Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/LKJMiJu7k0uQQBuMhwp7OGMPAdA.roa
File: LKJMiJu7k0uQQBuMhwp7OGMPAdA.roa (raw, json)
Hash identifier: jtn6ZjUI2ycDbUr6EohM6M2CmYiGo49yu8+cUAKkroU=
Subject key identifier: 2C:A2:4C:88:9B:BB:93:4B:90:40:1B:8C:87:0A:7B:38:63:0F:01:D0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34DF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LKJMiJu7k0uQQBuMhwp7OGMPAdA.roa
Signing time: Sat 30 Mar 2024 01:52:12 +0000
ROA not before: Sat 30 Mar 2024 01:52:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13535 (0x34df)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 01:52:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2CA24C889BBB934B90401B8C870A7B38630F01D0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:11:7d:b0:87:28:91:1b:6d:26:35:50:9a:8c:
f3:02:85:a0:ec:7a:c4:de:24:f1:30:ec:c5:02:bc:
ed:5c:01:e7:97:b4:ed:87:74:71:15:f7:14:a4:00:
0e:02:9b:52:ec:af:20:47:72:ec:c8:90:46:22:28:
c5:bc:9b:ea:7c:ad:fb:a0:23:a5:e6:6d:00:a9:1c:
74:64:d2:e2:b3:f7:fd:4d:5c:ce:63:f4:de:36:9b:
94:0c:ad:0f:8b:d9:86:a5:fc:1a:0b:51:77:7b:20:
b0:25:a8:a2:e2:c3:b8:68:ed:aa:11:35:3a:42:5b:
e1:c2:af:ff:e3:e1:87:f4:19:a6:58:41:07:8a:bd:
13:96:30:c0:b5:7e:e6:95:91:6e:24:28:da:dc:a8:
aa:35:34:0e:b5:97:8d:a7:9f:3e:26:d4:5e:ea:5a:
65:f0:cb:f1:94:10:9c:56:98:5f:f3:93:b6:e2:e7:
38:e9:58:3e:9a:ae:60:3a:3b:3e:fc:d3:81:48:f4:
c8:8a:d5:61:7b:f6:b1:6c:f3:dc:21:fb:d8:36:48:
6c:de:d6:3e:9d:20:03:7b:0a:5d:46:7b:6f:ec:f5:
b3:c4:83:0f:fb:9e:b6:6a:65:ae:d6:5d:d6:08:00:
d3:4a:f1:f4:fd:a1:77:d7:05:df:9a:34:81:c1:0b:
d7:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:A2:4C:88:9B:BB:93:4B:90:40:1B:8C:87:0A:7B:38:63:0F:01:D0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LKJMiJu7k0uQQBuMhwp7OGMPAdA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3c:3f:2c:c9:7f:f4:ac:94:85:fb:29:d5:f1:b7:2b:31:16:52:
0d:13:3e:57:36:ef:e9:bb:71:27:58:67:92:29:5e:ce:5b:d7:
d9:26:f7:7d:0e:36:44:ef:e1:40:ef:5f:26:47:0c:01:bf:2f:
aa:e2:87:dd:98:cf:44:41:0a:63:b8:a5:5e:b7:89:47:37:b7:
2f:ee:e3:5a:3f:9f:d0:0d:e9:63:82:aa:2a:00:ed:07:6e:6e:
31:dd:4b:da:5f:81:db:c0:29:38:80:28:d1:c1:05:eb:14:54:
7c:8a:5b:fb:9f:b5:26:77:c7:ec:4f:c2:6a:34:6c:9e:cd:48:
db:8c:de:c2:f4:24:64:5a:87:c9:9c:0a:c1:9c:55:5c:0b:48:
cf:56:77:16:b0:0c:f5:2f:cb:e3:83:b2:15:39:2c:0e:09:6b:
88:a1:bd:8c:f6:3a:90:e1:1c:d1:ee:db:ec:e2:18:50:03:80:
03:88:27:5b:b6:24:83:92:d6:5c:15:7e:4b:a2:72:e8:9e:25:
19:fb:35:2c:23:93:78:9b:b5:2b:c3:4d:28:41:ba:46:2a:26:
24:99:e7:dd:fe:7b:9f:83:91:b6:32:04:9a:dc:47:25:19:2d:
90:87:b3:82:5d:ec:bc:51:aa:86:d1:65:f8:2a:16:cd:6e:35:
72:9a:ea:3a
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNN8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAw
MTUyMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDJDQTI0Qzg4OUJCQjkz
NEI5MDQwMUI4Qzg3MEE3QjM4NjMwRjAxRDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDpEX2whyiRG20mNVCajPMChaDsesTeJPEw7MUCvO1cAeeXtO2H
dHEV9xSkAA4Cm1LsryBHcuzIkEYiKMW8m+p8rfugI6XmbQCpHHRk0uKz9/1NXM5j
9N42m5QMrQ+L2Yal/BoLUXd7ILAlqKLiw7ho7aoRNTpCW+HCr//j4Yf0GaZYQQeK
vROWMMC1fuaVkW4kKNrcqKo1NA61l42nnz4m1F7qWmXwy/GUEJxWmF/zk7bi5zjp
WD6armA6Oz7804FI9MiK1WF79rFs89wh+9g2SGze1j6dIAN7Cl1Ge2/s9bPEgw/7
nrZqZa7WXdYIANNK8fT9oXfXBd+aNIHBC9dDAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQULKJMiJu7k0uQQBuMhwp7OGMPAdAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0xLSk1pSnU3azB1UVFC
dU1od3A3T0dNUEFkQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADw/LMl/9KyUhfsp1fG3KzEWUg0TPlc2
7+m7cSdYZ5IpXs5b19km930ONkTv4UDvXyZHDAG/L6rih92Yz0RBCmO4pV63iUc3
ty/u41o/n9AN6WOCqioA7QdubjHdS9pfgdvAKTiAKNHBBesUVHyKW/uftSZ3x+xP
wmo0bJ7NSNuM3sL0JGRah8mcCsGcVVwLSM9WdxawDPUvy+ODshU5LA4Ja4ihvYz2
OpDhHNHu2+ziGFADgAOIJ1u2JIOS1lwVfkuicuieJRn7NSwjk3ibtSvDTShBukYq
JiSZ593+e5+DkbYyBJrcRyUZLZCHs4Jd7LxRqobRZfgqFs1uNXKa6jo=
-----END CERTIFICATE-----
Generated at Fri Jun 20 08:12:23 2025 by rpki-client