Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8aOXaqXlZxb9G3lKmxOCei8bIUE.roa
File: 8aOXaqXlZxb9G3lKmxOCei8bIUE.roa (raw, json)
Hash identifier: ijK7sPIabVxT51Orn1MiZJ5yNCmXAQwBsrCElR5LEsg=
Subject key identifier: F1:A3:97:6A:A5:E5:67:16:FD:1B:79:4A:9B:13:82:7A:2F:1B:21:41
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5733
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8aOXaqXlZxb9G3lKmxOCei8bIUE.roa
Signing time: Tue 14 May 2024 20:24:10 +0000
ROA not before: Tue 14 May 2024 20:24:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22323 (0x5733)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 20:24:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F1A3976AA5E56716FD1B794A9B13827A2F1B2141
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:75:9a:a9:90:58:4e:30:dd:e4:3f:b0:a6:dd:
4d:46:9e:f4:0c:fe:9e:2f:4a:77:32:d9:1e:92:8f:
04:77:b2:67:5d:ba:bc:6e:0e:4f:a4:e1:9d:12:b4:
a5:ac:f0:74:44:c2:13:30:7a:67:17:81:04:52:72:
23:9c:64:6d:f8:6f:ff:c5:81:bb:d1:80:e1:b5:b6:
3e:a6:08:66:28:ca:8f:d5:fb:1c:6a:f4:a9:dd:9d:
0e:96:83:80:f4:d6:b0:18:48:52:51:eb:f9:fe:b7:
10:69:4a:1d:8e:8b:35:11:8f:09:81:29:f1:20:35:
cf:3f:af:86:2a:9b:e8:82:8b:37:9f:d7:b2:4a:52:
f6:cc:bb:01:43:9f:ca:e9:2c:df:b5:f9:dd:55:61:
a9:50:58:8c:e9:fb:ed:4a:cb:6b:2e:17:1d:86:1e:
f0:5a:ce:42:90:da:f2:52:6d:ff:85:8c:c6:77:91:
fc:58:dc:15:5c:fa:ca:ab:02:34:c8:f2:5d:82:b1:
de:b9:f6:9a:4d:0d:d0:07:63:b1:18:c9:9c:fc:f5:
5e:01:f5:18:20:8e:53:c1:2a:2c:82:0e:c9:ae:8a:
96:c2:7e:7c:1f:3e:35:9c:57:56:eb:e9:a7:1e:13:
5b:39:bb:10:7d:99:f3:54:1a:6d:01:b3:65:50:10:
a3:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:A3:97:6A:A5:E5:67:16:FD:1B:79:4A:9B:13:82:7A:2F:1B:21:41
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8aOXaqXlZxb9G3lKmxOCei8bIUE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
21:5e:67:3b:14:99:28:d9:29:b0:c0:4d:f6:a5:82:b1:18:48:
bc:b2:76:1b:77:40:b4:91:dd:3e:57:1c:0b:a5:8d:68:e1:db:
66:d2:5b:cb:89:39:74:b7:bc:d5:68:59:b3:44:98:51:6a:28:
28:47:c0:bf:a0:00:72:73:59:57:eb:21:45:cc:01:88:69:24:
9c:d1:b9:a0:2c:04:bb:2b:c0:9e:08:21:c3:5b:f1:58:41:0a:
53:e0:12:a5:9c:35:88:72:7c:c5:79:9d:f4:da:2f:77:ff:95:
51:ac:e0:29:a2:0d:17:e7:8b:6a:6c:94:2a:af:ea:f9:ba:a9:
c1:51:60:ce:ba:85:c8:db:b1:28:15:dc:51:31:e8:e0:51:25:
5d:b5:5c:77:e5:c4:06:f4:b0:92:44:ad:e8:49:72:ae:10:97:
75:3b:ea:7c:28:73:70:8e:f4:e2:a1:12:71:9a:1b:1a:cb:de:
c4:f7:f3:da:5c:ae:c7:5e:ca:b4:08:07:f3:67:70:fe:6d:8f:
a8:39:79:81:d6:c9:39:7d:38:e7:68:ce:fc:e9:74:71:5b:84:
13:6b:c4:77:bf:a1:13:b9:52:35:32:a5:82:21:6d:f1:a9:1f:
31:b7:7d:b8:a0:8f:86:86:96:e0:fd:11:a6:83:33:a5:3f:2c:
21:e3:5d:8d
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVzMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQy
MDI0MTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEYxQTM5NzZBQTVFNTY3
MTZGRDFCNzk0QTlCMTM4MjdBMkYxQjIxNDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1dZqpkFhOMN3kP7Cm3U1GnvQM/p4vSncy2R6SjwR3smddurxu
Dk+k4Z0StKWs8HREwhMwemcXgQRSciOcZG34b//FgbvRgOG1tj6mCGYoyo/V+xxq
9KndnQ6Wg4D01rAYSFJR6/n+txBpSh2OizURjwmBKfEgNc8/r4Yqm+iCizef17JK
UvbMuwFDn8rpLN+1+d1VYalQWIzp++1Ky2suFx2GHvBazkKQ2vJSbf+FjMZ3kfxY
3BVc+sqrAjTI8l2Csd659ppNDdAHY7EYyZz89V4B9RggjlPBKiyCDsmuipbCfnwf
PjWcV1br6aceE1s5uxB9mfNUGm0Bs2VQEKOFAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU8aOXaqXlZxb9G3lKmxOCei8bIUEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhhT1hhcVhsWnhiOUcz
bEtteE9DZWk4YklVRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACFeZzsUmSjZKbDATfalgrEYSLyydht3
QLSR3T5XHAuljWjh22bSW8uJOXS3vNVoWbNEmFFqKChHwL+gAHJzWVfrIUXMAYhp
JJzRuaAsBLsrwJ4IIcNb8VhBClPgEqWcNYhyfMV5nfTaL3f/lVGs4CmiDRfni2ps
lCqv6vm6qcFRYM66hcjbsSgV3FEx6OBRJV21XHflxAb0sJJErehJcq4Ql3U76nwo
c3CO9OKhEnGaGxrL3sT389pcrsdeyrQIB/NncP5tj6g5eYHWyTl9OOdozvzpdHFb
hBNrxHe/oRO5UjUypYIhbfGpHzG3fbigj4aGluD9EaaDM6U/LCHjXY0=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:11:34 2025 by rpki-client