea:
82:a2:54:08:5f:07:d1:cd:fe:b0:82:ef:5a:9b:51:7b:94:58:
19:4d:11:a7:fd:a6:96:6e:87:c3:31:6f:92:c4:fc:c6:6b:cd:
4c:90:87:8b:38:7d:f0:e4:0c:c2:e9:ce:6d:6a:d1:74:c9:08:
20:b3:66:fc
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICOmMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDYx
MDIyMjhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUwRkMyMTlFQTJGQ0ZG
ODBCNThERDkzMDgwREIzMTBFQTUyMDUyRkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDaQV4TikJ+1TFofXNRFoW7NhOF3ONvJaTVhfEff8ujp+KQfWqO
9QtHJERF9BX0Jvb6t7ITHmG4MCXg6zEwWZwqrUI0NU0bl+OFOia/Ed3fWtO15RJo
mHT9mb5FRe+ASmP+7NAshw5iE8UfhwWPgXM9DL47y8a2vjc+WvbrOvhCfOG38xPF
RM7OsWD1oLtHzzqsRSbK3Zbn2ZCmbXH1NKq8WP5UOBt53w9nI1Wi+toUWm1ASaQS
1hX7rp9bmY1ppLOzkW+BpRhd8xPFx/VcBjg0ZZPol34GYEcxfU0uA+kaUylLf6OE
UczMBVYHGI64R1LAD102wtnLd4JABE+tdHuVAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU4PwhnqL8/4C1jdkwgNsxDqUgUv0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRQd2hucUw4XzRDMWpk
a3dnTnN4RHFVZ1V2MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAITL+ZVCb6gXIQlpvZtttQMN39Zp/Wmr
p011SNKKabvTUaQw7+n73qjJqb+sPhAPhevps+bhalVbHSO788aeVO4/yhY+rgXB
O3nVXAEKe54SJNRxq+VckLAlzlgm2C22v2nkItTjv5tv5TURSRdKqop9zg5IVTq2
fkhtMaCdfOlUOrlmHGgwr1pEFDzE/UWnoJBD+OiMxhH64TYskcnPdJ0BEQLYoo0t
FbQWrIixNlzXbKHbv1EDnRF1fRlkF+o9XlC5bnaG6oKiVAhfB9HN/rCC71qbUXuU
WBlNEaf9ppZuh8Mxb5LE/MZrzUyQh4s4ffDkDMLpzm1q0XTJCCCzZvw=
-----END CERTIFICATE-----
Generated at Mon Jun 16 16:01:46 2025 by rpki-client