Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MGIrgJhfbb6HIZFjjflucOEBWqA.roa
File: MGIrgJhfbb6HIZFjjflucOEBWqA.roa (raw, json)
Hash identifier: ShpjSJi3imaXhyGi/qUmTQS1E0/SDA3ZHScdC+BGP6o=
Subject key identifier: 30:62:2B:80:98:5F:6D:BE:87:21:91:63:8D:F9:6E:70:E1:01:5A:A0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3AEB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MGIrgJhfbb6HIZFjjflucOEBWqA.roa
Signing time: Sun 07 Apr 2024 03:22:31 +0000
ROA not before: Sun 07 Apr 2024 03:22:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15083 (0x3aeb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 03:22:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=30622B80985F6DBE872191638DF96E70E1015AA0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:2c:62:76:19:29:59:d6:c3:f2:48:3f:a5:61:
d9:04:04:0d:44:2d:11:b6:a8:e1:2c:f3:77:cc:6b:
88:c1:2e:bf:ed:3c:95:b3:a5:68:bc:ac:f0:f3:67:
7c:b1:4f:4b:63:e0:38:d8:dc:ad:8f:b8:34:8b:88:
b5:6e:23:0d:8b:95:63:4e:11:7f:c3:c6:8a:bf:b9:
92:3a:95:f8:fc:60:78:ec:f2:53:b2:82:a2:28:18:
3a:76:e8:ed:30:9b:9f:61:1e:58:07:65:69:dc:71:
94:d6:40:ba:18:76:6d:26:f3:ff:95:84:a7:6c:32:
db:49:ca:f5:5d:1b:8a:b3:d6:78:81:01:71:eb:93:
76:02:5f:0e:2e:81:71:a4:4f:ec:5b:f9:e0:d3:99:
04:32:64:df:d2:b5:3d:39:0e:f3:21:3e:cb:8e:53:
47:00:43:dc:ce:98:b1:a5:6f:dc:77:81:99:d8:9b:
66:d7:cb:15:61:23:34:fe:bc:1a:cd:ac:6c:31:d0:
37:10:de:31:ff:da:28:e2:69:50:b3:af:ea:d0:52:
74:42:28:91:15:79:8d:f3:5f:79:d9:77:e7:9b:c7:
6e:96:8a:3c:a2:81:e7:84:d7:f0:af:f2:0d:b9:97:
dc:a6:ad:7a:80:17:a3:b0:f1:f5:40:30:70:84:67:
27:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:62:2B:80:98:5F:6D:BE:87:21:91:63:8D:F9:6E:70:E1:01:5A:A0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MGIrgJhfbb6HIZFjjflucOEBWqA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
a5:7f:c1:e8:63:84:55:cd:ed:e0:7c:57:33:f5:d5:c6:c2:4d:
a8:74:f9:8e:64:65:ff:28:90:9c:83:ad:68:6c:b0:8e:df:e6:
a0:84:8c:6f:3e:79:ec:59:77:6a:5e:ec:2b:dd:4a:85:9f:88:
83:67:42:b0:c1:89:af:57:d7:90:51:c4:88:df:68:fa:36:17:
0b:e5:8e:98:d2:90:1e:9d:f9:df:90:c7:1e:1e:d5:45:1c:92:
37:69:52:d0:07:a4:fe:30:4a:50:de:c2:44:80:19:df:c2:c0:
6a:9f:04:50:03:8b:da:72:50:a8:de:d2:96:0c:d7:37:47:27:
67:9a:51:92:24:d6:87:26:dd:ac:a8:d7:08:64:28:0a:e2:48:
ab:13:b9:1b:4c:36:00:c5:47:e5:4d:24:69:f1:cb:f5:9c:7d:
28:c1:33:c6:11:e1:27:1a:a0:12:df:40:dd:6d:47:ec:d1:f9:
c4:e5:7b:b4:e5:2a:60:7c:88:c8:80:12:1c:ed:25:e8:b2:c6:
83:8a:7f:68:fc:cf:84:ae:19:12:61:33:95:3f:a0:37:a7:81:
ac:80:aa:f5:c6:47:4e:40:e9:30:d2:d1:c6:0f:5b:f3:93:59:
9c:b0:28:c8:2a:76:2a:6b:a2:cb:37:9e:90:f8:33:b9:3e:63:
c9:9d:62:1f
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICOuswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcw
MzIyMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDMwNjIyQjgwOTg1RjZE
QkU4NzIxOTE2MzhERjk2RTcwRTEwMTVBQTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnLGJ2GSlZ1sPySD+lYdkEBA1ELRG2qOEs83fMa4jBLr/tPJWz
pWi8rPDzZ3yxT0tj4DjY3K2PuDSLiLVuIw2LlWNOEX/Dxoq/uZI6lfj8YHjs8lOy
gqIoGDp26O0wm59hHlgHZWnccZTWQLoYdm0m8/+VhKdsMttJyvVdG4qz1niBAXHr
k3YCXw4ugXGkT+xb+eDTmQQyZN/StT05DvMhPsuOU0cAQ9zOmLGlb9x3gZnYm2bX
yxVhIzT+vBrNrGwx0DcQ3jH/2ijiaVCzr+rQUnRCKJEVeY3zX3nZd+ebx26Wijyi
geeE1/Cv8g25l9ymrXqAF6Ow8fVAMHCEZycPAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUMGIrgJhfbb6HIZFjjflucOEBWqAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01HSXJnSmhmYmI2SEla
RmpqZmx1Y09FQldxQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAKV/wehjhFXN7eB8VzP11cbCTah0+Y5k
Zf8okJyDrWhssI7f5qCEjG8+eexZd2pe7CvdSoWfiINnQrDBia9X15BRxIjfaPo2
FwvljpjSkB6d+d+Qxx4e1UUckjdpUtAHpP4wSlDewkSAGd/CwGqfBFADi9pyUKje
0pYM1zdHJ2eaUZIk1ocm3ayo1whkKAriSKsTuRtMNgDFR+VNJGnxy/WcfSjBM8YR
4ScaoBLfQN1tR+zR+cTle7TlKmB8iMiAEhztJeiyxoOKf2j8z4SuGRJhM5U/oDen
gayAqvXGR05A6TDS0cYPW/OTWZywKMgqdipross3npD4M7k+Y8mdYh8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:29:05 2025 by rpki-client