Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DblRVgEJp_Opqt2opVTPNf6BY9k.roa
File: DblRVgEJp_Opqt2opVTPNf6BY9k.roa (raw, json)
Hash identifier: G+3c7UsFD0oR2ZX93CVEQcE39/GdQDkpMbimG1AofY8=
Subject key identifier: 0D:B9:51:56:01:09:A7:F3:A9:AA:DD:A8:A5:54:CF:35:FE:81:63:D9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3587
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DblRVgEJp_Opqt2opVTPNf6BY9k.roa
Signing time: Sat 30 Mar 2024 22:52:16 +0000
ROA not before: Sat 30 Mar 2024 22:52:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13703 (0x3587)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 22:52:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0DB951560109A7F3A9AADDA8A554CF35FE8163D9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:83:37:fe:3c:d6:2a:cc:82:58:75:78:8c:f0:
32:81:f8:86:56:59:52:32:60:a0:20:7d:32:2f:46:
4c:f6:8f:03:f2:4b:6c:37:e1:11:c7:ac:6e:e6:d4:
16:98:8e:19:4e:8f:08:6b:c8:dd:c4:29:8c:06:57:
f3:e3:a5:cc:70:33:c0:71:48:8a:39:a2:8c:87:b4:
e8:7c:88:52:29:cc:80:fa:82:03:da:3b:3d:77:c0:
04:54:68:e6:43:e0:9a:de:c2:5c:10:d6:03:fc:30:
f6:45:ca:e9:a6:5d:e6:dd:36:2e:09:34:05:c6:1a:
88:fc:66:0b:cd:8d:b7:d0:73:4e:af:51:fd:41:4a:
0f:16:3a:f6:a7:bd:80:5c:88:19:da:81:46:07:04:
aa:43:59:f0:16:a2:73:bc:35:25:c2:4e:64:05:59:
15:e6:43:7d:be:d0:f3:fe:75:a7:99:8e:dd:84:91:
3a:ae:13:a2:f8:8b:89:97:64:83:ff:ff:bc:96:3c:
d7:90:b2:42:bb:79:da:4c:90:2a:e7:c6:26:50:24:
0e:73:86:42:e3:ea:8e:fb:b3:18:31:3d:59:99:44:
08:5c:3a:2e:f5:ea:38:f9:d8:f0:85:e5:26:c2:ba:
6f:2b:22:fa:39:a6:7b:a7:9f:ff:ec:1b:51:88:fb:
ae:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:B9:51:56:01:09:A7:F3:A9:AA:DD:A8:A5:54:CF:35:FE:81:63:D9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DblRVgEJp_Opqt2opVTPNf6BY9k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
7c:f8:5e:21:09:81:de:4c:fa:fa:03:11:56:a5:74:6c:07:fd:
3c:4e:03:72:78:de:85:eb:48:ce:52:64:5b:0f:fe:fc:02:d1:
15:38:e2:ec:00:39:b0:82:02:b5:0f:39:99:b0:e9:03:21:2d:
01:15:4b:fe:55:2f:52:67:69:f7:ae:4b:0c:b1:17:6c:8b:bf:
6d:6e:05:ed:20:00:47:46:08:63:34:88:39:4e:b4:88:66:b0:
5a:c2:bc:a3:c1:7e:3c:d2:61:c1:75:65:31:fc:41:79:0c:a2:
be:d8:2a:82:1c:d8:c7:9e:a2:b3:14:8a:97:bc:24:45:e7:04:
e6:d5:e9:28:1c:e9:4b:6f:64:5d:6b:af:88:78:9b:fa:98:8f:
34:af:85:a0:5a:7d:50:3b:7e:2f:69:47:8f:49:3e:c0:f6:6d:
d8:4a:08:01:6d:55:fa:03:67:8c:f2:df:9a:31:ed:26:72:0b:
0f:d0:87:7d:20:81:c1:1c:be:3e:86:dd:1a:80:1d:66:e5:6d:
41:64:db:84:d0:5f:f9:dc:3a:e1:c6:f9:00:32:27:a0:1f:2d:
aa:03:e2:db:9e:3b:73:fc:4f:53:f5:76:2e:85:3a:53:af:ee:
0c:7c:3c:f4:2a:bc:9f:91:ae:f3:b6:79:09:08:b5:66:13:b7:
9d:0e:76:ae
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNYcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAy
MjUyMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBEQjk1MTU2MDEwOUE3
RjNBOUFBRERBOEE1NTRDRjM1RkU4MTYzRDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDsgzf+PNYqzIJYdXiM8DKB+IZWWVIyYKAgfTIvRkz2jwPyS2w3
4RHHrG7m1BaYjhlOjwhryN3EKYwGV/PjpcxwM8BxSIo5ooyHtOh8iFIpzID6ggPa
Oz13wARUaOZD4JrewlwQ1gP8MPZFyummXebdNi4JNAXGGoj8ZgvNjbfQc06vUf1B
Sg8WOvanvYBciBnagUYHBKpDWfAWonO8NSXCTmQFWRXmQ32+0PP+daeZjt2EkTqu
E6L4i4mXZIP//7yWPNeQskK7edpMkCrnxiZQJA5zhkLj6o77sxgxPVmZRAhcOi71
6jj52PCF5SbCum8rIvo5pnunn//sG1GI+64rAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUDblRVgEJp/Opqt2opVTPNf6BY9kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RibFJWZ0VKcF9PcHF0
Mm9wVlRQTmY2Qlk5ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAHz4XiEJgd5M+voDEValdGwH/TxOA3J4
3oXrSM5SZFsP/vwC0RU44uwAObCCArUPOZmw6QMhLQEVS/5VL1JnafeuSwyxF2yL
v21uBe0gAEdGCGM0iDlOtIhmsFrCvKPBfjzSYcF1ZTH8QXkMor7YKoIc2MeeorMU
ipe8JEXnBObV6Sgc6UtvZF1rr4h4m/qYjzSvhaBafVA7fi9pR49JPsD2bdhKCAFt
VfoDZ4zy35ox7SZyCw/Qh30ggcEcvj6G3RqAHWblbUFk24TQX/ncOuHG+QAyJ6Af
LaoD4tueO3P8T1P1di6FOlOv7gx8PPQqvJ+RrvO2eQkItWYTt50Odq4=
-----END CERTIFICATE-----
Generated at Fri Jun 20 18:06:41 2025 by rpki-client