Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PbBHAU7tImYvCHSkoygQG3LcB00.roa
File: PbBHAU7tImYvCHSkoygQG3LcB00.roa (raw, json)
Hash identifier: VZnXqfY/OCAzyxd3wERrF2n7ywKcdM+OMkLq77UtWkk=
Subject key identifier: 3D:B0:47:01:4E:ED:22:66:2F:08:74:A4:A3:28:10:1B:72:DC:07:4D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 47B3
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PbBHAU7tImYvCHSkoygQG3LcB00.roa
Signing time: Wed 24 Apr 2024 04:23:22 +0000
ROA not before: Wed 24 Apr 2024 04:23:22 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18355 (0x47b3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 04:23:22 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3DB047014EED22662F0874A4A328101B72DC074D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:30:00:26:49:f8:48:30:db:fe:ab:09:01:f5:
64:44:41:6f:b1:2e:c9:62:89:80:f0:6c:b9:f8:fc:
5c:fa:fa:c2:63:d2:1f:89:6f:54:28:05:8a:b8:16:
24:01:1d:77:e5:8e:29:80:f5:a7:07:47:3f:78:e2:
b9:4e:d7:d7:cf:10:3e:5f:c4:8a:6b:03:2c:97:a7:
7d:a7:93:30:51:46:13:b9:c1:43:f1:0d:f8:bb:93:
15:58:46:ae:a4:d1:03:ed:2c:28:d2:b1:ee:ec:61:
91:9e:57:17:f5:93:b1:a5:1d:41:73:a1:33:43:02:
45:82:74:53:e8:97:07:66:6c:57:19:5c:d8:b4:26:
e9:bf:de:96:42:60:96:48:75:30:8b:33:cd:d0:a6:
01:80:e9:c2:29:d5:46:db:02:96:78:7d:e2:6f:81:
8c:74:94:61:f8:25:57:ae:b4:dc:5e:e8:c5:dc:58:
f4:80:21:d9:9a:53:3b:a9:4e:43:59:bd:a6:72:77:
10:41:71:c6:cc:d9:fd:d7:51:cc:2b:b3:9a:68:9d:
cf:74:f9:85:f8:9f:e2:63:15:bc:7e:91:44:d6:24:
53:ca:3d:05:5e:f5:c6:44:20:e9:99:3f:e6:fd:a8:
a9:cb:f9:d3:eb:35:b8:d9:57:41:f9:c8:83:33:8a:
8a:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:B0:47:01:4E:ED:22:66:2F:08:74:A4:A3:28:10:1B:72:DC:07:4D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PbBHAU7tImYvCHSkoygQG3LcB00.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
3b:c1:5d:e0:eb:4d:64:7e:74:5b:9c:7f:77:93:80:66:d4:10:
8c:5b:6a:20:4d:43:c9:8c:f5:10:83:64:e1:ba:94:93:3d:76:
95:7c:c2:20:e3:fc:c9:2a:3a:9e:21:fc:5b:b5:ab:a5:32:53:
be:e5:bd:23:f0:b0:93:75:74:4d:d5:e0:3c:b8:2b:a2:01:74:
32:40:10:8f:c9:ec:07:de:5b:16:4b:af:52:06:db:ae:e8:79:
4d:08:90:04:02:2d:fd:ca:fb:c1:c7:d7:04:70:86:ff:fb:48:
2d:d4:3e:7d:ba:ae:c3:aa:1d:e7:61:5b:48:27:a9:9e:67:eb:
06:eb:b3:3b:46:8f:f8:5f:28:c5:7c:02:fc:45:97:54:c4:35:
e5:3e:47:82:65:9b:40:a7:4d:b7:15:84:b4:b7:38:10:5c:41:
ea:9a:92:e7:84:9e:3f:74:6d:71:56:5a:d1:09:3a:ac:81:80:
88:e0:29:45:e7:eb:db:ff:21:c1:92:6a:d8:e8:43:b8:4c:dc:
5e:e2:37:04:f8:97:6e:a9:a7:f2:21:ec:19:92:1d:be:d6:6a:
c5:95:ab:83:42:09:02:08:df:18:81:26:c1:49:47:86:a2:c2:
e7:6f:c6:0a:4c:3c:b5:c2:46:61:79:f8:1a:a5:0a:18:72:69:
3d:73:20:6b
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICR7MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQw
NDIzMjJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNEQjA0NzAxNEVFRDIy
NjYyRjA4NzRBNEEzMjgxMDFCNzJEQzA3NEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRMAAmSfhIMNv+qwkB9WREQW+xLsliiYDwbLn4/Fz6+sJj0h+J
b1QoBYq4FiQBHXfljimA9acHRz944rlO19fPED5fxIprAyyXp32nkzBRRhO5wUPx
Dfi7kxVYRq6k0QPtLCjSse7sYZGeVxf1k7GlHUFzoTNDAkWCdFPolwdmbFcZXNi0
Jum/3pZCYJZIdTCLM83QpgGA6cIp1UbbApZ4feJvgYx0lGH4JVeutNxe6MXcWPSA
IdmaUzupTkNZvaZydxBBccbM2f3XUcwrs5ponc90+YX4n+JjFbx+kUTWJFPKPQVe
9cZEIOmZP+b9qKnL+dPrNbjZV0H5yIMzioqzAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUPbBHAU7tImYvCHSkoygQG3LcB00wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BiQkhBVTd0SW1ZdkNI
U2tveWdRRzNMY0IwMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADvBXeDrTWR+dFucf3eTgGbUEIxbaiBN
Q8mM9RCDZOG6lJM9dpV8wiDj/MkqOp4h/Fu1q6UyU77lvSPwsJN1dE3V4Dy4K6IB
dDJAEI/J7AfeWxZLr1IG267oeU0IkAQCLf3K+8HH1wRwhv/7SC3UPn26rsOqHedh
W0gnqZ5n6wbrsztGj/hfKMV8AvxFl1TENeU+R4Jlm0CnTbcVhLS3OBBcQeqakueE
nj90bXFWWtEJOqyBgIjgKUXn69v/IcGSatjoQ7hM3F7iNwT4l26pp/Ih7BmSHb7W
asWVq4NCCQII3xiBJsFJR4aiwudvxgpMPLXCRmF5+BqlChhyaT1zIGs=
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:12:00 2025 by rpki-client