Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OUPqOPd5Rju3izQ-CjZPSFWGf_g.roa
File: OUPqOPd5Rju3izQ-CjZPSFWGf_g.roa (raw, json)
Hash identifier: 3tC3CKK3r7yjXxT1uhgVfmQlqEn7l8UW4ESZoyd+5Vg=
Subject key identifier: 39:43:EA:38:F7:79:46:3B:B7:8B:34:3E:0A:36:4F:48:55:86:7F:F8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 44AB
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OUPqOPd5Rju3izQ-CjZPSFWGf_g.roa
Signing time: Sat 20 Apr 2024 03:23:05 +0000
ROA not before: Sat 20 Apr 2024 03:23:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17579 (0x44ab)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 03:23:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3943EA38F779463BB78B343E0A364F4855867FF8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:b5:f2:1d:92:04:5d:06:61:f0:4c:8e:f7:6b:
73:be:a2:4a:3b:d2:5c:65:37:3c:72:e0:ce:04:29:
43:a1:db:8a:23:df:16:cd:dd:07:ae:33:77:e1:0f:
d9:e8:df:8b:d1:28:90:d6:8b:86:83:17:4e:9e:30:
44:39:95:63:2c:d2:31:70:bd:1f:f8:65:2f:f0:4f:
a6:5e:b0:d8:07:71:4a:d1:80:de:9a:c8:91:c3:5e:
d6:26:b0:df:72:31:c9:c1:6c:ff:fb:4a:53:ac:8c:
a5:79:b0:ae:71:50:9f:22:fe:30:43:e3:ab:da:e2:
10:90:09:c4:52:78:8c:f1:7e:5f:ee:67:ba:e9:f0:
c1:d5:2f:b8:b4:2f:37:6b:d7:d0:a2:1c:0d:56:34:
24:74:03:41:fe:a3:98:a4:fa:be:f3:68:9d:8e:db:
4e:7a:33:51:71:cf:fc:46:17:f5:28:e4:72:47:fc:
d2:1c:dc:fe:22:17:38:d3:c8:66:fe:8d:84:1e:b4:
c9:f0:89:bd:d9:ad:a3:9b:3c:9a:2c:24:51:82:a4:
aa:04:33:db:fa:60:3c:1a:f7:64:58:2d:dc:33:23:
ed:91:41:43:3f:1c:ab:fa:1f:c5:c0:a0:45:e2:f7:
38:ca:ce:78:a5:1b:aa:f5:78:f1:92:c9:1b:c0:f1:
88:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:43:EA:38:F7:79:46:3B:B7:8B:34:3E:0A:36:4F:48:55:86:7F:F8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OUPqOPd5Rju3izQ-CjZPSFWGf_g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
8e:54:5a:0c:60:75:6d:08:ab:dd:f4:3a:a7:13:26:67:40:31:
87:78:8b:7c:bf:c0:7f:90:49:d6:45:1d:4d:d2:0b:f2:ba:77:
d0:90:28:47:55:db:4e:54:2d:6f:63:e0:50:41:dc:1a:e7:30:
5f:73:44:dd:a8:84:9e:62:ce:53:4c:34:06:8d:03:a9:dc:30:
24:b7:d6:9a:93:cc:25:12:87:fd:44:04:ac:3f:79:ee:d2:96:
cf:52:9b:64:1c:e1:92:19:57:e9:81:b9:4a:61:54:d3:01:72:
a3:90:78:5b:41:6b:90:fa:ee:b3:57:14:1e:67:2d:d5:ab:54:
62:95:6d:17:ed:89:33:28:8b:5d:ba:99:fc:4e:02:5c:0b:91:
a9:92:1a:8b:2c:b3:0b:2d:aa:6b:82:b0:f4:03:c1:de:70:05:
b8:c3:80:50:e1:7f:7c:0d:91:58:51:c1:1a:f9:fd:34:91:13:
06:ff:08:1e:0c:0e:b3:88:ee:48:01:a4:71:2e:3e:9b:64:75:
89:11:51:06:ff:dd:04:51:d0:f8:a1:60:68:dc:40:ff:09:ea:
4e:54:c5:68:b4:40:72:b2:2e:57:28:dc:72:6c:5c:45:73:5e:
4a:7e:0f:7f:78:e6:d3:f0:15:fa:3c:1a:93:35:b6:9f:2f:87:
92:2c:8f:0c
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICRKswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAw
MzIzMDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM5NDNFQTM4Rjc3OTQ2
M0JCNzhCMzQzRTBBMzY0RjQ4NTU4NjdGRjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVtfIdkgRdBmHwTI73a3O+oko70lxlNzxy4M4EKUOh24oj3xbN
3QeuM3fhD9no34vRKJDWi4aDF06eMEQ5lWMs0jFwvR/4ZS/wT6ZesNgHcUrRgN6a
yJHDXtYmsN9yMcnBbP/7SlOsjKV5sK5xUJ8i/jBD46va4hCQCcRSeIzxfl/uZ7rp
8MHVL7i0Lzdr19CiHA1WNCR0A0H+o5ik+r7zaJ2O2056M1Fxz/xGF/Uo5HJH/NIc
3P4iFzjTyGb+jYQetMnwib3ZraObPJosJFGCpKoEM9v6YDwa92RYLdwzI+2RQUM/
HKv6H8XAoEXi9zjKznilG6r1ePGSyRvA8YhFAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUOUPqOPd5Rju3izQ+CjZPSFWGf/gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09VUHFPUGQ1Ump1M2l6
US1DalpQU0ZXR2ZfZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAI5UWgxgdW0Iq930OqcTJmdAMYd4i3y/
wH+QSdZFHU3SC/K6d9CQKEdV205ULW9j4FBB3BrnMF9zRN2ohJ5izlNMNAaNA6nc
MCS31pqTzCUSh/1EBKw/ee7Sls9Sm2Qc4ZIZV+mBuUphVNMBcqOQeFtBa5D67rNX
FB5nLdWrVGKVbRftiTMoi126mfxOAlwLkamSGossswstqmuCsPQDwd5wBbjDgFDh
f3wNkVhRwRr5/TSREwb/CB4MDrOI7kgBpHEuPptkdYkRUQb/3QRR0PihYGjcQP8J
6k5UxWi0QHKyLlco3HJsXEVzXkp+D3945tPwFfo8GpM1tp8vh5Isjww=
-----END CERTIFICATE-----
Generated at Sat Jun 21 00:53:56 2025 by rpki-client