Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/79VPGuT0_tD7wuaSFGZulO7ighE.roa
File: 79VPGuT0_tD7wuaSFGZulO7ighE.roa (raw, json)
Hash identifier: xyHNB9Nf9LEf+oJLrjAdUc8pFEsd+yYDauGK4zjSFGE=
Subject key identifier: EF:D5:4F:1A:E4:F4:FE:D0:FB:C2:E6:92:14:66:6E:94:EE:E2:82:11
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4F6F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/79VPGuT0_tD7wuaSFGZulO7ighE.roa
Signing time: Sat 04 May 2024 11:53:49 +0000
ROA not before: Sat 04 May 2024 11:53:49 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20335 (0x4f6f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 4 11:53:49 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EFD54F1AE4F4FED0FBC2E69214666E94EEE28211
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:b9:2c:b1:5a:26:c8:a8:26:33:79:b9:1e:42:
13:98:5b:3d:bc:a8:3e:6e:aa:e5:26:cd:e6:ff:8f:
25:ee:61:48:57:4a:59:6e:f1:2f:31:10:84:87:94:
ef:83:33:e2:36:e8:ee:1d:25:ac:67:1b:8f:ee:1e:
ba:1f:b1:30:44:cb:89:b6:8b:59:e8:81:56:c4:71:
66:6c:a7:5f:81:93:02:ec:cb:91:fa:2c:60:84:14:
4f:70:b6:52:46:c1:2e:83:30:21:5b:a6:d9:98:55:
14:4d:a1:40:50:4c:0a:a9:d7:b6:c4:74:e8:ac:71:
9a:d2:6e:2f:28:7d:62:62:ec:ee:2d:43:b8:23:79:
9a:43:b0:a2:f5:82:09:bc:af:ba:43:18:3b:1c:05:
bb:7a:cf:14:bf:20:2b:ff:67:2f:7d:fc:17:f1:c6:
76:2d:84:0a:78:dc:bc:ae:54:c4:04:a7:78:46:8b:
5b:b8:0c:4c:05:b1:71:96:4b:00:61:49:06:84:6c:
5a:a4:e3:4e:0b:73:08:7a:42:d0:25:48:b6:e4:df:
dc:b5:27:f2:33:aa:34:ce:48:d5:68:64:77:80:5d:
91:77:33:87:32:f6:de:5b:a0:a3:87:80:49:b7:6c:
11:05:78:e9:23:28:00:d1:fd:8e:64:12:a3:9f:36:
b2:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:D5:4F:1A:E4:F4:FE:D0:FB:C2:E6:92:14:66:6E:94:EE:E2:82:11
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/79VPGuT0_tD7wuaSFGZulO7ighE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
2b:a3:5c:f9:ec:88:02:3d:99:0f:7a:a4:fa:1b:9c:aa:30:ae:
cc:b3:86:3b:e5:03:29:66:d6:b5:6d:1a:be:67:fb:e0:5b:27:
87:d7:33:0e:99:ea:dd:27:71:a5:33:41:48:d0:4b:b9:18:3e:
4a:f4:bc:da:54:e5:28:f5:b9:90:2b:1b:e2:c8:83:19:28:be:
20:65:a9:19:f0:5f:f9:95:0c:ae:60:a4:1b:8b:f6:49:ba:8f:
bc:4e:31:66:4d:31:7f:c2:31:d6:f3:b4:9f:cf:43:3b:ea:6a:
3a:7d:e9:0c:32:02:08:09:e4:e2:89:99:06:ba:64:8a:bd:fd:
79:2d:9a:b9:d0:19:47:8c:da:02:45:3c:78:e3:00:5c:b9:ba:
15:91:9c:26:fb:20:4c:63:a7:e3:95:0f:ff:00:01:16:47:fe:
ee:9b:7c:d1:b8:8c:2d:dd:9d:3a:7b:99:f8:c4:46:a0:ea:64:
bb:6e:2a:db:69:ce:33:d9:a5:f1:97:b0:ee:0a:f9:ee:d6:fa:
96:44:c0:9d:48:64:c4:80:a4:7e:0b:d5:85:ea:25:9c:32:f6:
87:cc:3f:22:96:93:1e:4d:cd:e6:8e:2e:50:30:db:a5:5c:93:
a6:78:02:e3:af:b0:a8:a3:98:58:e6:23:26:88:26:7e:01:b6:
8c:38:20:61
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICT28wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDQx
MTUzNDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVGRDU0RjFBRTRGNEZF
RDBGQkMyRTY5MjE0NjY2RTk0RUVFMjgyMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChuSyxWibIqCYzebkeQhOYWz28qD5uquUmzeb/jyXuYUhXSllu
8S8xEISHlO+DM+I26O4dJaxnG4/uHrofsTBEy4m2i1nogVbEcWZsp1+BkwLsy5H6
LGCEFE9wtlJGwS6DMCFbptmYVRRNoUBQTAqp17bEdOiscZrSbi8ofWJi7O4tQ7gj
eZpDsKL1ggm8r7pDGDscBbt6zxS/ICv/Zy99/BfxxnYthAp43LyuVMQEp3hGi1u4
DEwFsXGWSwBhSQaEbFqk404Lcwh6QtAlSLbk39y1J/IzqjTOSNVoZHeAXZF3M4cy
9t5boKOHgEm3bBEFeOkjKADR/Y5kEqOfNrLRAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU79VPGuT0/tD7wuaSFGZulO7ighEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Lzc5VlBHdVQwX3REN3d1
YVNGR1p1bE83aWdoRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACujXPnsiAI9mQ96pPobnKowrsyzhjvl
Aylm1rVtGr5n++BbJ4fXMw6Z6t0ncaUzQUjQS7kYPkr0vNpU5Sj1uZArG+LIgxko
viBlqRnwX/mVDK5gpBuL9km6j7xOMWZNMX/CMdbztJ/PQzvqajp96QwyAggJ5OKJ
mQa6ZIq9/XktmrnQGUeM2gJFPHjjAFy5uhWRnCb7IExjp+OVD/8AARZH/u6bfNG4
jC3dnTp7mfjERqDqZLtuKttpzjPZpfGXsO4K+e7W+pZEwJ1IZMSApH4L1YXqJZwy
9ofMPyKWkx5NzeaOLlAw26Vck6Z4AuOvsKijmFjmIyaIJn4Btow4IGE=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:57:41 2025 by rpki-client