Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RntnISeZC2fwE3N2SF_vKrmIxc0.roa
File: RntnISeZC2fwE3N2SF_vKrmIxc0.roa (raw, json)
Hash identifier: 4GCfpv5iSdiMqRAZt2OU6WOaNs/b0Rq+kT1TWv1eM24=
Subject key identifier: 46:7B:67:21:27:99:0B:67:F0:13:73:76:48:5F:EF:2A:B9:88:C5:CD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4B73
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RntnISeZC2fwE3N2SF_vKrmIxc0.roa
Signing time: Mon 29 Apr 2024 04:23:28 +0000
ROA not before: Mon 29 Apr 2024 04:23:28 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19315 (0x4b73)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 04:23:28 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=467B672127990B67F0137376485FEF2AB988C5CD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:af:7a:31:af:89:c5:fa:a0:81:ed:9a:50:32:
77:1e:75:67:9d:cf:93:a7:da:db:11:87:a9:b3:b3:
15:1e:2b:11:66:d2:31:d2:8b:2d:ca:55:8c:77:ca:
ab:8c:e0:cb:39:bc:6b:f8:f6:b8:64:95:17:1b:e1:
56:f3:5c:6f:4a:73:3c:c7:3d:a3:95:de:7a:7f:68:
53:24:31:d8:68:47:f0:a1:b4:d9:c8:43:9e:38:a1:
60:5c:db:ef:5c:b9:cf:3b:c4:7c:95:9a:a7:4b:91:
a6:1b:a8:5a:8b:06:d8:f2:26:d7:c8:14:9a:59:91:
c5:e8:aa:d9:40:77:31:2e:79:b2:ab:69:55:f1:6e:
95:d8:16:35:93:3c:f0:a2:68:58:90:7a:98:a2:96:
11:c1:a4:3f:e9:ad:fb:8e:1a:48:96:33:22:a4:bb:
a6:56:c8:dc:47:e0:51:5c:11:19:c9:1c:6b:db:90:
16:73:1a:9d:9f:44:3a:05:1b:d7:59:c1:96:15:2c:
06:a5:51:53:48:27:45:34:07:a4:d2:59:22:94:81:
fc:d1:ea:ab:08:91:92:b4:5a:77:9d:ee:9e:25:3f:
df:f4:2b:10:73:87:b9:2e:0e:79:70:41:1e:44:5b:
1a:e6:2d:cb:56:ad:62:67:f0:bc:95:69:7e:7e:b7:
93:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:7B:67:21:27:99:0B:67:F0:13:73:76:48:5F:EF:2A:B9:88:C5:CD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RntnISeZC2fwE3N2SF_vKrmIxc0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
8e:9f:61:e8:25:61:33:da:6a:64:2c:27:5b:11:02:d5:7d:a7:
a5:85:d2:0d:63:c4:58:83:b0:1d:79:fc:90:bf:84:7b:72:50:
8d:12:0c:1f:d5:ca:f3:9f:85:45:87:51:61:7b:27:3a:c2:cf:
c8:44:d0:43:4b:98:54:5c:d2:93:f1:ab:51:95:f5:34:0f:56:
d5:37:90:c1:e0:1b:fc:80:41:16:84:92:0c:f8:e8:3b:47:7d:
95:83:e2:3a:9d:6d:66:18:dd:16:c2:36:32:57:18:24:8f:33:
33:9b:06:3e:75:f7:0a:f4:21:40:fd:e1:05:c0:44:b2:72:7b:
ca:7a:5b:47:4a:66:c1:e4:80:dc:44:fb:6d:66:4c:f4:44:c4:
49:dd:3e:2e:44:a9:46:bf:05:97:4f:35:1e:a7:44:07:5f:2b:
eb:83:be:6b:6a:c9:eb:59:19:8b:8c:55:5c:d1:ac:c7:8f:e4:
98:6e:e2:09:5c:b8:1e:20:1e:88:c2:7d:9a:e2:e5:bc:bf:8c:
bc:82:33:98:7c:c0:a5:4c:74:13:bb:24:92:52:32:59:2a:c9:
64:b1:0c:23:f6:b5:8a:40:42:8d:08:e2:92:ac:fc:64:13:c2:
19:98:99:22:96:27:5d:91:80:57:a3:97:3d:4a:7f:02:44:93:
85:a9:98:03
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICS3MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjkw
NDIzMjhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ2N0I2NzIxMjc5OTBC
NjdGMDEzNzM3NjQ4NUZFRjJBQjk4OEM1Q0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/r3oxr4nF+qCB7ZpQMncedWedz5On2tsRh6mzsxUeKxFm0jHS
iy3KVYx3yquM4Ms5vGv49rhklRcb4VbzXG9KczzHPaOV3np/aFMkMdhoR/ChtNnI
Q544oWBc2+9cuc87xHyVmqdLkaYbqFqLBtjyJtfIFJpZkcXoqtlAdzEuebKraVXx
bpXYFjWTPPCiaFiQepiilhHBpD/prfuOGkiWMyKku6ZWyNxH4FFcERnJHGvbkBZz
Gp2fRDoFG9dZwZYVLAalUVNIJ0U0B6TSWSKUgfzR6qsIkZK0Wned7p4lP9/0KxBz
h7kuDnlwQR5EWxrmLctWrWJn8LyVaX5+t5M3AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQURntnISeZC2fwE3N2SF/vKrmIxc0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JudG5JU2VaQzJmd0Uz
TjJTRl92S3JtSXhjMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAI6fYeglYTPaamQsJ1sRAtV9p6WF0g1j
xFiDsB15/JC/hHtyUI0SDB/VyvOfhUWHUWF7JzrCz8hE0ENLmFRc0pPxq1GV9TQP
VtU3kMHgG/yAQRaEkgz46DtHfZWD4jqdbWYY3RbCNjJXGCSPMzObBj519wr0IUD9
4QXARLJye8p6W0dKZsHkgNxE+21mTPRExEndPi5EqUa/BZdPNR6nRAdfK+uDvmtq
yetZGYuMVVzRrMeP5Jhu4glcuB4gHojCfZri5by/jLyCM5h8wKVMdBO7JJJSMlkq
yWSxDCP2tYpAQo0I4pKs/GQTwhmYmSKWJ12RgFejlz1KfwJEk4WpmAM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 12:34:17 2025 by rpki-client