Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WffmItU9Pz_xgQkNrLADtn7vEoI.roa
File: WffmItU9Pz_xgQkNrLADtn7vEoI.roa (raw, json)
Hash identifier: IHg4GiPtCBeOaKxXPGy0gIzxmnkmxRPJVIwarGkmEHI=
Subject key identifier: 59:F7:E6:22:D5:3D:3F:3F:F1:81:09:0D:AC:B0:03:B6:7E:EF:12:82
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 364F
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WffmItU9Pz_xgQkNrLADtn7vEoI.roa
Signing time: Sun 31 Mar 2024 23:52:11 +0000
ROA not before: Sun 31 Mar 2024 23:52:11 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13903 (0x364f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 23:52:11 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=59F7E622D53D3F3FF181090DACB003B67EEF1282
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:55:9e:93:92:51:e7:5c:29:b9:a0:62:71:c6:
08:6b:df:bb:e9:4d:b7:0f:b6:78:17:12:e0:17:64:
1c:b1:6f:bc:12:1e:ec:99:c1:96:be:62:83:56:b6:
b2:37:61:13:b6:77:c5:7a:81:89:f2:60:0f:0a:82:
e5:0b:f7:9c:7d:7f:ff:04:60:8a:13:88:a3:6d:84:
b3:62:ea:2e:c3:9d:13:a2:86:e4:05:16:04:4e:12:
ad:eb:bf:fc:90:0a:77:ef:21:a3:f4:14:e5:64:1d:
82:ba:19:42:ab:15:00:1a:ad:37:dc:eb:2f:78:99:
f0:51:ad:62:db:69:20:15:96:c1:91:5f:1b:0a:17:
39:30:04:0c:7f:d0:8b:ff:a9:46:ac:b5:76:d5:de:
60:3c:9a:8e:75:54:ae:2a:c5:73:7c:73:b3:2d:68:
e7:35:f1:4e:c2:22:6d:1c:73:45:00:e1:18:68:d4:
88:44:77:5f:52:d4:14:b4:97:8f:f6:5f:5b:ec:61:
33:de:9c:2e:7a:c8:94:cf:84:54:8a:f4:97:48:38:
cf:3a:b3:00:c7:c4:e0:0f:9a:70:1b:f5:38:d5:8f:
46:3e:21:d9:e0:35:04:45:bf:8f:6d:7e:ad:3d:4e:
f0:ad:e8:74:8f:40:58:3d:f0:3a:8a:22:99:47:98:
84:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:F7:E6:22:D5:3D:3F:3F:F1:81:09:0D:AC:B0:03:B6:7E:EF:12:82
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WffmItU9Pz_xgQkNrLADtn7vEoI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
82:a1:85:35:58:81:73:38:0a:72:7c:9e:8b:40:1e:44:52:10:
d0:0c:ca:9a:a0:08:f6:67:b4:29:15:21:fa:d3:45:4b:59:18:
92:0b:85:b8:c8:1e:e9:b3:c8:d3:b7:89:41:3c:a2:90:3c:7c:
a1:1b:a3:24:1a:f3:ea:7f:67:74:91:2f:bf:a3:fb:04:4a:8d:
07:e4:eb:ba:c5:26:4c:24:0c:af:d2:79:3a:8f:09:81:d4:24:
0f:c6:f0:12:0e:f6:a3:04:c9:68:18:bc:bd:3e:77:11:1c:60:
28:37:83:30:15:9b:bb:85:f7:f3:71:c7:ff:18:93:a7:9b:4a:
06:d5:53:9a:76:11:0a:73:45:ed:fa:c1:71:4f:27:c1:46:c4:
de:39:32:66:aa:16:58:03:52:f2:8b:4e:09:82:a9:a7:31:a5:
dd:e0:22:4b:03:40:eb:c2:0e:af:dc:9a:a2:60:68:8a:a5:cf:
2e:2e:d8:b9:50:ae:52:a0:53:d7:ea:ae:0e:46:8f:ad:bd:ce:
9a:ea:44:cf:43:f8:56:11:da:b1:4e:73:1d:dd:36:5b:6b:84:
32:31:87:3f:3b:8e:1b:46:fd:3b:c6:7a:52:bc:be:d8:b6:83:
a2:6e:66:75:a0:56:c2:09:01:ff:24:98:3e:0b:72:05:3b:66:
a0:47:dc:d5
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICNk8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEy
MzUyMTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU5RjdFNjIyRDUzRDNG
M0ZGMTgxMDkwREFDQjAwM0I2N0VFRjEyODIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqVZ6TklHnXCm5oGJxxghr37vpTbcPtngXEuAXZByxb7wSHuyZ
wZa+YoNWtrI3YRO2d8V6gYnyYA8KguUL95x9f/8EYIoTiKNthLNi6i7DnROihuQF
FgROEq3rv/yQCnfvIaP0FOVkHYK6GUKrFQAarTfc6y94mfBRrWLbaSAVlsGRXxsK
FzkwBAx/0Iv/qUastXbV3mA8mo51VK4qxXN8c7MtaOc18U7CIm0cc0UA4Rho1IhE
d19S1BS0l4/2X1vsYTPenC56yJTPhFSK9JdIOM86swDHxOAPmnAb9TjVj0Y+Idng
NQRFv49tfq09TvCt6HSPQFg98DqKIplHmIQrAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUWffmItU9Pz/xgQkNrLADtn7vEoIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dmZm1JdFU5UHpfeGdR
a05yTEFEdG43dkVvSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBAIKhhTVYgXM4CnJ8notAHkRSENAMypqg
CPZntCkVIfrTRUtZGJILhbjIHumzyNO3iUE8opA8fKEboyQa8+p/Z3SRL7+j+wRK
jQfk67rFJkwkDK/SeTqPCYHUJA/G8BIO9qMEyWgYvL0+dxEcYCg3gzAVm7uF9/Nx
x/8Yk6ebSgbVU5p2EQpzRe36wXFPJ8FGxN45MmaqFlgDUvKLTgmCqacxpd3gIksD
QOvCDq/cmqJgaIqlzy4u2LlQrlKgU9fqrg5Gj629zprqRM9D+FYR2rFOcx3dNltr
hDIxhz87jhtG/TvGelK8vti2g6JuZnWgVsIJAf8kmD4LcgU7ZqBH3NU=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:29:54 2025 by rpki-client