Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/R7mJ07qO44a58pY6UOHpz3xNbW4.roa
File: R7mJ07qO44a58pY6UOHpz3xNbW4.roa (raw, json)
Hash identifier: /dMp17ZLB5vxcskzHCR+9T4Q5GCPNuam2AhxbH5JgAM=
Subject key identifier: 47:B9:89:D3:BA:8E:E3:86:B9:F2:96:3A:50:E1:E9:CF:7C:4D:6D:6E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3CAF
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/R7mJ07qO44a58pY6UOHpz3xNbW4.roa
Signing time: Tue 09 Apr 2024 11:52:38 +0000
ROA not before: Tue 09 Apr 2024 11:52:38 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15535 (0x3caf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 9 11:52:38 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=47B989D3BA8EE386B9F2963A50E1E9CF7C4D6D6E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:d5:38:2c:13:1b:66:12:79:e5:79:02:c7:52:
53:85:07:99:4d:7d:63:c8:91:1d:37:ae:fb:ad:65:
4b:5f:33:90:9e:1e:7e:72:72:cc:24:35:0f:ff:40:
f1:6c:61:52:fc:f2:cf:c2:4d:1e:bd:9c:cf:21:4c:
1d:18:d9:95:d7:9a:e0:fb:93:74:14:76:f2:f8:31:
7a:31:f1:ec:6f:28:64:d8:a3:47:68:2a:68:34:e8:
74:ee:8a:45:9b:4e:fc:cc:59:7d:64:af:95:1a:96:
c1:b3:58:82:5b:65:96:67:e0:33:62:b7:a4:8e:7b:
54:c4:15:88:22:4b:60:80:98:69:5a:d7:19:9e:53:
f2:20:e4:0d:75:83:fb:42:c7:58:da:d7:5f:1c:7a:
b7:03:53:bc:b6:e6:61:b9:fc:27:77:ac:6f:8e:fd:
59:1d:01:75:7f:9f:7f:29:f5:1b:58:5d:c4:b8:d6:
c1:29:73:24:71:86:67:41:a8:00:cd:04:26:ac:a0:
e0:14:76:b9:6f:38:c1:80:45:45:6e:96:12:2b:e6:
b6:a2:fe:95:82:67:c7:73:fd:5e:3f:f1:3b:d9:2c:
79:ad:71:0c:c0:ed:44:60:bd:b4:2c:a0:a8:9e:65:
d3:05:0c:e6:d5:37:24:61:53:37:00:1e:0b:e9:31:
18:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:B9:89:D3:BA:8E:E3:86:B9:F2:96:3A:50:E1:E9:CF:7C:4D:6D:6E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/R7mJ07qO44a58pY6UOHpz3xNbW4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
30:27:ae:13:a7:77:72:b6:66:7d:6f:27:24:48:9e:8d:d1:6e:
81:7d:0d:cb:c5:86:41:90:58:50:18:6b:8c:ca:70:96:72:6f:
b2:b7:ca:ad:cd:9c:90:79:18:ee:d2:d4:df:f7:60:9e:d3:b8:
9a:7f:79:84:41:9d:1c:a2:8e:96:cc:8b:4a:29:54:d0:59:14:
f4:38:1b:7f:38:2d:19:9d:67:83:d6:1c:63:5d:1d:a9:46:11:
fe:3d:72:40:aa:ca:34:81:9a:5e:d7:b8:60:ee:2d:2b:b6:cd:
6f:d6:c5:61:07:72:f0:32:d7:e3:fd:25:18:02:26:ee:ae:be:
11:a4:02:ec:be:5a:b8:14:0f:7f:1f:40:30:04:be:0b:fc:59:
a7:36:4a:6e:41:43:8c:d5:6c:de:40:dd:1a:73:26:bd:0c:6d:
f0:22:56:f1:af:46:52:a5:9e:09:39:29:40:e3:18:c8:48:38:
08:ba:3d:10:7b:a6:63:76:9f:f0:fe:5e:e1:df:a6:8d:cf:8d:
bc:86:60:91:67:1b:52:9c:1e:84:e8:42:e1:e0:88:d1:c5:e8:
f2:b9:0e:56:7c:9d:23:b6:f2:4e:73:c6:b8:ca:0b:bc:55:5f:
d6:a4:1c:d2:cb:a8:08:a3:f2:78:5a:b9:59:54:24:e8:1e:05:
e6:8d:64:e1
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICPK8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDkx
MTUyMzhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ3Qjk4OUQzQkE4RUUz
ODZCOUYyOTYzQTUwRTFFOUNGN0M0RDZENkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+1TgsExtmEnnleQLHUlOFB5lNfWPIkR03rvutZUtfM5CeHn5y
cswkNQ//QPFsYVL88s/CTR69nM8hTB0Y2ZXXmuD7k3QUdvL4MXox8exvKGTYo0do
Kmg06HTuikWbTvzMWX1kr5UalsGzWIJbZZZn4DNit6SOe1TEFYgiS2CAmGla1xme
U/Ig5A11g/tCx1ja118cercDU7y25mG5/Cd3rG+O/VkdAXV/n38p9RtYXcS41sEp
cyRxhmdBqADNBCasoOAUdrlvOMGARUVulhIr5rai/pWCZ8dz/V4/8TvZLHmtcQzA
7URgvbQsoKieZdMFDObVNyRhUzcAHgvpMRgRAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUR7mJ07qO44a58pY6UOHpz3xNbW4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1I3bUowN3FPNDRhNThw
WTZVT0hwejN4TmJXNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBADAnrhOnd3K2Zn1vJyRIno3RboF9DcvF
hkGQWFAYa4zKcJZyb7K3yq3NnJB5GO7S1N/3YJ7TuJp/eYRBnRyijpbMi0opVNBZ
FPQ4G384LRmdZ4PWHGNdHalGEf49ckCqyjSBml7XuGDuLSu2zW/WxWEHcvAy1+P9
JRgCJu6uvhGkAuy+WrgUD38fQDAEvgv8Wac2Sm5BQ4zVbN5A3RpzJr0MbfAiVvGv
RlKlngk5KUDjGMhIOAi6PRB7pmN2n/D+XuHfpo3PjbyGYJFnG1KcHoToQuHgiNHF
6PK5DlZ8nSO28k5zxrjKC7xVX9akHNLLqAij8nhauVlUJOgeBeaNZOE=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:20:43 2025 by rpki-client