Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/D-afCZ8Q07ZA_FazH6X7Al-Jfv0.roa
File: D-afCZ8Q07ZA_FazH6X7Al-Jfv0.roa (raw, json)
Hash identifier: WG5uv3gkljou8DSAc927Z6G4hXEfpJP51nMcXpbep7g=
Subject key identifier: 0F:E6:9F:09:9F:10:D3:B6:40:FC:56:B3:1F:A5:FB:02:5F:89:7E:FD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 50FF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/D-afCZ8Q07ZA_FazH6X7Al-Jfv0.roa
Signing time: Mon 06 May 2024 13:53:50 +0000
ROA not before: Mon 06 May 2024 13:53:50 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20735 (0x50ff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 6 13:53:50 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0FE69F099F10D3B640FC56B31FA5FB025F897EFD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:96:95:5c:44:8d:a9:28:51:84:1e:7a:bc:45:
83:5f:c3:eb:43:df:4d:18:61:14:ea:d5:f5:bf:1a:
47:bd:25:8e:15:ef:e8:af:5a:85:6a:d9:b9:43:c3:
94:63:0b:17:85:da:5c:dc:99:d2:5d:8c:1a:0b:a7:
d4:c2:b4:ab:f0:a4:06:ef:c7:f6:48:bc:fc:81:7d:
33:dc:13:01:2b:56:db:df:33:04:f7:38:4e:6e:56:
76:e3:21:df:fb:80:50:e3:ef:79:bf:44:3b:b8:bb:
0c:82:9a:00:e3:1c:c7:50:b1:6a:6b:f5:05:30:dc:
3c:33:78:bf:e8:00:62:64:f7:48:ef:6a:2e:fb:85:
61:9c:0b:71:0f:29:0a:a1:24:3c:11:c9:20:8f:c4:
4a:74:58:7d:f1:b4:1e:e1:71:24:44:c5:e5:9f:c5:
fc:ef:16:2b:8a:87:32:45:b5:a4:d6:39:a7:ba:60:
e9:3f:e9:e5:ac:31:b9:eb:b5:3c:74:25:43:08:b1:
fb:44:7a:70:70:79:d0:bf:97:87:93:ba:56:0f:28:
cb:3f:d3:d9:27:2a:1a:d1:f7:54:45:48:b8:08:58:
45:a0:cd:a9:d4:c0:67:01:a1:6f:60:45:c1:6f:3d:
0b:f1:fb:65:ee:2a:d7:00:c5:3f:2e:e7:61:05:70:
5a:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:E6:9F:09:9F:10:D3:B6:40:FC:56:B3:1F:A5:FB:02:5F:89:7E:FD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/D-afCZ8Q07ZA_FazH6X7Al-Jfv0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
6b:06:ea:b4:52:28:ce:af:37:33:a5:fa:f5:1d:59:cb:23:91:
7d:fc:33:83:f7:8c:7c:66:6f:9f:a5:9e:7c:9e:3c:19:ce:27:
4f:60:3e:ed:9c:f7:ce:2a:12:d8:e7:f4:48:c5:84:38:83:13:
cb:1d:76:93:b1:e0:e8:8a:33:19:d5:90:0e:fd:d9:77:fd:cf:
ba:af:2f:78:8d:6b:68:37:f1:b8:b9:d4:80:4c:30:f0:c3:2f:
62:c0:e8:9d:96:b3:cc:10:a3:02:5b:20:44:41:c5:1e:a2:69:
5e:88:0d:6f:3b:85:5f:f8:bb:c1:ce:4d:7d:f0:69:5b:66:a8:
b9:bc:15:eb:85:ce:64:f8:13:9a:c4:c2:6d:71:ea:d1:3c:aa:
4c:dd:1b:fc:80:b4:a6:53:8f:d7:6c:dd:bf:5f:24:07:58:d3:
0d:42:6c:67:9a:a8:70:ea:3b:ee:e5:9b:a4:35:e6:d8:34:5d:
92:a9:f5:3e:c8:96:e7:35:ab:ce:44:ed:c1:04:c8:8a:55:2c:
1e:b7:9c:6d:53:d8:ae:d1:cc:e4:6c:52:08:fa:9f:1e:74:59:
e5:24:39:e3:83:4a:5d:1b:7c:db:dd:66:1c:b5:12:64:a4:ed:
a9:7d:b1:95:63:c0:18:14:b3:d0:cd:63:60:3a:ff:bd:ce:ce:
29:f1:d9:6f
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICUP8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDYx
MzUzNTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBGRTY5RjA5OUYxMEQz
QjY0MEZDNTZCMzFGQTVGQjAyNUY4OTdFRkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD1lpVcRI2pKFGEHnq8RYNfw+tD300YYRTq1fW/Gke9JY4V7+iv
WoVq2blDw5RjCxeF2lzcmdJdjBoLp9TCtKvwpAbvx/ZIvPyBfTPcEwErVtvfMwT3
OE5uVnbjId/7gFDj73m/RDu4uwyCmgDjHMdQsWpr9QUw3DwzeL/oAGJk90jvai77
hWGcC3EPKQqhJDwRySCPxEp0WH3xtB7hcSRExeWfxfzvFiuKhzJFtaTWOae6YOk/
6eWsMbnrtTx0JUMIsftEenBwedC/l4eTulYPKMs/09knKhrR91RFSLgIWEWgzanU
wGcBoW9gRcFvPQvx+2XuKtcAxT8u52EFcFqVAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUD+afCZ8Q07ZA/FazH6X7Al+Jfv0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0QtYWZDWjhRMDdaQV9G
YXpINlg3QWwtSmZ2MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAGsG6rRSKM6vNzOl+vUdWcsjkX38M4P3
jHxmb5+lnnyePBnOJ09gPu2c984qEtjn9EjFhDiDE8sddpOx4OiKMxnVkA792Xf9
z7qvL3iNa2g38bi51IBMMPDDL2LA6J2Ws8wQowJbIERBxR6iaV6IDW87hV/4u8HO
TX3waVtmqLm8FeuFzmT4E5rEwm1x6tE8qkzdG/yAtKZTj9ds3b9fJAdY0w1CbGea
qHDqO+7lm6Q15tg0XZKp9T7Iluc1q85E7cEEyIpVLB63nG1T2K7RzORsUgj6nx50
WeUkOeODSl0bfNvdZhy1EmSk7al9sZVjwBgUs9DNY2A6/73Ozinx2W8=
-----END CERTIFICATE-----
Generated at Fri Jun 20 10:16:45 2025 by rpki-client