Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GEp5BSEpeyeI8WgdPa8BVxtAwbw.roa
File: GEp5BSEpeyeI8WgdPa8BVxtAwbw.roa (raw, json)
Hash identifier: Wx50CvNSZ94SsWqtDJL3OzP7loqgBM9L8YTcpd6XEVM=
Subject key identifier: 18:4A:79:05:21:29:7B:27:88:F1:68:1D:3D:AF:01:57:1B:40:C1:BC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B97
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GEp5BSEpeyeI8WgdPa8BVxtAwbw.roa
Signing time: Mon 08 Apr 2024 00:52:34 +0000
ROA not before: Mon 08 Apr 2024 00:52:34 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15255 (0x3b97)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 8 00:52:34 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=184A790521297B2788F1681D3DAF01571B40C1BC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:be:9e:61:07:65:de:f1:c7:fb:21:54:3d:3e:
6f:00:66:99:83:a8:a1:c8:f3:ef:28:82:e8:c7:ac:
6e:4b:b7:6a:bf:45:de:51:3f:02:a1:f3:62:82:1c:
17:bc:53:a4:ce:0f:77:23:de:cd:e3:4f:df:81:38:
2c:d2:11:79:73:38:a3:e0:ff:2d:56:4a:b3:57:2b:
7c:35:aa:98:33:8a:2e:3b:b3:f8:2c:f5:54:02:24:
62:95:93:85:91:60:89:c4:6e:ad:be:71:a9:59:f4:
60:3c:63:8b:46:bb:fa:bf:ab:ce:0c:6c:b1:24:79:
d0:8e:fe:8e:03:36:2f:7d:02:51:1f:c2:67:6b:e7:
53:3e:87:e2:d6:a4:60:4f:fc:44:02:45:da:2f:78:
ec:f3:fb:91:1a:39:ff:b0:18:79:6a:c2:30:bc:94:
9c:e5:2f:b6:77:92:03:63:d6:0f:a7:6c:9d:e1:9b:
99:ec:7e:24:e8:19:28:3a:ea:87:f6:88:90:6a:31:
75:0b:0c:91:14:0e:b9:78:a9:01:ac:3d:68:f6:51:
c4:e7:60:70:eb:4a:d0:fc:5e:27:d1:a5:fc:7a:89:
89:89:47:79:85:a1:38:81:04:d1:56:b3:23:fa:dd:
15:82:85:9f:6c:9e:b3:cf:72:b0:8b:01:70:fb:14:
8a:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:4A:79:05:21:29:7B:27:88:F1:68:1D:3D:AF:01:57:1B:40:C1:BC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GEp5BSEpeyeI8WgdPa8BVxtAwbw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a1:91:ad:11:70:c3:de:7f:66:3e:a8:10:14:eb:01:8a:2d:d1:
bd:bc:8f:b6:da:b5:43:09:5a:71:83:58:51:fa:a9:98:b0:55:
d8:2a:24:56:6e:05:3a:3f:db:f5:f6:f7:64:90:ca:b4:b1:dd:
16:06:11:d9:34:31:9f:80:ac:55:15:f0:98:65:34:9b:9d:ca:
aa:ce:cd:6d:b8:88:cd:9e:a3:5f:6b:61:2f:60:d9:d0:20:11:
7b:d2:09:fe:76:d6:20:6f:6f:b6:8c:92:25:eb:3e:a6:23:7b:
73:8e:87:30:3f:a8:d0:55:b7:fb:54:0a:32:73:ce:41:a6:98:
cd:1c:10:f2:c4:61:bd:01:05:96:95:7a:84:26:9f:53:d7:b2:
b7:c3:83:e6:0d:8c:6b:98:e2:96:46:70:cb:e5:80:0f:e5:3f:
06:5d:b9:2f:4b:18:e6:29:c4:ae:fe:e4:0b:dd:27:93:75:4b:
78:b2:af:89:ad:95:5d:5b:99:e5:7d:23:f4:ed:e3:43:2a:40:
21:4d:a6:51:91:03:79:9a:f5:21:f8:47:69:40:ad:e6:ed:15:
1c:bf:4b:e0:90:b3:2e:dc:d3:58:e0:e7:a5:57:5f:60:0e:c9:
ec:11:c7:d9:c2:6d:5f:a9:6b:c3:bd:da:79:7f:47:28:e6:6a:
88:09:60:25
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICO5cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDgw
MDUyMzRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE4NEE3OTA1MjEyOTdC
Mjc4OEYxNjgxRDNEQUYwMTU3MUI0MEMxQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYvp5hB2Xe8cf7IVQ9Pm8AZpmDqKHI8+8ogujHrG5Lt2q/Rd5R
PwKh82KCHBe8U6TOD3cj3s3jT9+BOCzSEXlzOKPg/y1WSrNXK3w1qpgzii47s/gs
9VQCJGKVk4WRYInEbq2+calZ9GA8Y4tGu/q/q84MbLEkedCO/o4DNi99AlEfwmdr
51M+h+LWpGBP/EQCRdoveOzz+5EaOf+wGHlqwjC8lJzlL7Z3kgNj1g+nbJ3hm5ns
fiToGSg66of2iJBqMXULDJEUDrl4qQGsPWj2UcTnYHDrStD8XifRpfx6iYmJR3mF
oTiBBNFWsyP63RWChZ9snrPPcrCLAXD7FIq5AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUGEp5BSEpeyeI8WgdPa8BVxtAwbwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dFcDVCU0VwZXllSThX
Z2RQYThCVnh0QXdidy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKGRrRFww95/Zj6oEBTrAYot0b28j7ba
tUMJWnGDWFH6qZiwVdgqJFZuBTo/2/X292SQyrSx3RYGEdk0MZ+ArFUV8JhlNJud
yqrOzW24iM2eo19rYS9g2dAgEXvSCf521iBvb7aMkiXrPqYje3OOhzA/qNBVt/tU
CjJzzkGmmM0cEPLEYb0BBZaVeoQmn1PXsrfDg+YNjGuY4pZGcMvlgA/lPwZduS9L
GOYpxK7+5AvdJ5N1S3iyr4mtlV1bmeV9I/Tt40MqQCFNplGRA3ma9SH4R2lArebt
FRy/S+CQsy7c01jg56VXX2AOyewRx9nCbV+pa8O92nl/RyjmaogJYCU=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:56:05 2025 by rpki-client