Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4j42NQ8I9xchh-l_ZG7AHQAuPKw.roa
File: 4j42NQ8I9xchh-l_ZG7AHQAuPKw.roa (raw, json)
Hash identifier: QW963e0PljBvJMJU0Stk6x20AQvivRXZDJgmyID4DT0=
Subject key identifier: E2:3E:36:35:0F:08:F7:17:21:87:E9:7F:64:6E:C0:1D:00:2E:3C:AC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 56AF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4j42NQ8I9xchh-l_ZG7AHQAuPKw.roa
Signing time: Tue 14 May 2024 03:54:09 +0000
ROA not before: Tue 14 May 2024 03:54:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22191 (0x56af)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 03:54:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E23E36350F08F7172187E97F646EC01D002E3CAC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:56:06:44:40:97:4a:e5:0f:61:09:b3:1d:f1:
fa:59:17:d0:74:50:67:9e:d4:97:02:f8:94:b5:1d:
84:a8:10:2c:2e:66:12:e1:64:41:00:c7:10:d3:ce:
d0:5d:17:9d:e5:4c:df:0a:0e:68:62:64:ce:e4:83:
6f:d0:a1:7f:08:6b:cb:68:f1:a0:61:76:dd:c8:82:
dc:20:3d:2a:78:50:41:af:c0:c3:f3:7a:35:0f:12:
00:ab:5f:b2:c1:6c:05:1d:83:a7:1f:da:23:b2:51:
16:b9:67:0a:d4:cb:b3:92:fd:40:04:e8:2b:8e:c0:
33:50:4c:39:1b:da:3e:2a:71:cf:60:75:d2:b0:5b:
d8:ef:12:1e:d1:da:e3:1b:e6:b3:83:c3:16:68:d2:
e0:b8:33:37:d5:14:76:52:c4:2f:d8:1e:04:13:60:
57:de:66:21:bb:1f:93:da:ce:80:09:b4:d2:1b:15:
cd:24:b1:a7:f1:f3:d0:ff:7b:8b:c2:be:e3:37:16:
be:36:92:fc:44:d7:87:ef:88:c2:5a:71:2d:e2:4a:
91:0b:fa:1b:f0:fc:8f:ef:c0:f0:bd:9e:c8:0b:a7:
4f:66:32:7c:f9:96:66:a0:12:cb:5d:a0:92:d2:9f:
7c:22:99:fb:51:8d:95:95:eb:cb:3d:13:2d:17:06:
86:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:3E:36:35:0F:08:F7:17:21:87:E9:7F:64:6E:C0:1D:00:2E:3C:AC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4j42NQ8I9xchh-l_ZG7AHQAuPKw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
14:f6:66:fc:ff:a9:84:50:5c:d0:4f:2e:03:64:b0:4b:53:e9:
4b:98:ad:98:a6:d5:f8:e7:89:98:fe:70:26:89:41:4f:31:11:
9d:37:28:c4:a9:2f:ee:96:05:2f:01:ff:21:aa:2f:d6:d3:c9:
ce:62:6a:29:b4:91:64:01:dd:0a:29:d3:2c:96:11:90:0a:3e:
4b:c1:ca:dd:08:bf:3d:60:1d:db:41:82:f9:7f:df:6a:21:ec:
18:56:0f:39:10:92:3f:25:56:26:27:ad:3d:2e:81:a0:e8:d1:
af:5e:f8:4d:e8:47:e8:7a:0e:45:3b:29:9b:ba:cc:29:50:2b:
29:74:9e:9d:93:53:45:c5:89:b1:55:a9:72:bc:e4:a2:36:a0:
db:41:d8:42:5e:05:c5:44:59:09:bc:39:0d:b7:bb:8c:08:80:
d1:6b:30:8c:e1:5b:76:33:ed:a7:48:40:73:9f:12:a8:e6:68:
51:ec:ee:d8:a6:94:ce:d1:ec:05:85:41:59:1c:df:a2:2a:42:
d7:13:5c:3c:07:2a:fa:5e:46:63:d9:9d:1b:70:d5:b5:27:db:
f8:7e:f4:e4:2c:bf:8a:fe:5c:50:a0:4f:0a:76:17:04:93:90:
96:88:d4:88:b1:ca:d0:80:62:d6:33:07:30:51:14:c6:51:fb:
88:1c:a0:68
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVq8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQw
MzU0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUyM0UzNjM1MEYwOEY3
MTcyMTg3RTk3RjY0NkVDMDFEMDAyRTNDQUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+VgZEQJdK5Q9hCbMd8fpZF9B0UGee1JcC+JS1HYSoECwuZhLh
ZEEAxxDTztBdF53lTN8KDmhiZM7kg2/QoX8Ia8to8aBhdt3IgtwgPSp4UEGvwMPz
ejUPEgCrX7LBbAUdg6cf2iOyURa5ZwrUy7OS/UAE6CuOwDNQTDkb2j4qcc9gddKw
W9jvEh7R2uMb5rODwxZo0uC4MzfVFHZSxC/YHgQTYFfeZiG7H5PazoAJtNIbFc0k
safx89D/e4vCvuM3Fr42kvxE14fviMJacS3iSpEL+hvw/I/vwPC9nsgLp09mMnz5
lmagEstdoJLSn3wimftRjZWV68s9Ey0XBoZvAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU4j42NQ8I9xchh+l/ZG7AHQAuPKwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRqNDJOUThJOXhjaGgt
bF9aRzdBSFFBdVBLdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBABT2Zvz/qYRQXNBPLgNksEtT6UuYrZim
1fjniZj+cCaJQU8xEZ03KMSpL+6WBS8B/yGqL9bTyc5iaim0kWQB3Qop0yyWEZAK
PkvByt0Ivz1gHdtBgvl/32oh7BhWDzkQkj8lViYnrT0ugaDo0a9e+E3oR+h6DkU7
KZu6zClQKyl0np2TU0XFibFVqXK85KI2oNtB2EJeBcVEWQm8OQ23u4wIgNFrMIzh
W3Yz7adIQHOfEqjmaFHs7timlM7R7AWFQVkc36IqQtcTXDwHKvpeRmPZnRtw1bUn
2/h+9OQsv4r+XFCgTwp2FwSTkJaI1IixytCAYtYzBzBRFMZR+4gcoGg=
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:31:55 2025 by rpki-client