Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Dqjr5YoAI7lZvyTurEaXpxH2MUI.roa
File: Dqjr5YoAI7lZvyTurEaXpxH2MUI.roa (raw, json)
Hash identifier: RuQtMqiberSQ5GXsNZ7LVeSP/Y8LsgEF/Bv9QzTbpm4=
Subject key identifier: 0E:A8:EB:E5:8A:00:23:B9:59:BF:24:EE:AC:46:97:A7:11:F6:31:42
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 56A3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Dqjr5YoAI7lZvyTurEaXpxH2MUI.roa
Signing time: Tue 14 May 2024 02:28:03 +0000
ROA not before: Tue 14 May 2024 02:28:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22179 (0x56a3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 02:28:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0EA8EBE58A0023B959BF24EEAC4697A711F63142
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:82:ca:e2:91:15:68:c5:b4:16:c4:c0:2b:8f:
de:12:1d:03:01:23:20:97:c5:a1:46:3e:7b:3f:66:
4e:a1:fe:6f:79:f5:7f:35:15:f8:87:f2:d9:70:e8:
9a:1d:46:4c:8a:6f:f7:30:a2:37:ab:7b:85:e8:d4:
56:c4:76:e5:8d:75:1b:a3:a5:5c:72:41:f9:d8:c2:
82:d9:d1:d1:9a:20:1d:bc:53:19:d4:a5:03:fe:84:
18:06:f6:a7:22:6b:39:c0:05:13:ed:9d:b0:1e:59:
5d:9b:fa:46:b0:4c:91:b6:f9:41:08:34:76:44:b3:
77:15:de:26:bf:9b:e7:ea:71:5c:4e:13:db:75:54:
2a:a2:0e:97:11:6a:d2:f5:ea:59:a4:c6:d7:e0:1d:
bf:d6:ce:3d:d3:89:80:91:90:04:05:0e:88:54:04:
97:57:a0:04:20:75:55:af:69:c5:4d:93:5b:e9:66:
74:12:7d:ee:c9:81:ca:96:73:00:fb:a2:c1:83:44:
ce:e9:19:d6:47:a2:b1:00:2e:fb:f0:29:86:0c:1d:
06:b1:67:6f:3f:53:46:20:41:6c:e4:1a:7f:66:bd:
19:67:47:14:9b:0a:c3:ac:05:d7:21:15:b8:b8:78:
53:78:65:96:46:66:11:e7:29:7e:cb:1a:3f:07:1a:
01:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:A8:EB:E5:8A:00:23:B9:59:BF:24:EE:AC:46:97:A7:11:F6:31:42
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Dqjr5YoAI7lZvyTurEaXpxH2MUI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
0b:ea:00:e5:65:af:38:fe:2a:5c:a4:69:50:5d:f5:5b:d2:7c:
8c:4d:37:c1:d1:ae:47:5a:92:25:9a:3e:92:17:f9:b1:ff:ff:
1a:f0:c5:ac:e4:a2:f5:a1:cf:22:9d:51:b7:b5:63:43:bc:07:
2d:ae:3b:b7:bd:ec:e7:f2:23:59:95:b3:20:2b:b4:c5:98:00:
98:bb:57:90:b4:53:70:6a:6f:c9:47:80:f2:78:72:61:81:1d:
61:a4:e5:e4:f3:47:e6:cf:39:4c:5f:0b:41:d1:d7:52:a7:f5:
89:cb:e3:23:25:50:fe:6b:9e:bf:90:c2:bb:d2:4a:c5:eb:b4:
84:f0:91:e8:50:36:91:0b:58:37:da:ef:98:7a:01:34:ba:62:
c9:5c:be:01:5e:80:6d:6e:4d:12:f2:3f:bd:26:48:d0:22:bd:
d4:98:3e:fb:48:67:88:d9:65:7c:77:ac:17:0f:f4:f2:40:b9:
ef:c9:51:13:8a:58:3c:ec:cf:aa:40:31:4c:3d:4e:60:da:8f:
50:f4:18:3c:95:5d:61:a2:f1:2a:e4:e0:97:dd:b0:83:82:ef:
7c:53:b7:76:ef:24:f0:79:24:64:6a:66:8d:44:1a:f3:a7:8c:
10:4f:fb:4b:fd:0e:c4:fd:cd:c2:29:41:98:8d:52:34:0a:0a:
bf:8e:fa:5a
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVqMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQw
MjI4MDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBFQThFQkU1OEEwMDIz
Qjk1OUJGMjRFRUFDNDY5N0E3MTFGNjMxNDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBgsrikRVoxbQWxMArj94SHQMBIyCXxaFGPns/Zk6h/m959X81
FfiH8tlw6JodRkyKb/cwojere4Xo1FbEduWNdRujpVxyQfnYwoLZ0dGaIB28UxnU
pQP+hBgG9qciaznABRPtnbAeWV2b+kawTJG2+UEINHZEs3cV3ia/m+fqcVxOE9t1
VCqiDpcRatL16lmkxtfgHb/Wzj3TiYCRkAQFDohUBJdXoAQgdVWvacVNk1vpZnQS
fe7JgcqWcwD7osGDRM7pGdZHorEALvvwKYYMHQaxZ28/U0YgQWzkGn9mvRlnRxSb
CsOsBdchFbi4eFN4ZZZGZhHnKX7LGj8HGgElAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUDqjr5YoAI7lZvyTurEaXpxH2MUIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RxanI1WW9BSTdsWnZ5
VHVyRWFYcHhIMk1VSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAAvqAOVlrzj+KlykaVBd9VvSfIxNN8HR
rkdakiWaPpIX+bH//xrwxazkovWhzyKdUbe1Y0O8By2uO7e97OfyI1mVsyArtMWY
AJi7V5C0U3Bqb8lHgPJ4cmGBHWGk5eTzR+bPOUxfC0HR11Kn9YnL4yMlUP5rnr+Q
wrvSSsXrtITwkehQNpELWDfa75h6ATS6YslcvgFegG1uTRLyP70mSNAivdSYPvtI
Z4jZZXx3rBcP9PJAue/JUROKWDzsz6pAMUw9TmDaj1D0GDyVXWGi8Srk4JfdsIOC
73xTt3bvJPB5JGRqZo1EGvOnjBBP+0v9DsT9zcIpQZiNUjQKCr+O+lo=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:40:53 2025 by rpki-client