Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/H4Ws-xJJlz7xW3brdRneChQxwTo.roa
File: H4Ws-xJJlz7xW3brdRneChQxwTo.roa (raw, json)
Hash identifier: CIHXuV+gkmPN4AUNFcafHm42RRE86Uz7U8PNRO4qY4M=
Subject key identifier: 1F:85:AC:FB:12:49:97:3E:F1:5B:76:EB:75:19:DE:0A:14:31:C1:3A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 54A7
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/H4Ws-xJJlz7xW3brdRneChQxwTo.roa
Signing time: Sat 11 May 2024 10:54:04 +0000
ROA not before: Sat 11 May 2024 10:54:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21671 (0x54a7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 10:54:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1F85ACFB1249973EF15B76EB7519DE0A1431C13A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:96:d6:4e:03:09:92:e3:9d:af:a4:b2:b1:e6:
ac:68:b3:76:2b:d8:2b:1f:2d:6a:96:82:ba:34:21:
0a:33:ad:22:ed:81:79:c0:ae:ef:8c:16:f9:69:c1:
f5:3f:5b:c0:5a:30:81:5d:88:3b:52:81:6b:7e:fb:
8a:e1:8f:e8:f6:66:41:21:3c:6a:71:1a:20:ce:f5:
5e:7d:78:bc:99:d1:7b:d4:44:63:f9:38:b9:11:3c:
e0:8c:12:19:68:3a:50:ab:06:95:ed:9a:dd:60:04:
6b:5d:cd:e5:6e:a2:2c:2c:7f:8a:fa:92:de:82:21:
ae:33:15:49:43:b8:18:71:e3:34:17:d0:99:df:70:
58:47:d2:6c:9b:9b:92:f3:ab:a3:29:42:19:96:c4:
d7:24:0a:3a:bb:9a:c0:ca:b8:8f:52:31:98:ec:1a:
a8:af:e2:f5:6d:33:fd:4d:5a:19:bc:41:5a:86:67:
d0:5b:97:5c:e7:21:78:a7:85:51:39:b4:35:c7:47:
2f:af:c6:bd:79:3e:db:ee:b9:8c:1a:94:dc:9f:fb:
76:2c:7b:87:25:87:4c:db:b1:46:39:3a:dc:b1:51:
5f:5f:11:7c:b2:1a:a4:9f:6d:af:21:2a:5f:ca:8d:
92:28:62:23:17:b1:73:b1:ea:ce:ca:f0:1a:13:6c:
ca:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:85:AC:FB:12:49:97:3E:F1:5B:76:EB:75:19:DE:0A:14:31:C1:3A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/H4Ws-xJJlz7xW3brdRneChQxwTo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a9:5d:f0:09:4f:a0:54:19:83:99:db:4a:47:22:2c:2e:4a:1d:
0c:40:d2:f3:b5:b7:12:b5:d2:87:db:fb:e7:27:8b:94:6b:3f:
95:be:9c:13:aa:00:e2:6b:d1:9c:47:42:d6:8d:a6:c2:fc:ee:
2a:c7:01:05:ae:71:3d:6d:da:68:8d:32:a3:83:e0:ae:24:2e:
24:16:95:e8:8d:30:8c:ad:6f:be:9c:6e:6e:e6:e8:53:3f:fa:
bf:41:25:30:4c:ee:94:34:ba:fe:2d:77:b3:94:45:a2:0b:70:
3c:8f:6a:af:69:e0:82:5a:b3:31:c4:e7:8e:7f:13:c0:cc:31:
66:78:99:1d:1b:9a:24:2a:d2:35:83:f2:22:59:a1:f0:df:8f:
f6:92:3b:47:9b:ad:85:1f:29:6a:78:ba:c6:cd:ff:62:ac:71:
84:c5:22:e6:bc:c3:e2:e3:0b:2e:f1:21:13:cd:ec:55:df:c2:
58:ba:04:db:fa:b9:ed:f3:b9:cc:62:9d:8f:c1:82:ab:a3:99:
f8:0b:77:62:76:73:d4:e5:fb:f7:99:af:d1:63:ef:93:96:4e:
e5:31:0f:8d:af:e3:2b:38:6e:c0:ee:27:7e:18:2a:34:89:1e:
59:4c:55:37:f1:7b:1f:2e:8a:ff:72:da:76:1e:0e:26:50:d4:
84:85:40:08
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICVKcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEx
MDU0MDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFGODVBQ0ZCMTI0OTk3
M0VGMTVCNzZFQjc1MTlERTBBMTQzMUMxM0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDpltZOAwmS452vpLKx5qxos3Yr2CsfLWqWgro0IQozrSLtgXnA
ru+MFvlpwfU/W8BaMIFdiDtSgWt++4rhj+j2ZkEhPGpxGiDO9V59eLyZ0XvURGP5
OLkRPOCMEhloOlCrBpXtmt1gBGtdzeVuoiwsf4r6kt6CIa4zFUlDuBhx4zQX0Jnf
cFhH0mybm5Lzq6MpQhmWxNckCjq7msDKuI9SMZjsGqiv4vVtM/1NWhm8QVqGZ9Bb
l1znIXinhVE5tDXHRy+vxr15PtvuuYwalNyf+3Yse4clh0zbsUY5OtyxUV9fEXyy
GqSfba8hKl/KjZIoYiMXsXOx6s7K8BoTbMqPAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUH4Ws+xJJlz7xW3brdRneChQxwTowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0g0V3MteEpKbHo3eFcz
YnJkUm5lQ2hReHdUby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKld8AlPoFQZg5nbSkciLC5KHQxA0vO1
txK10ofb++cni5RrP5W+nBOqAOJr0ZxHQtaNpsL87irHAQWucT1t2miNMqOD4K4k
LiQWleiNMIytb76cbm7m6FM/+r9BJTBM7pQ0uv4td7OURaILcDyPaq9p4IJaszHE
545/E8DMMWZ4mR0bmiQq0jWD8iJZofDfj/aSO0ebrYUfKWp4usbN/2KscYTFIua8
w+LjCy7xIRPN7FXfwli6BNv6ue3zucxinY/BgqujmfgLd2J2c9Tl+/eZr9Fj75OW
TuUxD42v4ys4bsDuJ34YKjSJHllMVTfxex8uiv9y2nYeDiZQ1ISFQAg=
-----END CERTIFICATE-----
Generated at Fri Jun 20 10:02:54 2025 by rpki-client