Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/G1DJ563-0GkrnR9-Uyq8lMhdlFk.roa
File: G1DJ563-0GkrnR9-Uyq8lMhdlFk.roa (raw, json)
Hash identifier: At79xAsUUJnANZu2nJWINd63YPiNCmZivG3kz1Y5bNc=
Subject key identifier: 1B:50:C9:E7:AD:FE:D0:69:2B:9D:1F:7E:53:2A:BC:94:C8:5D:94:59
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34C3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G1DJ563-0GkrnR9-Uyq8lMhdlFk.roa
Signing time: Fri 29 Mar 2024 22:22:16 +0000
ROA not before: Fri 29 Mar 2024 22:22:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13507 (0x34c3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 22:22:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1B50C9E7ADFED0692B9D1F7E532ABC94C85D9459
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:f2:a5:71:04:b8:66:f9:b4:82:f9:de:b1:cf:
08:80:ce:d2:7e:bf:55:9a:22:a4:7e:94:c1:2b:1e:
91:10:2c:83:05:6d:47:43:61:82:5e:25:7e:c9:d9:
9c:f1:61:ca:2b:54:d0:84:f0:42:95:cc:ef:5f:32:
44:fb:c3:e7:00:05:e4:c2:63:12:62:82:06:2c:fa:
87:3e:66:e4:66:2e:33:29:de:c3:83:36:be:7a:00:
ae:b5:2d:cc:82:36:30:d1:75:53:56:27:c2:dd:c0:
e9:ba:a1:ab:27:ef:f6:a4:73:52:45:bb:8d:a5:74:
eb:04:f2:0c:a3:3a:ee:85:7a:8d:c5:17:b2:7c:3e:
b6:1e:09:e8:6a:47:e1:dc:cc:a5:e3:e8:25:3a:f7:
76:b1:70:2d:ba:bf:ba:08:e5:b5:13:48:8d:0c:9c:
0f:f9:39:61:83:eb:68:ae:f1:54:fd:53:66:08:36:
f1:9d:c5:ef:35:0e:25:f4:b8:1a:20:36:94:4c:a2:
f5:2d:43:0a:d5:d4:80:1c:e8:f8:4f:01:77:4e:59:
3f:4d:0e:60:af:47:6a:97:d3:02:34:0d:8c:8d:eb:
90:5a:bd:1a:92:4a:45:54:7d:8a:5e:ed:bc:23:87:
14:6b:ab:de:3a:72:99:81:58:37:64:8d:96:33:6d:
09:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:50:C9:E7:AD:FE:D0:69:2B:9D:1F:7E:53:2A:BC:94:C8:5D:94:59
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G1DJ563-0GkrnR9-Uyq8lMhdlFk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
50:18:58:db:6d:45:4b:e1:69:be:84:1f:0b:5b:24:b8:bc:ba:
8e:21:66:ef:b7:27:1c:d5:da:a1:01:1b:b9:3a:d5:8f:16:a3:
2c:24:e4:3b:de:39:68:b6:b1:4f:73:97:93:0b:4f:ea:59:2b:
08:d8:45:bd:40:15:c9:8e:87:5e:1e:53:5f:78:c5:e7:d6:1e:
fc:ad:f0:5a:49:9b:ca:8b:b2:f2:03:d8:66:4d:99:2e:d5:07:
70:2b:20:18:21:3e:55:00:90:c7:74:81:bf:cd:34:ae:97:86:
54:2d:b4:60:34:c4:a1:cd:a7:e3:56:4c:37:88:2d:f1:4d:45:
63:9f:83:80:8d:a9:22:d7:e6:42:ce:33:1b:9c:a4:61:aa:18:
7b:f5:02:27:ae:8a:05:90:eb:72:e8:9f:df:ac:58:0f:75:33:
0e:40:ef:1e:4c:c8:d8:a3:8d:c9:28:bc:a2:c3:40:78:99:23:
29:05:7c:3d:5a:89:49:4d:88:20:23:8c:02:24:e5:2e:ae:0c:
c9:de:9b:7a:7d:18:6a:11:74:32:d2:56:c2:64:06:4d:9e:1f:
26:e3:c6:e7:15:07:f0:81:55:c9:ad:f8:4d:92:bf:f9:ee:1c:
5c:1f:74:9e:9a:eb:3c:a1:f9:54:73:ee:59:b4:9f:86:4f:35:
d4:0d:f4:4b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNMMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjky
MjIyMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFCNTBDOUU3QURGRUQw
NjkyQjlEMUY3RTUzMkFCQzk0Qzg1RDk0NTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQ8qVxBLhm+bSC+d6xzwiAztJ+v1WaIqR+lMErHpEQLIMFbUdD
YYJeJX7J2ZzxYcorVNCE8EKVzO9fMkT7w+cABeTCYxJiggYs+oc+ZuRmLjMp3sOD
Nr56AK61LcyCNjDRdVNWJ8LdwOm6oasn7/akc1JFu42ldOsE8gyjOu6Feo3FF7J8
PrYeCehqR+HczKXj6CU693axcC26v7oI5bUTSI0MnA/5OWGD62iu8VT9U2YINvGd
xe81DiX0uBogNpRMovUtQwrV1IAc6PhPAXdOWT9NDmCvR2qX0wI0DYyN65BavRqS
SkVUfYpe7bwjhxRrq946cpmBWDdkjZYzbQkHAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUG1DJ563+0GkrnR9+Uyq8lMhdlFkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0cxREo1NjMtMEdrcm5S
OS1VeXE4bE1oZGxGay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAFAYWNttRUvhab6EHwtbJLi8uo4hZu+3
JxzV2qEBG7k61Y8Woywk5DveOWi2sU9zl5MLT+pZKwjYRb1AFcmOh14eU194xefW
Hvyt8FpJm8qLsvID2GZNmS7VB3ArIBghPlUAkMd0gb/NNK6XhlQttGA0xKHNp+NW
TDeILfFNRWOfg4CNqSLX5kLOMxucpGGqGHv1AieuigWQ63Lon9+sWA91Mw5A7x5M
yNijjckovKLDQHiZIykFfD1aiUlNiCAjjAIk5S6uDMnem3p9GGoRdDLSVsJkBk2e
HybjxucVB/CBVcmt+E2Sv/nuHFwfdJ6a6zyh+VRz7lm0n4ZPNdQN9Es=
-----END CERTIFICATE-----
Generated at Sat Jun 21 14:26:20 2025 by rpki-client